use honeypot only for contact forms (not for api)

author Jan Szejko <jan.szejko@gmail.com>

Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)

committer Jan Szejko <jan.szejko@gmail.com>

Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
author Jan Szejko <jan.szejko@gmail.com>
Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
committer Jan Szejko <jan.szejko@gmail.com>
Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
diff --git a/contact/templates/contact/form.html b/contact/templates/contact/form.html

index a9741f1..584629a 100644 (file)
--- a/contact/templates/contact/form.html
+++ b/contact/templates/contact/form.html
@@ -1,5 +1,6 @@
  {% extends form.base_template|default:"base.html" %}
  {% load chunks %}
  {% extends form.base_template|default:"base.html" %}
  {% load chunks %}
+{% load honeypot %}
  
  {% block title %}{{ form.form_title }}{% endblock %}
  
  
  {% block title %}{{ form.form_title }}{% endblock %}
  
@@ -15,6 +16,7 @@
  
      <form method="POST" action="." enctype="multipart/form-data" class="submit-form">
      {% csrf_token %}
  
      <form method="POST" action="." enctype="multipart/form-data" class="submit-form">
      {% csrf_token %}
+    {% render_honeypot_field %}
      <table>
          {{ form.as_table }}
          <tr><td></td><td><button>{% block contact_form_submit %}{{ form.submit_label }}{% endblock %}</button></td></tr>
      <table>
          {{ form.as_table }}
          <tr><td></td><td><button>{% block contact_form_submit %}{{ form.submit_label }}{% endblock %}</button></td></tr>
diff --git a/contact/views.py b/contact/views.py

index e52b6b2..b9a411f 100644 (file)
--- a/contact/views.py
+++ b/contact/views.py
@@ -5,10 +5,13 @@ from django.contrib.auth.decorators import permission_required
  from django.http import Http404
  from django.shortcuts import get_object_or_404, redirect, render
  from fnpdjango.utils.views import serve_file
  from django.http import Http404
  from django.shortcuts import get_object_or_404, redirect, render
  from fnpdjango.utils.views import serve_file
+from honeypot.decorators import check_honeypot
+
  from .forms import contact_forms
  from .models import Attachment
  
  
  from .forms import contact_forms
  from .models import Attachment
  
  
+@check_honeypot
  def form(request, form_tag, force_enabled=False):
      try:
          form_class = contact_forms[form_tag]
  def form(request, form_tag, force_enabled=False):
      try:
          form_class = contact_forms[form_tag]
diff --git a/edumed/settings/middleware.py b/edumed/settings/middleware.py

index 15ab189..3dc3278 100644 (file)
--- a/edumed/settings/middleware.py
+++ b/edumed/settings/middleware.py
@@ -10,7 +10,6 @@ MIDDLEWARE_CLASSES = process_app_deps((
  
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
  
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
-    'honeypot.middleware.HoneypotMiddleware',
      ('django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth'),
      ('django_cas.middleware.CASMiddleware', 'django_cas'),
      ('django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages'),
      ('django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth'),
      ('django_cas.middleware.CASMiddleware', 'django_cas'),
      ('django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages'),
author	Jan Szejko <jan.szejko@gmail.com>
	Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
committer	Jan Szejko <jan.szejko@gmail.com>
	Fri, 3 Jun 2016 10:29:33 +0000 (12:29 +0200)
contact/templates/contact/form.html		patch \| blob \| history
contact/views.py		patch \| blob \| history
edumed/settings/middleware.py		patch \| blob \| history