Add honeypot spam protection to contact form

Intercepts the request and redirects to the homepage if the comment
field is filled in on the contact form.

4 files changed, 32 insertions, 1 deletions

diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index 9959df6d8..9033198a0 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -9,6 +9,7 @@ class HelpController < ApplicationController
     # we don't even have a control subroutine for most help pages, just see their templates
 
     before_filter :long_cache
+    before_filter :catch_spam, :only => [:contact]
 
     def unhappy
         @info_request = nil
@@ -69,4 +70,12 @@ class HelpController < ApplicationController
 
     end
 
+    private
+
+    def catch_spam
+        if request.post? && !params[:contact][:comment].empty?
+            redirect_to frontpage_url
+        end
+    end
+
 end
diff --git a/app/models/contact_validator.rb b/app/models/contact_validator.rb
index 65e539669..e9a6e491c 100644
--- a/app/models/contact_validator.rb
+++ b/app/models/contact_validator.rb
@@ -7,7 +7,7 @@
 class ContactValidator
     include ActiveModel::Validations
 
-    attr_accessor :name, :email, :subject, :message
+    attr_accessor :name, :email, :subject, :message, :comment
 
     validates_presence_of :name, :message => N_("Please enter your name")
     validates_presence_of :email, :message => N_("Please enter your email address")
diff --git a/app/views/help/contact.html.erb b/app/views/help/contact.html.erb
index ad89db9ec..e8a5fec8c 100644
--- a/app/views/help/contact.html.erb
+++ b/app/views/help/contact.html.erb
@@ -65,6 +65,11 @@
         <%= f.text_area :message, :rows => 10, :cols => 60 %>
     </p>
 
+    <p style="display:none;">
+        <%= f.label :comment, 'Do not fill in this field' %>
+        <%= f.text_field :comment %>
+    </p>
+
     <% if !@last_request.nil? %>
         <p>
             <label class="form_label" for="contact_message">Include link to request:</label>
diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb
index 8ac10e244..f92323f50 100644
--- a/spec/controllers/help_controller_spec.rb
+++ b/spec/controllers/help_controller_spec.rb
@@ -58,6 +58,23 @@ describe HelpController do
             deliveries.clear
         end
 
+        it 'has rudimentary spam protection' do
+            post :contact, { :contact => {
+                    :name => 'Vinny Vanilli',
+                    :email => 'vinny@localhost',
+                    :subject => 'Why do I have such an ace name?',
+                    :comment => 'I AM A SPAMBOT',
+                    :message => "You really should know!!!\n\nVinny",
+                }, :submitted_contact_form => 1
+            }
+
+            response.should redirect_to(frontpage_path)
+
+            deliveries = ActionMailer::Base.deliveries
+            deliveries.size.should == 0
+            deliveries.clear
+        end
+
     end
 
 end