From: Jan Szejko Date: Fri, 3 Jun 2016 10:29:33 +0000 (+0200) Subject: use honeypot only for contact forms (not for api) X-Git-Url: https://git.mdrn.pl/edumed.git/commitdiff_plain/3634ac3afa1a719bc7e142f9ec00064770ecbbe2?ds=inline use honeypot only for contact forms (not for api) --- diff --git a/contact/templates/contact/form.html b/contact/templates/contact/form.html index a9741f1..584629a 100644 --- a/contact/templates/contact/form.html +++ b/contact/templates/contact/form.html @@ -1,5 +1,6 @@ {% extends form.base_template|default:"base.html" %} {% load chunks %} +{% load honeypot %} {% block title %}{{ form.form_title }}{% endblock %} @@ -15,6 +16,7 @@
{% csrf_token %} + {% render_honeypot_field %} {{ form.as_table }} diff --git a/contact/views.py b/contact/views.py index e52b6b2..b9a411f 100644 --- a/contact/views.py +++ b/contact/views.py @@ -5,10 +5,13 @@ from django.contrib.auth.decorators import permission_required from django.http import Http404 from django.shortcuts import get_object_or_404, redirect, render from fnpdjango.utils.views import serve_file +from honeypot.decorators import check_honeypot + from .forms import contact_forms from .models import Attachment +@check_honeypot def form(request, form_tag, force_enabled=False): try: form_class = contact_forms[form_tag] diff --git a/edumed/settings/middleware.py b/edumed/settings/middleware.py index 15ab189..3dc3278 100644 --- a/edumed/settings/middleware.py +++ b/edumed/settings/middleware.py @@ -10,7 +10,6 @@ MIDDLEWARE_CLASSES = process_app_deps(( 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', - 'honeypot.middleware.HoneypotMiddleware', ('django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth'), ('django_cas.middleware.CASMiddleware', 'django_cas'), ('django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages'),