use honeypot only for contact forms (not for api)
authorJan Szejko <jan.szejko@gmail.com>
Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
committerJan Szejko <jan.szejko@gmail.com>
Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
contact/templates/contact/form.html
contact/views.py
edumed/settings/middleware.py

index a9741f1..584629a 100644 (file)
@@ -1,5 +1,6 @@
 {% extends form.base_template|default:"base.html" %}
 {% load chunks %}
 {% extends form.base_template|default:"base.html" %}
 {% load chunks %}
+{% load honeypot %}
 
 {% block title %}{{ form.form_title }}{% endblock %}
 
 
 {% block title %}{{ form.form_title }}{% endblock %}
 
@@ -15,6 +16,7 @@
 
     <form method="POST" action="." enctype="multipart/form-data" class="submit-form">
     {% csrf_token %}
 
     <form method="POST" action="." enctype="multipart/form-data" class="submit-form">
     {% csrf_token %}
+    {% render_honeypot_field %}
     <table>
         {{ form.as_table }}
         <tr><td></td><td><button>{% block contact_form_submit %}{{ form.submit_label }}{% endblock %}</button></td></tr>
     <table>
         {{ form.as_table }}
         <tr><td></td><td><button>{% block contact_form_submit %}{{ form.submit_label }}{% endblock %}</button></td></tr>
index e52b6b2..b9a411f 100644 (file)
@@ -5,10 +5,13 @@ from django.contrib.auth.decorators import permission_required
 from django.http import Http404
 from django.shortcuts import get_object_or_404, redirect, render
 from fnpdjango.utils.views import serve_file
 from django.http import Http404
 from django.shortcuts import get_object_or_404, redirect, render
 from fnpdjango.utils.views import serve_file
+from honeypot.decorators import check_honeypot
+
 from .forms import contact_forms
 from .models import Attachment
 
 
 from .forms import contact_forms
 from .models import Attachment
 
 
+@check_honeypot
 def form(request, form_tag, force_enabled=False):
     try:
         form_class = contact_forms[form_tag]
 def form(request, form_tag, force_enabled=False):
     try:
         form_class = contact_forms[form_tag]
index 15ab189..3dc3278 100644 (file)
@@ -10,7 +10,6 @@ MIDDLEWARE_CLASSES = process_app_deps((
 
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
 
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
-    'honeypot.middleware.HoneypotMiddleware',
     ('django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth'),
     ('django_cas.middleware.CASMiddleware', 'django_cas'),
     ('django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages'),
     ('django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth'),
     ('django_cas.middleware.CASMiddleware', 'django_cas'),
     ('django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages'),