selfhosted
/
formspree
mirror of https://github.com/formspree/formspree.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #198 from fiatjaf/repel-bots-unconfirm 

Repel bots on unconfirm URL.
This commit is contained in:
Giovanni T. Parra 2018-09-18 19:59:21 -03:00 committed by GitHub
parent 8d1024c0fb dea59dfa6c
commit cb145b9fd0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
formspree/forms/views.py
View File

@ -383,6 +383,11 @@ def request_unconfirm_form(form_id):
This endpoints triggers a confirmation email that directs users to the
GET version of unconfirm_form.
'''
# repel bots
if not request.user_agent.browser:
return ''
form = Form.query.get(form_id)
unconfirm_url = url_for(

6
tests/test_unsubscribe.py
View File

@ -32,6 +32,12 @@ def test_unconfirm_process(client, msend):
# this should send a confirmation email
r = client.get(request_unconfirm_url)
# actually, it should fail unless the request comes from a browser
assert not msend.called
# now it must work
r = client.get(request_unconfirm_url, headers={'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0'})
assert r.status_code == 200
assert msend.called