Skip to main content

wWagtail honeypot package

Project description

Wagtail Honeypot

Use this package to add optional honeypot proection to your Wagtail forms.

Honey pot protection is a way to trick bots into submitting data in fields that should remain empty. The package prvides a text field that should remain empty and checks a time interval between the form being displayed and submitted. The defualt interval is 3 seconds. If the form is submitted before the interval expires the submission is ignored.

How it works

When the Wagtail Form is submitted, and the honeypot protection is enabled the honeypot fields & values are in the POST data.

  • If the fields and values are valid or the Honeypot feature is not enabled then the form is submitted normally.
  • If the Honeypot feature is enabled and the validation fails the form is not processed but visibly and to a bot the form was successfully submitted.
# process_form_submission is overriding the function in AbstractEmailForm

def process_form_submission(self, form):
    honeypot_name = getattr(settings, "HONEYPOT_NAME", "whf_name")
    honeypot_time = getattr(settings, "HONEYPOT_TIME", "whf_time")
    honeypot_interval = getattr(settings, "HONEYPOT_INTERVAL", 3)

    # honey pot disabled
    if not self.honeypot:
        return super().process_form_submission(form)

    # honeypot enabled
    score = []
    if honeypot_name in form.data and honeypot_time in form.data:
        score.append(form.data[honeypot_name] == "")
        score.append(self.time_diff(form.data[honeypot_time], honeypot_interval))
        return (
            super().process_form_submission(form)
            if len(score) and all(score)
            else None
        )

@staticmethod
def time_diff(value, interval):
    now_time = str(time.time()).split(".")[0]
    diff = abs(int(now_time) - int(value))
    return True if diff > interval else False

You can provide your own process_form_submission method if you need an alternative behaviour.

Installation

pip install wagtail-honeypot

Wagtail Setup

Honeypot Text Field

<input type="text" name="whf_name" id="whf_name" data-whf_name="" tabindex="-1" autocomplete="off">

You can change the text field name by adding the following to your settings.

HONEYPOT_NAME="foo"

Honeypot Time Field

<input type="hidden" name="whf_time" id="whf_time" data-whf_name="" tabindex="-1" autocomplete="off">

You can change the time field name by adding the following to your settings.

HONEYPOT_TIME="bar"

You can change the time interval by adding the following to your settings.

HONEYPOT_INTERVAL=1

Honeypot Template Tag

To render the honeypot fields in your form page template use the provided template tag.

{% load honeypot_tags %}  # load the template tag

<form>
...
{% honeypot_fields %}  # add the honeypot fields to your form
...
</form>

Honeypot Model Mixin

The mixin will add a honeypot field to your form page model.

honeypot = models.BooleanField(default=False, verbose_name="Honeypot Enabled")

It also adds a form panel you can use.

If you follow the official Wagtail docs for the Form Builder your form should look something like this...

class FormPage(HoneypotMixin):  # <-- add the mixin
    intro = RichTextField(blank=True)
    thank_you_text = RichTextField(blank=True)

    content_panels = AbstractEmailForm.content_panels + [
        FieldPanel("intro", classname="full"),
        InlinePanel("form_fields", label="Form fields"),
        FieldPanel("thank_you_text", classname="full"),
        MultiFieldPanel(
            [
                FieldRowPanel(
                    [
                        FieldPanel("from_address", classname="col6"),
                        FieldPanel("to_address", classname="col6"),
                    ]
                ),
                FieldPanel("subject"),
            ],
            "Email",
        ),
    ]

    # add a edit_handler to enable the Honeypot tab
    edit_handler = TabbedInterface(
        [
            ObjectList(content_panels, heading="Content"),
            ObjectList(HoneypotMixin.honeypot_panels, heading="Honeypot"),
            ObjectList(Page.promote_panels, heading="Promote"),
            ObjectList(Page.settings_panels, heading="Settings", classname="settings"),
        ]
    )

Create a form page and enable the Honeypot protection.

Hide the Honeypot field

View the newly created form page. You will see that the honeypot field is visible and could be submitted with any value. That would block the form submission and that's how it should work.

You can try it out by submitting the form with the honeypot field set to any value. It won't save the form submission.

Use css to hide the honeypot field

Add the following css style to your own sites css...

input[data-whf_name] {
    position: absolute;
    top: 0;
    left: 0;
    margin-left: 100vw;
}

Use javascript to hide the honeypot field

var whf_name = "whf_name";
var data_whf_name = "[data-" + whf_name + "]";

document.querySelectorAll(data_whf_name).forEach(function(el) {
    el.classList.add(whf_name);
    el.setAttribute("style", "position: absolute;top: 0;left: 0;margin-left: 100%;");
});

The end result is the field should be visibly hidden and not be available to receive any value form a site visitor.

When rendered, the fields will have the html attributes tabindex="-1" autocomplete="off" to prevent a site visitor from using the tab key to move to the field and disable any autocomplete browser functions.

A more complete example is form_page.html from the package test files.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wagtail-honeypot-0.2.0.tar.gz (15.6 kB view details)

Uploaded Source

Built Distribution

wagtail_honeypot-0.2.0-py3-none-any.whl (18.6 kB view details)

Uploaded Python 3

File details

Details for the file wagtail-honeypot-0.2.0.tar.gz.

File metadata

  • Download URL: wagtail-honeypot-0.2.0.tar.gz
  • Upload date:
  • Size: 15.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for wagtail-honeypot-0.2.0.tar.gz
Algorithm Hash digest
SHA256 b4708e473649914e75a7cdc3ef35d1331cb90323fe211a433d9844e5bb2da7a5
MD5 f46576fb92068304738fe0ce8b5480fa
BLAKE2b-256 78452c44c89e10ee59f01f594249e3b474f16ee1ec9de20645d6a8d9f286efab

See more details on using hashes here.

File details

Details for the file wagtail_honeypot-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: wagtail_honeypot-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 18.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for wagtail_honeypot-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bd4a7cf5401aa2d89f737d40db10ecd83498dc14877100fe24de873610ce0adc
MD5 eabb97f25eda7129cf4f6ef51511c382
BLAKE2b-256 18cca016061bdf843e9303ef7ead1109ea2f1a036f7cc450a9c427c25538c15d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page