From 0fb61938ce16f86a768ae4bcbeb908fd83e91511 Mon Sep 17 00:00:00 2001 From: Sli Date: Thu, 11 Jul 2024 10:49:08 +0200 Subject: [PATCH] Reorganize honeypot settings --- core/middleware.py | 5 ----- sith/honeypot.py | 12 ++++++++++++ sith/settings.py | 18 +++++++----------- 3 files changed, 19 insertions(+), 16 deletions(-) create mode 100644 sith/honeypot.py diff --git a/core/middleware.py b/core/middleware.py index fe4087c3..5f5c945b 100644 --- a/core/middleware.py +++ b/core/middleware.py @@ -21,7 +21,6 @@ from django.contrib.auth import get_user from django.contrib.auth.middleware import ( AuthenticationMiddleware as DjangoAuthenticationMiddleware, ) -from django.http import HttpResponse from django.utils.functional import SimpleLazyObject module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit(".", 1) @@ -71,7 +70,3 @@ class SignalRequestMiddleware: def __call__(self, request): _threadlocal.request = request return self.get_response(request) - - -def custom_honeypot_error(request, context): - return HttpResponse("Upon reading this, the http client was enlightened.") diff --git a/sith/honeypot.py b/sith/honeypot.py new file mode 100644 index 00000000..3659c0ea --- /dev/null +++ b/sith/honeypot.py @@ -0,0 +1,12 @@ +import logging +from typing import Any + +from django.http import HttpResponse +from django.test.client import WSGIRequest + + +def custom_honeypot_error( + request: WSGIRequest, context: dict[str, Any] +) -> HttpResponse: + logging.warning(f"HoneyPot blocked user with ip {request.META.get('REMOTE_ADDR')}") + return HttpResponse("Upon reading this, the http client was enlightened.") diff --git a/sith/settings.py b/sith/settings.py index f668d73a..e37ab2eb 100644 --- a/sith/settings.py +++ b/sith/settings.py @@ -41,10 +41,11 @@ import os import sys import sentry_sdk -from django.utils.module_loading import import_string from django.utils.translation import gettext_lazy as _ from sentry_sdk.integrations.django import DjangoIntegration +from .honeypot import custom_honeypot_error + BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) os.environ["HTTPS"] = "off" @@ -55,16 +56,6 @@ os.environ["HTTPS"] = "off" # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = "(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2" -# Those values are to be changed in production to be more effective -HONEYPOT_FIELD_NAME = "body2" -HONEYPOT_VALUE = "content" - -# Make honeypot errors less suspicious -# Since the app is not loaded yet, we wrap the import_string function in a lambda call to lazy load it -HONEYPOT_RESPONDER = lambda request, context: import_string( - "core.middleware.custom_honeypot_error" -)(request, context) - # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False TESTING = "pytest" in sys.modules @@ -293,6 +284,11 @@ LOGIN_REDIRECT_URL = "/" DEFAULT_FROM_EMAIL = "bibou@git.an" SITH_COM_EMAIL = "bibou_com@git.an" REST_FRAMEWORK["UNAUTHENTICATED_USER"] = "core.models.AnonymousUser" +# Those values are to be changed in production to be more effective +HONEYPOT_FIELD_NAME = "body2" +HONEYPOT_VALUE = "content" +HONEYPOT_RESPONDER = custom_honeypot_error # Make honeypot errors less suspicious + # Email EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"