klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-15 02:33:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove the honeypot from the login page

Browse Source 
Des utilisateurs humains se font régulièrement "éclairer" par le honeypot. Les mesures anti-bot ne devraient pas bloquer des humains.
This commit is contained in:
imperosol 2024-11-10 14:15:41 +01:00 committed by Bartuccio Antoine
parent 7cc13ea669
commit 486047b929
3 changed files with 2 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
core/templates/core/login.jinja
View File

@ -33,7 +33,6 @@
{% endif %} {% endif %}
{% csrf_token %} {% csrf_token %}
{% render_honeypot_field %}
<div> <div>
<label for="{{ form.username.name }}">{{ form.username.label }}</label> <label for="{{ form.username.name }}">{{ form.username.label }}</label>

23
core/tests/test_core.py
View File

@ -146,39 +146,20 @@ class TestUserLogin:
"""Should not login a user correctly.""" """Should not login a user correctly."""
response = client.post( response = client.post(
reverse("core:login"), reverse("core:login"),
{ {"username": user.username, "password": "wrong-password"},
"username": user.username,
"password": "wrong-password",
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE,
},
) )
assert response.status_code == 200 assert response.status_code == 200
assert ( assert (
'<p class="alert alert-red">Votre nom d\'utilisateur ' '<p class="alert alert-red">Votre nom d\'utilisateur '
"et votre mot de passe ne correspondent pas. Merci de réessayer.</p>" "et votre mot de passe ne correspondent pas. Merci de réessayer.</p>"
) in str(response.content.decode()) ) in str(response.content.decode())
def test_login_honeypot(self, client, user):
response = client.post(
reverse("core:login"),
{
"username": user.username,
"password": "wrong-password",
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "incorrect",
},
)
assert response.status_code == 200
assert response.wsgi_request.user.is_anonymous assert response.wsgi_request.user.is_anonymous
def test_login_success(self, client, user): def test_login_success(self, client, user):
"""Should login a user correctly.""" """Should login a user correctly."""
response = client.post( response = client.post(
reverse("core:login"), reverse("core:login"),
{ {"username": user.username, "password": "plop"},
"username": user.username,
"password": "plop",
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE,
},
) )
assertRedirects(response, reverse("core:index")) assertRedirects(response, reverse("core:index"))
assert response.wsgi_request.user == user assert response.wsgi_request.user == user

1
core/views/user.py
View File

@ -77,7 +77,6 @@ from subscription.models import Subscription
from trombi.views import UserTrombiForm from trombi.views import UserTrombiForm
@method_decorator(check_honeypot, name="post")
class SithLoginView(views.LoginView): class SithLoginView(views.LoginView):
"""The login View.""" """The login View."""