a few improvements to honeypot

DOAJ · Oct 22, 2024 · 8ac304d · 8ac304d
1 parent 267fa33
commit 8ac304d
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 7 deletions.
diff --git a/cms/sass/components/_honeypotfield.scss b/cms/sass/components/_honeypotfield.scss
@@ -5,7 +5,6 @@
   height: 1px;
   width: 1px;
   overflow: hidden;
-  clip: rect(0, 0, 0, 0); /* Ensures the field is not visible for sr */
   border: 0;
   padding: 0;
   margin: 0;

diff --git a/portality/settings.py b/portality/settings.py
@@ -1566,4 +1566,4 @@
 
 ##################################################
 # Honeypot bot-trap settings for forms (now: only registration form)
-HONEYPOT_TIMER_THRESHOLD = 70000;
+HONEYPOT_TIMER_THRESHOLD = 5000;
diff --git a/portality/static/js/honeypot.js b/portality/static/js/honeypot.js
@@ -11,6 +11,8 @@ doaj.honeypot.handleRegistration = function (event) {
     event.preventDefault();
     const endTime = performance.now();
     const elapsedTime = endTime - doaj.honeypot.startTime;
+    // reset the timer
+    doaj.honeypot.startTime = performance.now();
     $("#hptimer").val(elapsedTime);
     $("#registrationForm").submit();
 }
diff --git a/portality/templates/account/_register_form.html b/portality/templates/account/_register_form.html
@@ -6,8 +6,9 @@
         <input type="hidden" name="next" value="/register"/>
         {# This input is a bot-bait, it should stay invisible to the users and empty. #}
         {# Make sure it's invisible on the screen AND FOR SCREEN READERS/KEYBOARD USERS' #}
-        <input type="text" placeholder="Your email" id="email" name="email" autocomplete="false" tabindex="-1"
-               class="hpemail" value="">
+        <div aria-hidden="true" class="hpemail">
+            <input type="text" id="email" name="email" autocomplete="false" tabindex="-1" value="">
+        </div>
         <div class="form__question">
             {% if current_user.is_authenticated and current_user.has_role("create_user") %}
                 {# Admins can specify a user ID #}

diff --git a/portality/view/account.py b/portality/view/account.py
@@ -342,10 +342,9 @@ def register():
     if request.method == 'POST':
 
         if not current_user.is_authenticated and form.is_bot():
-            print(current_user.is_authenticated)
-            print(form.is_bot())
             if app.config.get('DEBUG', True):
-                flash(f"Debug mode - Values submitted: bot trap field = '{form.email.data}'; anti-bot timer: '{form.hptimer.data}'")
+                flash(Messages.ARE_YOU_A_HUMAN, "error")
+                flash(f"Debug mode - Values submitted: bot trap field = '{form.email.data}'; anti-bot timer: '{form.hptimer.data}' ('{form.hptimer.data/1000:.2f}' sec)")
             else:
                 flash(Messages.ARE_YOU_A_HUMAN, "error")
             return render_template('account/register.html', form=form)