klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-07-09 19:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make honeypot errors less suspicious

Browse Source
This commit is contained in:
Antoine Bartuccio
2024-07-10 19:30:01 +02:00
parent e15bcfae07
commit d6b27f2f21
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/middleware.py
View File

@ -21,6 +21,7 @@ from django.contrib.auth import get_user
from django.contrib.auth.middleware import (
AuthenticationMiddleware as DjangoAuthenticationMiddleware,
)
from django.http import HttpResponse
from django.utils.functional import SimpleLazyObject
module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit(".", 1)
@ -70,3 +71,7 @@ class SignalRequestMiddleware:
def __call__(self, request):
_threadlocal.request = request
return self.get_response(request)
def custom_honeypot_error(request, context):
return HttpResponse("Upon reading this, the http client was enlightened.")

10
core/tests.py
View File

@ -80,13 +80,15 @@ class TestUserRegistration:
assert response.status_code == 200
error_html = f'<ul class="errorlist"><li>{expected_error}</li></ul>'
assertInHTML(error_html, str(response.content.decode()))
assert not User.objects.filter(email=payload["email"]).exists()
def test_register_honeypot_fail(self, client, valid_payload):
def test_register_honeypot_fail(self, client: Client, valid_payload):
payload = valid_payload | {
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "random"
}
response = client.post(reverse("core:register"), payload)
assert response.status_code == 400
assert response.status_code == 200
assert not User.objects.filter(email=payload["email"]).exists()
def test_register_user_form_fail_already_exists(
self, client: Client, valid_payload
@ -152,7 +154,8 @@ class TestUserLogin:
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "incorrect",
},
)
assert response.status_code == 400
assert response.status_code == 200
assert response.wsgi_request.user.is_anonymous
def test_login_success(self, client, user):
"""
@ -167,6 +170,7 @@ class TestUserLogin:
},
)
assertRedirects(response, reverse("core:index"))
assert response.wsgi_request.user == user
@pytest.mark.parametrize(