Esempio n. 1
0
def validate_user_form(hashid):
    """
    Gets a form from a hashid, created on the dashboard.
    Checks to make sure the submission can be accepted by this form.
    """

    form = Form.get_with(hashid=hashid)

    if not form:
        raise SubmitFormError(errors.bad_hashid_error(hashid))

    if form.disabled:
        raise SubmitFormError(errors.disabled_error())

    return form
Esempio n. 2
0
def get_host_and_referrer(received_data):
    """
    Looks for stored hostname in redis (from captcha).
    If it doesn't exist, uses the referer header.
    """

    try:
        return get_temp_hostname(received_data["_host_nonce"])
    except KeyError:
        return referrer_to_path(request.referrer), request.referrer
    except ValueError as err:
        g.log.error("Invalid hostname stored on Redis.", err=err)
        raise SubmitFormError(
            (
                render_template(
                    "error.html",
                    title="Unable to submit form",
                    text="<p>We had a problem identifying to whom we should have submitted this form. "
                    "Please try submitting again. If it fails once more, please let us know at {email}</p>".format(
                        email=settings.CONTACT_EMAIL
                    ),
                ),
                500,
            )
        )
Esempio n. 3
0
def get_or_create_form(email, host):
    """
    Gets the form if it already exits, otherwise checks to ensure
    that this is a valid new form submission. If so, creates a
    new form.
    """

    form = Form.get_with(email=email, host=host)

    if not form:
        if request_wants_json():
            # Can't create a new ajax form unless from the dashboard
            ajax_error_str = (
                "To prevent spam, only "
                + settings.UPGRADED_PLAN_NAME
                + " accounts may create AJAX forms."
            )
            raise SubmitFormError((jsonify({"error": ajax_error_str}), 400))

        if (
            url_domain(settings.SERVICE_URL) in host
            and host.rstrip("/") != settings.TEST_URL
        ):
            # Bad user is trying to submit a form spoofing formspree.io
            g.log.info(
                "User attempting to create new form spoofing SERVICE_URL. Ignoring."
            )
            raise SubmitFormError(
                (
                    render_template(
                        "error.html", title="Unable to submit form", text="Sorry."
                    ),
                    400,
                )
            )

        # all good, create form
        form = Form(email, host=host, confirmed=False, normalize=True)

    if form.disabled:
        raise SubmitFormError(errors.disabled_error())

    return form
Esempio n. 4
0
def get_or_create_form(email, host):
    '''
    Gets the form if it already exits, otherwise checks to ensure
    that this is a valid new form submission. If so, creates a
    new form.
    '''

    form = Form.query.filter_by(hash=HASH(email, host)).first()

    if not form:

        if request_wants_json():
            # Can't create a new ajax form unless from the dashboard
            ajax_error_str = "To prevent spam, only " + \
                                settings.UPGRADED_PLAN_NAME + \
                                " accounts may create AJAX forms."
            raise SubmitFormError(jsonerror(400, {'error': ajax_error_str}))

        if url_domain(settings.SERVICE_URL) in host:
            # Bad user is trying to submit a form spoofing formspree.io
            g.log.info(
                'User attempting to create new form spoofing SERVICE_URL. Ignoring.'
            )
            raise SubmitFormError(
                (render_template('error.html',
                                 title='Unable to submit form',
                                 text='Sorry'), 400))

        # all good, create form
        form = Form(email, host)

    # Check if it has been assigned using AJAX or not
    assign_ajax(form, request_wants_json())

    if form.disabled:
        raise SubmitFormError(errors.disabled_error())

    return form
Esempio n. 5
0
def validate_user_form(hashid, host):
    '''
    Gets a form from a hashid, created on the dashboard. 
    Checks to make sure the submission can be accepted by this form.
    '''

    form = Form.get_with_hashid(hashid)

    if not form:
        raise SubmitFormError(errors.bad_hashid_error(hashid))

    # Check if it has been assigned about using AJAX or not
    assign_ajax(form, request_wants_json())

    if form.disabled:
        raise SubmitFormError(errors.disabled_error())

    if not form.host:
        # add the host to the form
        # ALERT: As a side effect, sets the form's host if not already set
        form.host = host
        DB.session.add(form)
        DB.session.commit()

    # it is an error when
    #   form is not sitewide, and submission came from a different host
    #   form is sitewide, but submission came from a host rooted somewhere else, or
    elif (not form.sitewide and
          # ending slashes can be safely ignored here:
          form.host.rstrip('/') != host.rstrip('/')) \
         or (form.sitewide and \
             # removing www from both sides makes this a neutral operation:

             not remove_www(host).startswith(remove_www(form.host))):
        raise SubmitFormError(errors.mismatched_host_error(host, form))

    return form