From 74941473b85bb45893e590f9c2f6163bfedf9aa6 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 3 Nov 2021 19:18:51 +0100
Subject: [PATCH 4/4] forms: abort autosave after 200 ms (#58276)

---
 tests/form_pages/test_all.py | 24 ++++++++++++++++++++++++
 wcs/forms/root.py            |  5 +++++
 2 files changed, 29 insertions(+)

diff --git a/tests/form_pages/test_all.py b/tests/form_pages/test_all.py
index 6445aa9bd..bc5729296 100644
--- a/tests/form_pages/test_all.py
+++ b/tests/form_pages/test_all.py
@@ -4436,6 +4436,30 @@ def test_form_autosave(pub):
     assert formdef.data_class().select()[0].data['1'] == 'foobar3'
 
 
+def test_form_autosave_timeout(pub, monkeypatch):
+    from wcs.forms.root import FormPage
+
+    monkeypatch.setattr(FormPage, 'AUTOSAVE_TIMEOUT', 0.0001)
+
+    formdef = create_formdef()
+    formdef.fields = [
+        fields.PageField(id='0', label='1st page', type='page'),
+        fields.StringField(id='1', label='string'),
+        fields.PageField(id='2', label='2nd page', type='page'),
+        fields.StringField(id='3', label='string 2'),
+    ]
+    formdef.enable_tracking_codes = True
+    formdef.store()
+
+    formdef.data_class().wipe()
+    app = get_app(pub)
+    resp = app.get('/test/')
+    resp.form['f1'] = 'foobar'
+
+    resp = app.post('/test/autosave', params=resp.form.submit_fields())
+    assert resp.json == {'reason': 'too long', 'result': 'error'}
+
+
 def test_form_autosave_with_items_field(pub):
     formdef = create_formdef()
     formdef.data_class().wipe()
diff --git a/wcs/forms/root.py b/wcs/forms/root.py
index 1be711418..be6c71a2f 100644
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@@ -1352,6 +1352,8 @@ class FormPage(Directory, FormTemplateMixin):
             formdata.user = get_request().user
         formdata.store()
 
+    AUTOSAVE_TIMEOUT = 0.2
+
     def autosave(self):
         get_response().set_content_type('application/json')
 
@@ -1409,6 +1411,9 @@ class FormPage(Directory, FormTemplateMixin):
         if not session.has_form_token(get_request().form.get('_ajax_form_token')):
             return result_error('obsolete ajax form token (late check)')
 
+        if time.time() - get_request().t0 > self.AUTOSAVE_TIMEOUT:
+            return result_error('too long')
+
         try:
             self.save_draft(form_data, page_no)
         except SubmittedDraftException:
-- 
2.34.1