Reorganize honeypot settings

This commit is contained in:
Antoine Bartuccio 2024-07-11 10:49:08 +02:00
parent d6b27f2f21
commit 0fb61938ce
3 changed files with 19 additions and 16 deletions

View File

@ -21,7 +21,6 @@ from django.contrib.auth import get_user
from django.contrib.auth.middleware import (
AuthenticationMiddleware as DjangoAuthenticationMiddleware,
)
from django.http import HttpResponse
from django.utils.functional import SimpleLazyObject
module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit(".", 1)
@ -71,7 +70,3 @@ class SignalRequestMiddleware:
def __call__(self, request):
_threadlocal.request = request
return self.get_response(request)
def custom_honeypot_error(request, context):
return HttpResponse("Upon reading this, the http client was enlightened.")

12
sith/honeypot.py Normal file
View File

@ -0,0 +1,12 @@
import logging
from typing import Any
from django.http import HttpResponse
from django.test.client import WSGIRequest
def custom_honeypot_error(
request: WSGIRequest, context: dict[str, Any]
) -> HttpResponse:
logging.warning(f"HoneyPot blocked user with ip {request.META.get('REMOTE_ADDR')}")
return HttpResponse("Upon reading this, the http client was enlightened.")

View File

@ -41,10 +41,11 @@ import os
import sys
import sentry_sdk
from django.utils.module_loading import import_string
from django.utils.translation import gettext_lazy as _
from sentry_sdk.integrations.django import DjangoIntegration
from .honeypot import custom_honeypot_error
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
os.environ["HTTPS"] = "off"
@ -55,16 +56,6 @@ os.environ["HTTPS"] = "off"
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2"
# Those values are to be changed in production to be more effective
HONEYPOT_FIELD_NAME = "body2"
HONEYPOT_VALUE = "content"
# Make honeypot errors less suspicious
# Since the app is not loaded yet, we wrap the import_string function in a lambda call to lazy load it
HONEYPOT_RESPONDER = lambda request, context: import_string(
"core.middleware.custom_honeypot_error"
)(request, context)
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
TESTING = "pytest" in sys.modules
@ -293,6 +284,11 @@ LOGIN_REDIRECT_URL = "/"
DEFAULT_FROM_EMAIL = "bibou@git.an"
SITH_COM_EMAIL = "bibou_com@git.an"
REST_FRAMEWORK["UNAUTHENTICATED_USER"] = "core.models.AnonymousUser"
# Those values are to be changed in production to be more effective
HONEYPOT_FIELD_NAME = "body2"
HONEYPOT_VALUE = "content"
HONEYPOT_RESPONDER = custom_honeypot_error # Make honeypot errors less suspicious
# Email
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"