From: soufiane <soufiane@cubedesigners.com>
Date: Fri, 10 May 2024 13:29:11 +0000 (+0200)
Subject: wait #6901 @1:00 modif honeypot
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=18e67fb421ca912cbbba089a22ee875c81f5bcaa;p=bastide-resah.git

wait #6901 @1:00 modif honeypot
---

diff --git a/.env.production b/.env.production
index 6591187..8380ce0 100644
--- a/.env.production
+++ b/.env.production
@@ -54,3 +54,4 @@ MAIL_BCC_ALL=test+bastide-resah@cubedesigners.com
 BACKPACK_LOCALES=fr
 TIMEZONE=Europe/Paris
 POWERED_BY_LINK=https://www.cubedesigners.com/
+HONEYPOT_NAME=honeypot_for_bots
diff --git a/app/Http/Controllers/FluidbookController.php b/app/Http/Controllers/FluidbookController.php
index 3474294..dfdceae 100644
--- a/app/Http/Controllers/FluidbookController.php
+++ b/app/Http/Controllers/FluidbookController.php
@@ -40,10 +40,10 @@ class FluidbookController extends Controller
         if ($validator->fails()) {
             return response()->json(['errors' => $validator->errors()])->setStatusCode(422);
         } else {
-            $ignore = ['email_confirmation', 'password_confirmation', 'accept', '_token'];
+            $ignore = ['email_confirmation', 'password_confirmation', 'accept', '_token', 'valid_from'];
             $client = new Client();
             foreach ($validator->valid() as $k => $v) {
-                if (in_array($k, $ignore)) {
+                if (in_array($k, $ignore) || strstr($k,'honeypot_for_bots_')) {
                     continue;
                 }
                 if ($k === 'password') {
diff --git a/app/Http/Controllers/LandingController.php b/app/Http/Controllers/LandingController.php
index 74c2edb..fc8e27c 100644
--- a/app/Http/Controllers/LandingController.php
+++ b/app/Http/Controllers/LandingController.php
@@ -4,8 +4,9 @@ namespace App\Http\Controllers;
 
 use Cubist\Backpack\Http\Controllers\Base\XSendFileController;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Blade;
 
-class LandingController extends Controller
+class LandingController extends FluidbookController
 {
     use ForgotPassword;
 
@@ -23,6 +24,7 @@ class LandingController extends Controller
         if (str_ends_with($path, '.html')) {
             $html = file_get_contents($relayPath);
             $html = str_replace('</head>', '<meta name="csrf-token" content="' . csrf_token() . '"/>' . self::matomoTag() . '</head>', $html);
+            $html = str_replace('<form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin">', '<form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin"><input type="hidden" name="_token" value="'.csrf_token().'">'.self::honeypot(), $html);
             $user = Auth::guard('client')->user();
             if ($user) {
                 $html = str_replace('Prénom Nom', $user->firstname . ' ' . $user->name, $html);
@@ -33,6 +35,10 @@ class LandingController extends Controller
         return XSendFileController::sendfile($relayPath);
     }
 
+    public static function honeypot() {
+        return Blade::render('<x-honeypot />');
+    }
+
     public static function matomoTag()
     {
         $guard = Auth::guard('client');
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 494c050..b2f53b6 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -21,6 +21,7 @@ class Kernel extends HttpKernel
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        \Spatie\Honeypot\ProtectAgainstSpam::class,
     ];
 
     /**
diff --git a/resources/webflow/index.html b/resources/webflow/index.html
index f23e019..a26aec1 100644
--- a/resources/webflow/index.html
+++ b/resources/webflow/index.html
@@ -68,7 +68,6 @@
     </div>
     <div id="register_form_container" style="display:none;">
           <form id="Bastide_register_form" class="" data-content="register" action="/fluidbook/signin">
-              <x-honeypot />
               <div class="form-group">
                   <div class="form-header">
                       établissement hospitalier
diff --git a/resources/webflow/js/custom.js b/resources/webflow/js/custom.js
index 8da484e..6bf185a 100644
--- a/resources/webflow/js/custom.js
+++ b/resources/webflow/js/custom.js
@@ -186,7 +186,7 @@ Cart.prototype = {
     register: function(d) {
         var $this = this
         $.ajax({
-            url: '/fluidbook/signin',
+            url: '/landing/signin',
             type: 'POST',
             data: d,
             success: function(data) {
diff --git a/routes/web.php b/routes/web.php
index 9a06119..748640a 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -14,7 +14,7 @@ Route::match(['post','get'], '/fluidbook/forgotpassword', \App\Http\Controllers\
 Route::match(['get'], '/fluidbook/auth', \App\Http\Controllers\FluidbookController::class . '@auth');
 Route::match(['post'], '/fluidbook/order', \App\Http\Controllers\FluidbookController::class . '@order')->withoutMiddleware([VerifyCsrfToken::class]);
 
-Route::match(['post'], '/landing/signin', \App\Http\Controllers\LandingController::class . '@signin')->middleware(ProtectAgainstSpam::class);
+Route::match(['post'], '/landing/signin', \App\Http\Controllers\LandingController::class . '@signin')->middleware(ProtectAgainstSpam::class);;
 Route::match(['post'], '/landing/login', \App\Http\Controllers\LandingController::class . '@login');
 Route::match(['post','get'], '/landing/forgotpassword', \App\Http\Controllers\LandingController::class . '@forgotPassword');
 Route::match(['get'], '/landing/logout', \App\Http\Controllers\LandingController::class . '@logout');