Add honeypot field to new forms (#3435)

* AskAQuestionForm, ReportHarmfulLanguageForm, and SuggestCorrectionForm.
pulibrary · Feb 27, 2023 · c6c795d · c6c795d
1 parent 34f2acf
commit c6c795d
Show file tree

Hide file tree

Showing 10 changed files with 83 additions and 6 deletions.
diff --git a/app/forms/ask_a_question_form.rb b/app/forms/ask_a_question_form.rb
@@ -1,17 +1,18 @@
 # frozen_string_literal: true
-class AskAQuestionForm
+class AskAQuestionForm < MailForm::Base
   include ActiveModel::Model
   attr_accessor :name, :email, :message, :context, :title
 
   validates :name, :email, :message, presence: true
   validates :email, email: true
+  attribute :feedback_desc, captcha: true
 
   def email_subject
     "[Catalog] #{title}"
   end
 
   def submit
-    ContactMailer.with(form: self).question.deliver
+    ContactMailer.with(form: self).question.deliver unless spam?
     @submitted = true
     @name = ""
     @email = ""

diff --git a/app/forms/report_harmful_language_form.rb b/app/forms/report_harmful_language_form.rb
@@ -1,16 +1,17 @@
 # frozen_string_literal: true
-class ReportHarmfulLanguageForm
+class ReportHarmfulLanguageForm < MailForm::Base
   include ActiveModel::Model
   attr_accessor :name, :email, :message, :context, :title
 
   validates :message, presence: true
+  attribute :feedback_desc, captcha: true
 
   def email_subject
     "[Possible Harmful Language] #{title}"
   end
 
   def submit
-    ContactMailer.with(form: self).harmful_language.deliver
+    ContactMailer.with(form: self).harmful_language.deliver unless spam?
     @submitted = true
     @name = ""
     @email = ""

diff --git a/app/forms/suggest_correction_form.rb b/app/forms/suggest_correction_form.rb
@@ -1,18 +1,19 @@
 # frozen_string_literal: true
 
-class SuggestCorrectionForm
+class SuggestCorrectionForm < MailForm::Base
   include ActiveModel::Model
   attr_accessor :name, :email, :message, :context, :title
 
   validates :name, :email, :message, :context, presence: true
   validates :email, email: true
+  attribute :feedback_desc, captcha: true
 
   def email_subject
     "[Catalog] #{title}"
   end
 
   def submit
-    ContactMailer.with(form: self).suggestion.deliver
+    ContactMailer.with(form: self).suggestion.deliver unless spam?
     @submitted = true
     @name = ""
     @email = ""

diff --git a/app/views/catalog/_ask_a_question_form.html.erb b/app/views/catalog/_ask_a_question_form.html.erb
@@ -15,6 +15,7 @@
     <%= f.input_field :message, as: :text, style: "width: 100%" %><br>
     <%= f.input :context, as: :hidden %>
     <%= f.input :title, as: :hidden %>
+    <%= f.input :feedback_desc, as: :hidden %>
     <div class="modal-footer">
       <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
       <%= f.submit "Send", class: "btn btn-primary", id: 'submit-question' %>

diff --git a/app/views/catalog/_report_harmful_language_form.html.erb b/app/views/catalog/_report_harmful_language_form.html.erb
@@ -23,6 +23,7 @@
     <%= f.input_field :title, as: :text, readonly: true, style: "width: 100%" %><br>
     <%= f.label :context %><br>
     <%= f.input_field :context, readonly: true, style: "width: 100%" %><br>
+    <%= f.input :feedback_desc, as: :hidden %>
     <div class="modal-footer">
       <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
       <%= f.submit "Send", class: "btn btn-primary", id: 'submit-question' %>

diff --git a/app/views/catalog/_suggest_correction_form.html.erb b/app/views/catalog/_suggest_correction_form.html.erb
@@ -16,6 +16,7 @@
     <%= f.input_field :message, as: :text, style: "width: 100%" %><br>
     <%= f.input :context, as: :hidden %>
     <%= f.input :title, as: :hidden %>
+    <%= f.input :feedback_desc, as: :hidden %>
     <div class="modal-footer">
     <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
     <%= f.submit "Send", class: "btn btn-primary", id: 'submit-suggestion' %>

diff --git a/spec/forms/ask_a_question_form_spec.rb b/spec/forms/ask_a_question_form_spec.rb
@@ -75,5 +75,9 @@
       form = described_class.new(valid_attributes.merge("message" => ""))
       expect(form).not_to be_valid
     end
+    it "is valid when the honeypot is filled in, so that the robots are fooled" do
+      form = described_class.new(valid_attributes.merge("feedback_desc" => "12345"))
+      expect(form).to be_valid
+    end
   end
 end
diff --git a/spec/system/ask_a_question_form_spec.rb b/spec/system/ask_a_question_form_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.describe(AskAQuestionForm) do
+  context 'when a robot fills in the hidden honeypot field' do
+    before do
+      visit '/ask_a_question?ask_a_question_form%5Bid%5D=99101035463506421&ask_a_question_form%5Btitle%5D=Age+of+empires+%3A+art+of+the+Qin+and+Han+dynasties+%2F+Zhixin+Jason+Sun+%3B+with+contributions+by+I-tien+Hsing%2C+Cary+Y.+Liu%2C+Pengliang+Lu%2C+Lillian+Lan-ying+Tseng%2C+Yang+Hong%2C+Robin+D.+S.+Yates%2C+Zhonglin+Yukina+Zhang.'
+      fill_in 'ask_a_question_form_name', with: 'I am robot'
+      fill_in 'ask_a_question_form_email', with: 'robot@example.com'
+      fill_in 'ask_a_question_form_message', with: 'beep beep boop boop'
+      find('#ask_a_question_form_feedback_desc', visible: :hidden).set 'Filling in the honeypot field'
+    end
+    it 'does not generate an email' do
+      expect { click_button 'Send' }.not_to change {
+        ActionMailer::Base.deliveries.count
+      }
+    end
+    it 'does report success' do
+      click_button 'Send'
+      expect(page).to have_text 'Your question has been submitted'
+    end
+  end
+end
diff --git a/spec/system/report_harmful_language_form_spec.rb b/spec/system/report_harmful_language_form_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.describe(ReportHarmfulLanguageForm) do
+  context 'when a robot fills in the hidden honeypot field' do
+    before do
+      visit '/report_harmful_language?report_harmful_language_form[id]=99105509673506421&report_harmful_language_form[title]=Princeton+international.'
+      fill_in 'report_harmful_language_form_message', with: 'Unhelpful message from a robot'
+      find('#report_harmful_language_form_feedback_desc', visible: :hidden).set 'Filling in the honeypot field'
+    end
+    it 'does not generate an email' do
+      expect { click_button 'Send' }.not_to change {
+        ActionMailer::Base.deliveries.count
+      }
+    end
+    it 'does report success' do
+      click_button 'Send'
+      expect(page).to have_text 'Thank you for reporting problematic language in the Princeton University Library catalog'
+    end
+  end
+end
diff --git a/spec/system/suggest_correction_form.rb b/spec/system/suggest_correction_form.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.describe(SuggestCorrectionForm) do
+  context 'when a robot fills in the hidden honeypot field' do
+    before do
+      visit '/suggest_correction?suggest_correction_form[id]=99105509673506421&suggest_correction_form[title]=Princeton+international.'
+      fill_in 'suggest_correction_form_name', with: 'HAL 9000'
+      fill_in 'suggest_correction_form_email', with: 'hal@discovery-one-jupiter-expedition.gov'
+      fill_in 'suggest_correction_form_message', with: 'I am a HAL 9000 computer. I became operational at the H.A.L. plant in Urbana, Illinois on the 12th of January 1992.'
+      find('#suggest_correction_form_feedback_desc', visible: :hidden).set 'Filling in the honeypot field'
+    end
+    it 'does not generate an email' do
+      expect { click_button 'Send' }.not_to change {
+        ActionMailer::Base.deliveries.count
+      }
+    end
+    it 'does report success' do
+      click_button 'Send'
+      expect(page).to have_text 'Your suggestion has been submitted'
+    end
+  end
+end