mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-14 02:03:22 +00:00
Make honeypot errors less suspicious
This commit is contained in:
parent
e15bcfae07
commit
d6b27f2f21
@ -21,6 +21,7 @@ from django.contrib.auth import get_user
|
|||||||
from django.contrib.auth.middleware import (
|
from django.contrib.auth.middleware import (
|
||||||
AuthenticationMiddleware as DjangoAuthenticationMiddleware,
|
AuthenticationMiddleware as DjangoAuthenticationMiddleware,
|
||||||
)
|
)
|
||||||
|
from django.http import HttpResponse
|
||||||
from django.utils.functional import SimpleLazyObject
|
from django.utils.functional import SimpleLazyObject
|
||||||
|
|
||||||
module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit(".", 1)
|
module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit(".", 1)
|
||||||
@ -70,3 +71,7 @@ class SignalRequestMiddleware:
|
|||||||
def __call__(self, request):
|
def __call__(self, request):
|
||||||
_threadlocal.request = request
|
_threadlocal.request = request
|
||||||
return self.get_response(request)
|
return self.get_response(request)
|
||||||
|
|
||||||
|
|
||||||
|
def custom_honeypot_error(request, context):
|
||||||
|
return HttpResponse("Upon reading this, the http client was enlightened.")
|
||||||
|
@ -80,13 +80,15 @@ class TestUserRegistration:
|
|||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
error_html = f'<ul class="errorlist"><li>{expected_error}</li></ul>'
|
error_html = f'<ul class="errorlist"><li>{expected_error}</li></ul>'
|
||||||
assertInHTML(error_html, str(response.content.decode()))
|
assertInHTML(error_html, str(response.content.decode()))
|
||||||
|
assert not User.objects.filter(email=payload["email"]).exists()
|
||||||
|
|
||||||
def test_register_honeypot_fail(self, client, valid_payload):
|
def test_register_honeypot_fail(self, client: Client, valid_payload):
|
||||||
payload = valid_payload | {
|
payload = valid_payload | {
|
||||||
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "random"
|
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "random"
|
||||||
}
|
}
|
||||||
response = client.post(reverse("core:register"), payload)
|
response = client.post(reverse("core:register"), payload)
|
||||||
assert response.status_code == 400
|
assert response.status_code == 200
|
||||||
|
assert not User.objects.filter(email=payload["email"]).exists()
|
||||||
|
|
||||||
def test_register_user_form_fail_already_exists(
|
def test_register_user_form_fail_already_exists(
|
||||||
self, client: Client, valid_payload
|
self, client: Client, valid_payload
|
||||||
@ -152,7 +154,8 @@ class TestUserLogin:
|
|||||||
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "incorrect",
|
settings.HONEYPOT_FIELD_NAME: settings.HONEYPOT_VALUE + "incorrect",
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
assert response.status_code == 400
|
assert response.status_code == 200
|
||||||
|
assert response.wsgi_request.user.is_anonymous
|
||||||
|
|
||||||
def test_login_success(self, client, user):
|
def test_login_success(self, client, user):
|
||||||
"""
|
"""
|
||||||
@ -167,6 +170,7 @@ class TestUserLogin:
|
|||||||
},
|
},
|
||||||
)
|
)
|
||||||
assertRedirects(response, reverse("core:index"))
|
assertRedirects(response, reverse("core:index"))
|
||||||
|
assert response.wsgi_request.user == user
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize(
|
@pytest.mark.parametrize(
|
||||||
|
@ -41,6 +41,7 @@ import os
|
|||||||
import sys
|
import sys
|
||||||
|
|
||||||
import sentry_sdk
|
import sentry_sdk
|
||||||
|
from django.utils.module_loading import import_string
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from sentry_sdk.integrations.django import DjangoIntegration
|
from sentry_sdk.integrations.django import DjangoIntegration
|
||||||
|
|
||||||
@ -58,6 +59,12 @@ SECRET_KEY = "(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2"
|
|||||||
HONEYPOT_FIELD_NAME = "body2"
|
HONEYPOT_FIELD_NAME = "body2"
|
||||||
HONEYPOT_VALUE = "content"
|
HONEYPOT_VALUE = "content"
|
||||||
|
|
||||||
|
# Make honeypot errors less suspicious
|
||||||
|
# Since the app is not loaded yet, we wrap the import_string function in a lambda call to lazy load it
|
||||||
|
HONEYPOT_RESPONDER = lambda request, context: import_string(
|
||||||
|
"core.middleware.custom_honeypot_error"
|
||||||
|
)(request, context)
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
TESTING = "pytest" in sys.modules
|
TESTING = "pytest" in sys.modules
|
||||||
|
Loading…
Reference in New Issue
Block a user