wait #6901 @1:00 modif honeypot

diff --git a/.env.production b/.env.production
index 6591187f9da23a32b567cac657c93166cb93f440..8380ce0eee1e72d68334ef68e3b320305ce39d60 100644 (file)
--- a/.env.production
+++ b/.env.production
@@ -54,3 +54,4 @@ MAIL_BCC_ALL=test+bastide-resah@cubedesigners.com
 BACKPACK_LOCALES=fr
 TIMEZONE=Europe/Paris
 POWERED_BY_LINK=https://www.cubedesigners.com/
+HONEYPOT_NAME=honeypot_for_bots

diff --git a/app/Http/Controllers/FluidbookController.php b/app/Http/Controllers/FluidbookController.php
index 3474294e5f87cd706f040e6b3ded4fe14c9a8f20..dfdceaeaf6363559f23f4cfd60cda43b056ac768 100644 (file)
--- a/app/Http/Controllers/FluidbookController.php
+++ b/app/Http/Controllers/FluidbookController.php
@@ -40,10 +40,10 @@ class FluidbookController extends Controller
         if ($validator->fails()) {
             return response()->json(['errors' => $validator->errors()])->setStatusCode(422);
         } else {
-            $ignore = ['email_confirmation', 'password_confirmation', 'accept', '_token'];
+            $ignore = ['email_confirmation', 'password_confirmation', 'accept', '_token', 'valid_from'];
             $client = new Client();
             foreach ($validator->valid() as $k => $v) {
-                if (in_array($k, $ignore)) {
+                if (in_array($k, $ignore) || strstr($k,'honeypot_for_bots_')) {
                     continue;
                 }
                 if ($k === 'password') {

diff --git a/app/Http/Controllers/LandingController.php b/app/Http/Controllers/LandingController.php
index 74c2edb8bc1cc36f66c7291480fc599911c54e92..fc8e27c695b1e35e0fb2d21d45e9b2c91de69d81 100644 (file)
--- a/app/Http/Controllers/LandingController.php
+++ b/app/Http/Controllers/LandingController.php
@@ -4,8 +4,9 @@ namespace App\Http\Controllers;
 
 use Cubist\Backpack\Http\Controllers\Base\XSendFileController;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Blade;
 
-class LandingController extends Controller
+class LandingController extends FluidbookController
 {
     use ForgotPassword;
 
@@ -23,6 +24,7 @@ class LandingController extends Controller
         if (str_ends_with($path, '.html')) {
             $html = file_get_contents($relayPath);
             $html = str_replace('</head>', '<meta name="csrf-token" content="' . csrf_token() . '"/>' . self::matomoTag() . '</head>', $html);
+            $html = str_replace('<form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin">', '<form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin"><input type="hidden" name="_token" value="'.csrf_token().'">'.self::honeypot(), $html);
             $user = Auth::guard('client')->user();
             if ($user) {
                 $html = str_replace('Prénom Nom', $user->firstname . ' ' . $user->name, $html);
@@ -33,6 +35,10 @@ class LandingController extends Controller
         return XSendFileController::sendfile($relayPath);
     }
 
+    public static function honeypot() {
+        return Blade::render('<x-honeypot />');
+    }
+
     public static function matomoTag()
     {
         $guard = Auth::guard('client');

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 494c0501b13f3b7a5e700beaf46adcc6eb0a7d74..b2f53b6c50c9ea6305f36362a94b745737c42d24 100644 (file)
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -21,6 +21,7 @@ class Kernel extends HttpKernel
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        \Spatie\Honeypot\ProtectAgainstSpam::class,
     ];
 
     /**

diff --git a/resources/webflow/index.html b/resources/webflow/index.html
index f23e01909a4acb39ad3c5d0d1510a5e92f899c22..a26aec15ad7299107606b6e4a5729a62daee0545 100644 (file)
--- a/resources/webflow/index.html
+++ b/resources/webflow/index.html
@@ -68,7 +68,6 @@
     </div>
     <div id="register_form_container" style="display:none;">
           <form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin">
-              <x-honeypot />
               <div class="form-group">
                   <div class="form-header">
                       établissement hospitalier

diff --git a/resources/webflow/js/custom.js b/resources/webflow/js/custom.js
index 8da484e49af397ee1bf6b3710716609d12bcfef4..6bf185a8abf598b44658c24f758269c5dcbc3aca 100644 (file)
--- a/resources/webflow/js/custom.js
+++ b/resources/webflow/js/custom.js
@@ -186,7 +186,7 @@ Cart.prototype = {
     register: function(d) {
         var $this = this
         $.ajax({
-            url: '/fluidbook/signin',
+            url: '/landing/signin',
             type: 'POST',
             data: d,
             success: function(data) {

diff --git a/routes/web.php b/routes/web.php
index 9a0611922a8a9e4acd5ed226f399ee6a1790c7e7..748640a0483ff6a4fcd0c6e7c4d53292d107d956 100644 (file)
--- a/routes/web.php
+++ b/routes/web.php
@@ -14,7 +14,7 @@ Route::match(['post','get'], '/fluidbook/forgotpassword', \App\Http\Controllers\
 Route::match(['get'], '/fluidbook/auth', \App\Http\Controllers\FluidbookController::class . '@auth');
 Route::match(['post'], '/fluidbook/order', \App\Http\Controllers\FluidbookController::class . '@order')->withoutMiddleware([VerifyCsrfToken::class]);
 
-Route::match(['post'], '/landing/signin', \App\Http\Controllers\LandingController::class . '@signin')->middleware(ProtectAgainstSpam::class);
+Route::match(['post'], '/landing/signin', \App\Http\Controllers\LandingController::class . '@signin')->middleware(ProtectAgainstSpam::class);;
 Route::match(['post'], '/landing/login', \App\Http\Controllers\LandingController::class . '@login');
 Route::match(['post','get'], '/landing/forgotpassword', \App\Http\Controllers\LandingController::class . '@forgotPassword');
 Route::match(['get'], '/landing/logout', \App\Http\Controllers\LandingController::class . '@logout');