Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds a honey pot to Skosmos. See issue #594 for more. It adds two configurations too. Would be useful for users to later add a section in the web site about these new parameters, and instruct them to tweak the values (adding more parameters, or changing the default time threshold).
The honey pot is based on msurguy/Honeypot module for Laravel, also licensed under the MIT Licence. The main difference being that instead of using Laravel's Crypt class, it simply base64 the server's current time.
There are two types of honey pots. In the first honey pot, a certain value must be empty. Otherwise the request is considered invalid. The user will receive a message of OK, but no e-mail will be sent (as with the previous trap field).
The second honey pot, called also a honey time, is based on time. This field contains the server base64 encoded time. The default threshold is 5 seconds. If any feedback form is submitted in less than 5 seconds, the request is then discarded.
The reason for using base64 was for simplicity. I think we could also use mcrypt, or some other hash algorithm, but preferred to keep the pull request simple, but it can be changed later (feel free to update this pull request, I'm checking "Allow edits from maintainers").
Simple unit test included. I could not find another test for a controller, so had to include a few libraries under Composer's require-dev entry. One for mocking certain methods (like sendFeedback), and another library for parsing HTML. The feedback page's HTML contain a
footer
tag that PHP's default DOMDocument fails to parse.Hope that helps.
Cheers
Bruno