From 486047b929cc62c13909aedc06be427413873ee7 Mon Sep 17 00:00:00 2001
From: imperosol <thgirod@hotmail.com>
Date: Sun, 10 Nov 2024 14:15:41 +0100
Subject: [PATCH] remove the honeypot from the login page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Des utilisateurs humains se font régulièrement "éclairer" par le honeypot. Les mesures anti-bot ne devraient pas bloquer des humains.
---
 core/templates/core/login.jinja |  1 -
 core/tests/test_core.py         | 23 ++---------------------
 core/views/user.py              |  1 -
 3 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/core/templates/core/login.jinja b/core/templates/core/login.jinja
index 833a3431..d696f4cd 100644
--- a/core/templates/core/login.jinja
+++ b/core/templates/core/login.jinja
@@ -33,7 +33,6 @@
     {% endif %}
 
     {% csrf_token %}
-    {% render_honeypot_field %}
 
     <div>
       <label for="{{ form.username.name }}">{{ form.username.label }}</label>
diff --git a/core/tests/test_core.py b/core/tests/test_core.py
index b803cefa..05501136 100644
--- a/core/tests/test_core.py
+++ b/core/tests/test_core.py
@@ -146,39 +146,20 @@ class TestUserLogin:
         """Should not login a user correctly."""
         response = client.post(
             reverse("core:login"),
-            {
-                "username": user.username,
-                "password": "wrong-password",
-                settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE,
-            },
+            {"username": user.username, "password": "wrong-password"},
         )
         assert response.status_code == 200
         assert (
             '<p class="alert alert-red">Votre nom d\'utilisateur '
             "et votre mot de passe ne correspondent pas. Merci de réessayer.</p>"
         ) in str(response.content.decode())
-
-    def test_login_honeypot(self, client, user):
-        response = client.post(
-            reverse("core:login"),
-            {
-                "username": user.username,
-                "password": "wrong-password",
-                settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "incorrect",
-            },
-        )
-        assert response.status_code == 200
         assert response.wsgi_request.user.is_anonymous
 
     def test_login_success(self, client, user):
         """Should login a user correctly."""
         response = client.post(
             reverse("core:login"),
-            {
-                "username": user.username,
-                "password": "plop",
-                settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE,
-            },
+            {"username": user.username, "password": "plop"},
         )
         assertRedirects(response, reverse("core:index"))
         assert response.wsgi_request.user == user
diff --git a/core/views/user.py b/core/views/user.py
index 98ebcce6..e9694a92 100644
--- a/core/views/user.py
+++ b/core/views/user.py
@@ -77,7 +77,6 @@ from subscription.models import Subscription
 from trombi.views import UserTrombiForm
 
 
-@method_decorator(check_honeypot, name="post")
 class SithLoginView(views.LoginView):
     """The login View."""