diff options
| author | Gareth Rees <gareth@mysociety.org> | 2014-08-21 11:58:51 +0100 | 
|---|---|---|
| committer | Gareth Rees <gareth@mysociety.org> | 2014-08-21 11:58:51 +0100 | 
| commit | bd4d027c4445d40e8af120774ca3c72a9e041d6d (patch) | |
| tree | 34b1396381c81083e73bdf877cff77c51a17bc79 | |
| parent | 250600040a52729637d6124c2c2e01c97e991cf3 (diff) | |
| parent | 64a1f148fedcf375a47f959edbdd4cab0170acea (diff) | |
Merge branch 'issues/1389-public-body-updates-spam' into rails-3-develop
| -rw-r--r-- | app/controllers/public_body_change_requests_controller.rb | 12 | ||||
| -rw-r--r-- | app/views/public_body_change_requests/new.html.erb | 5 | ||||
| -rw-r--r-- | doc/CHANGES.md | 8 | ||||
| -rw-r--r-- | spec/controllers/public_body_change_requests_controller_spec.rb | 18 | 
4 files changed, 41 insertions, 2 deletions
| diff --git a/app/controllers/public_body_change_requests_controller.rb b/app/controllers/public_body_change_requests_controller.rb index 4a6c5f5cb..773308546 100644 --- a/app/controllers/public_body_change_requests_controller.rb +++ b/app/controllers/public_body_change_requests_controller.rb @@ -1,5 +1,7 @@  class PublicBodyChangeRequestsController < ApplicationController +    before_filter :catch_spam, :only => [:create] +      def create          @change_request = PublicBodyChangeRequest.from_params(params[:public_body_change_request], @user)          if @change_request.save @@ -23,6 +25,16 @@ class PublicBodyChangeRequestsController < ApplicationController          else              @title = _('Ask us to add an authority')          end +    end + +    private +    def catch_spam +        if params[:public_body_change_request].key?(:comment) +            unless params[:public_body_change_request][:comment].empty? +                redirect_to frontpage_url +            end +        end      end +  end diff --git a/app/views/public_body_change_requests/new.html.erb b/app/views/public_body_change_requests/new.html.erb index 7079cd868..b52d583be 100644 --- a/app/views/public_body_change_requests/new.html.erb +++ b/app/views/public_body_change_requests/new.html.erb @@ -54,6 +54,11 @@      <%= f.text_area :notes, :rows => 10, :cols => 60 %>    </p> +  <p style="display:none;"> +    <%= label_tag 'public_body_change_request[comment]', _('Do not fill in this field') %> +    <%= text_field_tag 'public_body_change_request[comment]' %> +  </p> +    <div class="form_button">        <%= submit_tag _("Submit request") %>    </div> diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 61f55211c..cc8c37c3a 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -20,6 +20,14 @@    `script/rails-post-deploy` to link up the new location. If you don't use    `SHARED_FILES` and `SHARED_DIRECTORIES`, alaveteli will now write it's    application logs to `APP_ROOT/log` rather than `APP_ROOT/../logs` by default. +* `public_body_change_requests/new.html.erb` has a new field for spam prevention +  so customisations of this template should be updated with: + +    <p style="display:none;"> +      <%= label_tag 'public_body_change_request[comment]', _('Do not fill in this field') %> +      <%= text_field_tag 'public_body_change_request[comment]' %> +    </p> +  This is the anti-spam honeypot.  # Version 0.18 diff --git a/spec/controllers/public_body_change_requests_controller_spec.rb b/spec/controllers/public_body_change_requests_controller_spec.rb index 7b878b893..8fe7befeb 100644 --- a/spec/controllers/public_body_change_requests_controller_spec.rb +++ b/spec/controllers/public_body_change_requests_controller_spec.rb @@ -22,7 +22,8 @@ describe PublicBodyChangeRequestsController, "creating a change request" do                                       :public_body_name => 'New Body',                                       :public_body_email => 'new_body@example.com',                                       :notes => 'Please', -                                     :source => 'http://www.example.com'} +                                     :source => 'http://www.example.com', +                                     :comment => '' }          end          it "should send an email to the site contact address" do @@ -51,6 +52,18 @@ describe PublicBodyChangeRequestsController, "creating a change request" do              response.should redirect_to frontpage_url          end +        it 'has rudimentary spam protection' do +            spam_request_params = @change_request_params.merge({ :comment => 'I AM A SPAMBOT' }) + +            post :create, { :public_body_change_request => spam_request_params } + +            response.should redirect_to(frontpage_path) + +            deliveries = ActionMailer::Base.deliveries +            deliveries.size.should == 0 +            deliveries.clear +        end +      end      context 'when handling a request for an update to an existing authority' do @@ -64,7 +77,8 @@ describe PublicBodyChangeRequestsController, "creating a change request" do                                       :public_body_id => @public_body.id,                                       :public_body_email => 'new_body@example.com',                                       :notes => 'Please', -                                     :source => 'http://www.example.com'} +                                     :source => 'http://www.example.com', +                                     :comment => '' }          end          it 'should send an email to the site contact address' do | 
