/**
* Add some JS code that add a hidden field
* If the hidden field is not present in the POST, SpamFilterComponent considers the request as spam.
*/
public function antispam($form_dom_id)
{
$salt = isset($this->_View->viewVars['_alaxos_spam_filter_salt']) ? $this->_View->viewVars['_alaxos_spam_filter_salt'] : null;
$token = SecurityTool::get_today_token($salt);
/*
* Unlock hidden field added by JS to prevent blackholing of form
*/
$fieldname = SecurityTool::get_today_fieldname($salt);
$this->unlockField($fieldname);
return $this->AlaxosHtml->script(Router::url(['prefix' => false, 'plugin' => 'Alaxos', 'controller' => 'Javascripts', 'action' => 'antispam', '_ext' => 'js', '?' => ['fid' => $form_dom_id, 'token' => $token]], true), ['block' => true]);
}
public function get_yesterday_token()
{
$salt = $this->get_session_salt();
return SecurityTool::get_yesterday_token($salt);
}
/**
* Test startup method
*
* @return void
*/
public function testStartup()
{
/*
* Startup without using additional random Session salt
*/
$this->component->config('use_session_salt', false);
$this->component->startup(new Event('Test'));
$this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars);
$this->assertEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']);
$session_salt = $this->component->get_session_salt();
$this->assertEmpty($session_salt);
$today_fieldname_1 = SecurityTool::get_today_fieldname($session_salt);
$yesterday_fieldname_1 = SecurityTool::get_yesterday_fieldname($session_salt);
$this->assertTrue(in_array($today_fieldname_1, $this->controller->components()->Security->config('unlockedFields')));
$this->assertTrue(in_array($yesterday_fieldname_1, $this->controller->components()->Security->config('unlockedFields')));
/*
* Startup using additional random Session salt
*/
$this->component->config('use_session_salt', true);
$this->component->startup(new Event('Test'));
$this->assertArrayHasKey('_alaxos_spam_filter_salt', $this->component->controller->viewVars);
$this->assertNotEmpty($this->component->controller->viewVars['_alaxos_spam_filter_salt']);
$session_salt = $this->component->get_session_salt();
$this->assertNotEmpty($session_salt);
$today_fieldname_2 = SecurityTool::get_today_fieldname($session_salt);
$yesterday_fieldname_2 = SecurityTool::get_yesterday_fieldname($session_salt);
$this->assertTrue(in_array($today_fieldname_2, $this->controller->components()->Security->config('unlockedFields')));
$this->assertTrue(in_array($yesterday_fieldname_2, $this->controller->components()->Security->config('unlockedFields')));
}
