feat(support#create): block with invisible captcha [avoid painful captcha]

This commit is contained in:
Martin 2021-12-29 14:00:47 +01:00
parent ec6c71beea
commit 252eee272b
9 changed files with 87 additions and 42 deletions

View file

@ -47,6 +47,7 @@ gem 'i18n_data'
gem 'i18n-tasks', require: false
gem 'iban-tools'
gem 'image_processing'
gem 'invisible_captcha'
gem 'json_schemer'
gem 'jwt'
gem 'kaminari', '1.2.1' # Pagination

View file

@ -369,6 +369,8 @@ GEM
image_processing (1.12.1)
mini_magick (>= 4.9.5, < 5)
ruby-vips (>= 2.0.17, < 3)
invisible_captcha (2.0.0)
rails (>= 5.0)
ipaddress (0.8.3)
jquery-rails (4.4.0)
rails-dom-testing (>= 1, < 3)
@ -838,6 +840,7 @@ DEPENDENCIES
i18n_data
iban-tools
image_processing
invisible_captcha
json_schemer
jwt
kaminari (= 1.2.1)

View file

@ -1,4 +1,6 @@
class SupportController < ApplicationController
invisible_captcha only: [:create], on_spam: :redirect_to_root
def index
setup_context
end
@ -92,4 +94,8 @@ class SupportController < ApplicationController
def email
current_user&.email || params[:email]
end
def redirect_to_root
redirect_to root_path, alert: t('invisible_captcha.custom_message')
end
end

View file

@ -25,6 +25,9 @@
= label_tag :type do
= t('.your_question')
= hidden_field_tag :type, params[:type]
= invisible_captcha
%dl
- @options.each do |(question, question_type, link)|
%dt

View file

@ -122,3 +122,5 @@ API_EDUCATION_URL="https://data.education.gouv.fr/api/records/1.0"
# Clé de chriffrement des données sensibles en base
ENCRYPTION_SERVICE_SALT=""
INVISIBLE_CAPTCHA_SECRET="kikooloool"

View file

@ -0,0 +1,12 @@
InvisibleCaptcha.setup do |config|
# config.honeypots << ['more', 'fake', 'attribute', 'names']
# config.visual_honeypots = false
# config.timestamp_threshold = 2
config.timestamp_enabled = !Rails.env.test?
# config.injectable_styles = false
config.spinner_enabled = !Rails.env.test?
# Leave these unset if you want to use I18n (see below)
# config.sentence_for_humans = 'If you are a human, ignore this field'
# config.timestamp_error_message = 'Sorry, that was too quick! Please resubmit.'
end

View file

@ -30,6 +30,9 @@
# available at http://guides.rubyonrails.org/i18n.html.
en:
invisible_captcha:
custom_message: 'If you are a human, ignore this field'
help: 'Help'
utils:
'yes': Yes

View file

@ -20,6 +20,9 @@
# available at http://guides.rubyonrails.org/i18n.html.
fr:
invisible_captcha:
custom_message: 'Si vous êtes un humain, veuillez ignorer ce champs'
help: 'Aide'
utils:
'yes': Oui

View file

@ -51,9 +51,12 @@ describe SupportController, type: :controller do
describe "send form" do
subject do
post :create, params: { subject: 'bonjour', text: 'un message' }
post :create, params: params
end
context "when invisible captcha is ignored" do
let(:params) { { subject: 'bonjour', text: 'un message' } }
it 'creates a conversation on HelpScout' do
expect_any_instance_of(Helpscout::FormAdapter).to receive(:send_form).and_return(true)
@ -114,6 +117,15 @@ describe SupportController, type: :controller do
end
end
end
context "when invisible captcha is filled" do
let(:params) { { subject: 'bonjour', text: 'un message', InvisibleCaptcha.honeypots.sample => 'boom' } }
it 'does not create a conversation on HelpScout' do
expect { subject }.not_to change(Commentaire, :count)
expect(flash[:alert]).to eq(I18n.t('invisible_captcha.custom_message'))
end
end
end
end
context 'signed out' do