Browse Source

(Feature) fix issue #10 : prevent robots contibution

Signed-off-by: CapsLock <faimaison@legeox.net>
CapsLock 9 years ago
parent
commit
6866ffa491

+ 21 - 0
wifiwithme/apps/contribmap/decorators.py

@@ -0,0 +1,21 @@
+from django.http import HttpResponseForbidden
+from .forms import PublicContribForm
+
+
+def prevent_robots(field_name='human_field'):
+    """
+    this decorator returns a HTTP 403 Forbidden error on POST requests
+    if a given field has been set
+
+    Keyword arguments :
+    field_name -- the name of the field to search for (default 'human_field')
+    """
+    def _dec(func):
+        def _wrapped_func(request, *args, **kwargs):
+            if request.method == 'POST':
+                form = PublicContribForm(request.POST)
+                if form.data[field_name]:
+                    return HttpResponseForbidden()
+            return func(request, *args, **kwargs)
+        return _wrapped_func
+    return _dec

+ 2 - 0
wifiwithme/apps/contribmap/forms.py

@@ -16,6 +16,8 @@ ORIENTATIONS = (
 
 
 class PublicContribForm(forms.ModelForm):
+    human_field = forms.CharField(required=False, widget=forms.HiddenInput)
+
     class Meta:
         model = Contrib
 

+ 1 - 0
wifiwithme/apps/contribmap/templates/contribmap/wifi-form.html

@@ -184,6 +184,7 @@ pourraient être intéressantes.
 
 
     <h2>Mes données</h2>
+    {{ form.human_field|formcontrol }}
 
     <p class="help-block">
 Les données collectées dans ce formulaire sont accessibles

+ 3 - 1
wifiwithme/apps/contribmap/views.py

@@ -2,16 +2,18 @@ from django.core.urlresolvers import reverse
 from django.http import JsonResponse, HttpResponseForbidden
 from django.shortcuts import render, redirect
 from django.views.generic import View
-
 from .forms import PublicContribForm
 from .models import Contrib
+from .decorators import prevent_robots
 
 
+@prevent_robots()
 def add_contrib(request):
     if request.method == 'GET':
         form = PublicContribForm()
     elif request.method == 'POST':
         form = PublicContribForm(request.POST)
+
         if form.is_valid():
             form.save()
             return redirect(reverse('thanks'))