|
a/Allura/allura/lib/utils.py |
|
b/Allura/allura/lib/utils.py |
|
... |
|
... |
| 151 |
Please don't fill out this field.</label><br>
|
151 |
Please don't fill out this field.</label><br>
|
| 152 |
<input id="$fld_id" name="$fld_name" type="text"><br></p>''')
|
152 |
<input id="$fld_id" name="$fld_name" type="text"><br></p>''')
|
| 153 |
|
153 |
|
| 154 |
def __init__(self, request=None, num_honey=2):
|
154 |
def __init__(self, request=None, num_honey=2):
|
| 155 |
self.num_honey = num_honey
|
155 |
self.num_honey = num_honey
|
| 156 |
if request is None:
|
156 |
if request is None or request.method == 'GET':
|
| 157 |
self.request = pylons.request
|
157 |
self.request = pylons.request
|
| 158 |
self.timestamp = int(time.time())
|
158 |
self.timestamp = int(time.time())
|
| 159 |
self.spinner = self.make_spinner()
|
159 |
self.spinner = self.make_spinner()
|
| 160 |
self.timestamp_text = str(self.timestamp)
|
160 |
self.timestamp_text = str(self.timestamp)
|
| 161 |
self.spinner_text = self._wrap(self.spinner)
|
161 |
self.spinner_text = self._wrap(self.spinner)
|
|
... |
|
... |
| 254 |
@classmethod
|
254 |
@classmethod
|
| 255 |
def validate_request(cls, request=None, now=None, params=None):
|
255 |
def validate_request(cls, request=None, now=None, params=None):
|
| 256 |
if request is None: request = pylons.request
|
256 |
if request is None: request = pylons.request
|
| 257 |
if params is None: params = request.params
|
257 |
if params is None: params = request.params
|
| 258 |
new_params = dict(params)
|
258 |
new_params = dict(params)
|
|
|
259 |
if not request.method == 'GET':
|
| 259 |
new_params.pop('timestamp', None)
|
260 |
new_params.pop('timestamp', None)
|
| 260 |
new_params.pop('spinner', None)
|
261 |
new_params.pop('spinner', None)
|
| 261 |
obj = cls(request)
|
262 |
obj = cls(request)
|
| 262 |
if now is None: now = time.time()
|
263 |
if now is None: now = time.time()
|
| 263 |
if obj.timestamp > now + 5:
|
264 |
if obj.timestamp > now + 5:
|
| 264 |
raise ValueError, 'Post from the future'
|
265 |
raise ValueError, 'Post from the future'
|
| 265 |
if now - obj.timestamp > 60*60:
|
266 |
if now - obj.timestamp > 60*60:
|
| 266 |
raise ValueError, 'Post from the 1hr+ past'
|
267 |
raise ValueError, 'Post from the 1hr+ past'
|
| 267 |
if obj.spinner != obj.make_spinner(obj.timestamp):
|
268 |
if obj.spinner != obj.make_spinner(obj.timestamp):
|
| 268 |
raise ValueError, 'Bad spinner value'
|
269 |
raise ValueError, 'Bad spinner value'
|
| 269 |
for k in new_params.keys():
|
270 |
for k in new_params.keys():
|
| 270 |
new_params[obj.dec(k)] = new_params.pop(k)
|
271 |
new_params[obj.dec(k)] = new_params.pop(k)
|
| 271 |
for fldno in range(obj.num_honey):
|
272 |
for fldno in range(obj.num_honey):
|
| 272 |
value = new_params.pop('honey%s' % fldno)
|
273 |
value = new_params.pop('honey%s' % fldno)
|
| 273 |
if value:
|
274 |
if value:
|
| 274 |
raise ValueError, 'Value in honeypot field: %s' % value
|
275 |
raise ValueError, 'Value in honeypot field: %s' % value
|
| 275 |
return new_params
|
276 |
return new_params
|
| 276 |
|
277 |
|
| 277 |
@classmethod
|
278 |
@classmethod
|
| 278 |
def validate(cls, error_msg):
|
279 |
def validate(cls, error_msg):
|
| 279 |
'''Controller decorator to raise Invalid errors if bot protection is engaged'''
|
280 |
'''Controller decorator to raise Invalid errors if bot protection is engaged'''
|