Merge branch 'recaptcha'

geelweb · Mar 19, 2024 · 5d223d8 · 5d223d8
2 parents 3c3f203 + a69578c
commit 5d223d8
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 12 deletions.
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
@@ -30,6 +30,7 @@ jobs:
         #if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
         pip install Django==3.2
         pip install django-widget-tweaks==1.4.8
+        pip install requests
     - name: Test
       run: |
         python runtests.py

diff --git a/contactform/templatetags/contact_form.py b/contactform/templatetags/contact_form.py
@@ -42,7 +42,7 @@ def contact_form_btn(label, form_id):
         btn_attrs['type'] = 'submit'
 
     btn = """<button %s>%s</button>""" % (
-        ' '.join(['%s="%s"' % (k, btn_attrs[k]) for k in btn_attrs if btn_attrs[k] != '']),
+        ' '.join(['%s="%s"' % (k, btn_attrs[k].strip()) for k in btn_attrs if btn_attrs[k] != '']),
         label)
 
     if recaptcha_enabled:

diff --git a/contactform/tests.py b/contactform/tests.py
@@ -3,6 +3,7 @@
 from django.test import RequestFactory, TestCase, override_settings
 from django.urls import reverse
 from .forms import ContactForm
+from unittest.mock import MagicMock, patch
 
 class ContactTestCase(TestCase):
     def test_form_displayed(self):
@@ -105,6 +106,54 @@ def test_form_title_not_displayed(self):
         self.assertContains(resp, 'csrfmiddlewaretoken', status_code=200)
         self.assertNotContains(resp, '<h3>Contact us</h3>', status_code=200)
 
+    @override_settings(CONTACTFORM_RECIPIENTS=['[email protected]'])
+    @override_settings(GOOGLE_RECAPTCHA_ENABLED=True)
+    @override_settings(GOOGLE_RECAPTCHA_SECRET='recaptcha-secret')
+    @patch('contactform.views.requests')
+    def test_post_with_invalid_recaptcha(self, mock_requests):
+        """ Tests than the email is not sent where recaptcha fail the
+        validation
+        """
+
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+        mock_response.json.return_value = {'success': False}
+        mock_requests.post.return_value = mock_response
+
+        resp = self.client.post(reverse('contactform:index'), {
+            'email': '[email protected]',
+            'phone': '06 00 00 00 00',
+            'comment': 'This is my message content',
+            'g-recaptcha-response': 'abcdefgh'})
+
+        self.assertEqual(len(mail.outbox), 0)
+
+        self.assertContains(resp, 'Thanks for your message', status_code=200)
+
+    @override_settings(CONTACTFORM_RECIPIENTS=['[email protected]'])
+    @override_settings(GOOGLE_RECAPTCHA_ENABLED=True)
+    @override_settings(GOOGLE_RECAPTCHA_SECRET='recaptcha-secret')
+    @patch('contactform.views.requests')
+    def test_post_with_valid_recaptcha(self, mock_requests):
+        """ Tests than the email is not sent where recaptcha fail the
+        validation
+        """
+
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+        mock_response.json.return_value = {'success': True}
+        mock_requests.post.return_value = mock_response
+
+        resp = self.client.post(reverse('contactform:index'), {
+            'email': '[email protected]',
+            'phone': '06 00 00 00 00',
+            'comment': 'This is my message content',
+            'g-recaptcha-response': 'abcdefgh'})
+
+        self.assertEqual(len(mail.outbox), 1)
+
+        self.assertContains(resp, 'Thanks for your message', status_code=200)
+
 
 class ContactFormTagTest(TestCase):
     def setUp(self):

diff --git a/contactform/views.py b/contactform/views.py
@@ -7,10 +7,23 @@
 from .forms import ContactForm
 from django.utils.translation import ugettext as _
 from django.template.loader import render_to_string
+import requests
 
 def index(request):
     form = ContactForm(request.POST or None)
     if form.is_valid():
+        recaptcha_enabled = getattr(settings, 'GOOGLE_RECAPTCHA_ENABLED', False)
+        recaptcha_valid = True
+        if recaptcha_enabled:
+            secret_key = settings.GOOGLE_RECAPTCHA_SECRET
+            data = {
+                'response': request.POST.get('g-recaptcha-response'),
+                'secret': secret_key
+            }
+            resp = requests.post('https://www.google.com/recaptcha/api/siteverify', data=data)
+            result_json = resp.json()
+            recaptcha_valid = result_json.get('success')
+
         email = form.cleaned_data['email']
         phone = form.cleaned_data['phone']
         comment = form.cleaned_data['comment']
@@ -25,17 +38,18 @@ def index(request):
             'phone': phone,
             'comment': comment})
 
-        recipients = settings.CONTACTFORM_RECIPIENTS
-        try:
-            email = EmailMessage(
-                    getattr(settings, 'CONTACTFORM_SUBJECT', _('New message')),
-                    message,
-                    getattr(settings, 'CONTACTFORM_FROM_EMAIL', settings.DEFAULT_FROM_EMAIL),
-                    recipients,
-                    reply_to=[email])
-            email.send(fail_silently=False)
-        except BadHeaderError:
-             return HttpResponse('Invalid header found.')
+        if recaptcha_valid:
+            recipients = settings.CONTACTFORM_RECIPIENTS
+            try:
+                email = EmailMessage(
+                        getattr(settings, 'CONTACTFORM_SUBJECT', _('New message')),
+                        message,
+                        getattr(settings, 'CONTACTFORM_FROM_EMAIL', settings.DEFAULT_FROM_EMAIL),
+                        recipients,
+                        reply_to=[email])
+                email.send(fail_silently=False)
+            except BadHeaderError:
+                 return HttpResponse('Invalid header found.')
 
 
         messages.success(request, _('Your message has been sent.'), extra_tags='contactform')