added reCaptcha v2

cao_blogr/forms.py

@@ -2,6 +2,7 @@ from wtforms import Form, StringField, TextAreaField, SelectField, RadioField
 from wtforms import IntegerField, PasswordField
 from wtforms.validators import InputRequired, Length, Email
 from wtforms.widgets import HiddenInput
+from wtfrecaptcha.fields import RecaptchaField
 
 strip_filter = lambda x: x.strip() if x else None
 
@@ -28,14 +29,6 @@ class UserCreateForm(Form):
                            filters=[strip_filter])
     password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)])
 
-class ContactForm(Form):
-    name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
-                            filters=[strip_filter])
-    email = StringField('Email', validators=[InputRequired(), Length(min=1, max=255), Email()], 
-                            filters=[strip_filter])
-    comments = TextAreaField('Message', validators=[InputRequired(), Length(min=1)],
-                            filters=[strip_filter])
-
 class TopicForm(Form):
     topic = StringField('Rubrique', validators=[InputRequired(), Length(min=1, max=25)],
                         filters=[strip_filter])

cao_blogr/templates/home.jinja2

@@ -158,13 +158,29 @@
             </div>
             </div>
             <textarea class="form-control" id="comments" name="comments" placeholder="Message - Tin nhắn" required rows="5"></textarea>
-            
-            <p class="matngot"><input class="form-control" id="matngot" name="matngot" type="text"></p>
             <br>
-              <button class="btn btn-primary" type="submit" name="form.submitted">Envoyer</button>
+            <div class="g-recaptcha" data-sitekey="6LeDvVUgAAAAAOqD_-h93kd5aW8CmpeVvKYu-m0p" data-callback='recaptchaCallback'></div>
+            <input type="hidden"  id="response" name="response" value="" />
+            <br>
+            <button class="btn btn-primary hidden" id="btnSubmit" type="submit" name="form.submitted">Envoyer</button>
           </form>
         </div>
     </div>
   </div>
 
+  <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+  <script>
+    function recaptchaCallback() {
+      var btnSubmit = document.getElementById("btnSubmit");
+      var response = grecaptcha.getResponse();
+
+      document.getElementById("response").value = response;
+      if ( btnSubmit.classList.contains("hidden") ) {
+          btnSubmit.classList.remove("hidden");
+          btnSubmit.classList.add("show");
+      }
+    }
+
+  </script>
+    
 {% endblock %}

cao_blogr/views/default.py

@@ -16,6 +16,8 @@ import os
 from PIL import Image
 import shutil
 import magic
+import json
+from urllib import request, parse
 
 
 @view_config(route_name='home',
@@ -43,16 +45,16 @@ def home(request):
     name = ''
     email = ''
     comments = ''
-    matngot = ''
 
     if 'form.submitted' in request.params :
         name = request.params['name']
         email = request.params['email']
         comments = request.params['comments']
-        matngot = request.params['matngot']
+        response = request.params['response']
 
-        # honeypot matngot filled ?
-        if not matngot and comments != '':
+        # verification reCaptcha ?
+        ok, erreur = captcha_verify(response, request.remote_addr)
+        if ok and comments != '':
             # no, message is not spam, send it
             body = """
 Bonjour,
@@ -75,7 +77,7 @@ webmaster@meditation-sunyata.paris
             message.add_recipient('phuoc@caotek.fr')
             mailer = request.registry['mailer']
             mailer.send_immediately(message)
-            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site", "success")
+            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site.", "success")
 
     return {
         'page_title': "",
@@ -87,6 +89,26 @@ webmaster@meditation-sunyata.paris
         'comments': comments,
         }
 
+def captcha_verify(response, remote_addr):
+    VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'  
+    data = {
+        'secret': '6LeDvVUgAAAAAGASZXCmcmhh-KtBWTZjXpLpKdNt',
+        'response': response,
+        'remoteip': remote_addr,
+    }
+
+    encoded = parse.urlencode(data).encode()
+
+    req = request.Request(VERIFY_URL, data=encoded)
+
+    with request.urlopen(req) as resp:
+        json_resp = json.loads(resp.read().decode('utf-8'))
+
+        if json_resp['success']:
+            return (True, None)
+        else:
+            return (False, json_resp['error-codes'])
+
 
 @view_config(route_name='settings', renderer='cao_blogr:templates/settings.jinja2', permission='view')
 def settings(request):

setup.py

@@ -22,12 +22,14 @@ requires = [
     'transaction',
     'zope.sqlalchemy',
     'wtforms==2.2.1',  # form library
+    'wtforms-recaptcha',
     'webhelpers2==2.0',  # various web building related helpers
     'passlib',
     'python-magic',
     'Pillow == 6.1.0',
 	'unidecode',
 	'markdown2',
+    'urllib',
 ]
 
 tests_require = [