Skip to content
Permalink
Browse files

add honeypot for spam protection

closes #398
  • Loading branch information...
marcelb98 committed Mar 15, 2019
1 parent f1995ee commit 3384f049ed8877475c3c04c41d59b6a041d71b80
Showing with 23 additions and 4 deletions.
  1. +18 −3 sipa/forms.py
  2. +5 −1 sipa/static/css/style.css
@@ -71,8 +71,23 @@ def __call__(self, *args, **kwargs):
return super().__call__(
*args, readonly=True, **kwargs)

class SpamCheckField(StringField):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

class ContactForm(FlaskForm):
def __call__(self, *args, **kwargs):
c = kwargs.pop('class', '') or kwargs.pop('class_', '')
kwargs['class'] = u'%s %s' % ('honey', c)
kwargs['autocomplete'] = 'off'
return super().__call__(*args, **kwargs)

class SpamProtectedForm(FlaskForm):
# Adds a honypot for bots to the form.
# This field must not be filled out to submit the form.
# We're using 'website' as the field-name since we won't give bots a hint.
website = SpamCheckField(label="", validators=[Length(0,0,"You seem to like honey.")])

class ContactForm(SpamProtectedForm):
email = ReadonlyStringField(
label=lazy_gettext("Deine E-Mail-Adresse"),
validators=[Email(lazy_gettext("E-Mail ist nicht in gültigem "
@@ -92,7 +107,7 @@ class ContactForm(FlaskForm):
])


class AnonymousContactForm(FlaskForm):
class AnonymousContactForm(SpamProtectedForm):
email = StrippedStringField(
label=lazy_gettext("Deine E-Mail-Adresse"),
validators=[Email(lazy_gettext("E-Mail ist nicht "
@@ -114,7 +129,7 @@ class AnonymousContactForm(FlaskForm):
])


class OfficialContactForm(FlaskForm):
class OfficialContactForm(SpamProtectedForm):
email = StrippedStringField(
label=lazy_gettext("E-Mail-Adresse"),
validators=[Email(lazy_gettext("E-Mail ist nicht "
@@ -155,4 +155,8 @@ img[alt=software_logo] {

#hints div {
margin-bottom: 10px;
}
}

.honey {
display: none;
}

0 comments on commit 3384f04

Please sign in to comment.
You can’t perform that action at this time.