From de0814d5a016cabcefe838b1be246cf48d649669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Mon, 7 Dec 2015 09:23:49 +0100 Subject: [PATCH] misc: don't display wrong answer on initial display of captcha (#9222) When tracking codes are enabled request.form is filled with magictoken and thus the captcha form is considered to be submitted, and obviously wrong. --- tests/test_form_pages.py | 27 +++++++++++++++++++++++++++ wcs/qommon/form.py | 4 ++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/tests/test_form_pages.py b/tests/test_form_pages.py index fc3353d..bf01718 100644 --- a/tests/test_form_pages.py +++ b/tests/test_form_pages.py @@ -1199,6 +1199,33 @@ def test_form_captcha(pub): resp = resp.click('test') assert 'Some field' in resp.body +def test_form_captcha_and_tracking_code(pub): + user = create_user(pub) + formdef = create_formdef() + formdef.data_class().wipe() + formdef.fields = [fields.StringField(id='0', label='Some field')] + formdef.has_captcha = True + formdef.enable_tracking_codes = True + formdef.store() + + # check the captcha is not given as being an error + app = get_app(pub) + resp = app.get('/') + resp = resp.click('test') + assert 'form_captcha' in resp.body + assert not 'wrong answer' in resp.body + + resp.form['captcha$q'] = 'az' # wrong answer + resp = resp.form.submit() + assert 'form_captcha' in resp.body + assert 'wrong answer' in resp.body + + session_id = app.cookies.values()[0].strip('"') + session = BasicSession.get(session_id) + resp.form['captcha$q'] = session.get_captcha_token(resp.forms[0]['captcha$token'].value)['answer'] + resp = resp.form.submit() + assert 'f0' in resp.form.fields + def test_form_file_field_submit(pub): formdef = create_formdef() formdef.fields = [fields.FileField(id='0', label='file')] diff --git a/wcs/qommon/form.py b/wcs/qommon/form.py index 580af99..1b5cda5 100644 --- a/wcs/qommon/form.py +++ b/wcs/qommon/form.py @@ -1134,7 +1134,7 @@ class CaptchaWidget(CompositeWidget): self.hint = kwargs.get('hint') if self.hint is None: self.hint = _('Please answer this simple mathematical question as proof you are not a bot.') - self.add(StringWidget, 'q', required=True) + self.add(StringWidget, 'q', required=True, attrs={'required': 'required'}) token['answer'] = str(answer) def _parse(self, request): @@ -1144,7 +1144,7 @@ class CaptchaWidget(CompositeWidget): if v['answer'] and token and token['answer'] == v['answer'].strip(): get_session().won_captcha = True self.value = v - else: + elif v['answer']: self.error = _('wrong answer') def get_title(self): -- 2.6.2