def validate_user_form(hashid):
"""
Gets a form from a hashid, created on the dashboard.
Checks to make sure the submission can be accepted by this form.
"""
form = Form.get_with(hashid=hashid)
if not form:
raise SubmitFormError(errors.bad_hashid_error(hashid))
if form.disabled:
raise SubmitFormError(errors.disabled_error())
return form
def get_host_and_referrer(received_data):
"""
Looks for stored hostname in redis (from captcha).
If it doesn't exist, uses the referer header.
"""
try:
return get_temp_hostname(received_data["_host_nonce"])
except KeyError:
return referrer_to_path(request.referrer), request.referrer
except ValueError as err:
g.log.error("Invalid hostname stored on Redis.", err=err)
raise SubmitFormError(
(
render_template(
"error.html",
title="Unable to submit form",
text="<p>We had a problem identifying to whom we should have submitted this form. "
"Please try submitting again. If it fails once more, please let us know at {email}</p>".format(
email=settings.CONTACT_EMAIL
),
),
500,
)
)
def get_or_create_form(email, host):
"""
Gets the form if it already exits, otherwise checks to ensure
that this is a valid new form submission. If so, creates a
new form.
"""
form = Form.get_with(email=email, host=host)
if not form:
if request_wants_json():
# Can't create a new ajax form unless from the dashboard
ajax_error_str = (
"To prevent spam, only "
+ settings.UPGRADED_PLAN_NAME
+ " accounts may create AJAX forms."
)
raise SubmitFormError((jsonify({"error": ajax_error_str}), 400))
if (
url_domain(settings.SERVICE_URL) in host
and host.rstrip("/") != settings.TEST_URL
):
# Bad user is trying to submit a form spoofing formspree.io
g.log.info(
"User attempting to create new form spoofing SERVICE_URL. Ignoring."
)
raise SubmitFormError(
(
render_template(
"error.html", title="Unable to submit form", text="Sorry."
),
400,
)
)
# all good, create form
form = Form(email, host=host, confirmed=False, normalize=True)
if form.disabled:
raise SubmitFormError(errors.disabled_error())
return form
def get_or_create_form(email, host):
'''
Gets the form if it already exits, otherwise checks to ensure
that this is a valid new form submission. If so, creates a
new form.
'''
form = Form.query.filter_by(hash=HASH(email, host)).first()
if not form:
if request_wants_json():
# Can't create a new ajax form unless from the dashboard
ajax_error_str = "To prevent spam, only " + \
settings.UPGRADED_PLAN_NAME + \
" accounts may create AJAX forms."
raise SubmitFormError(jsonerror(400, {'error': ajax_error_str}))
if url_domain(settings.SERVICE_URL) in host:
# Bad user is trying to submit a form spoofing formspree.io
g.log.info(
'User attempting to create new form spoofing SERVICE_URL. Ignoring.'
)
raise SubmitFormError(
(render_template('error.html',
title='Unable to submit form',
text='Sorry'), 400))
# all good, create form
form = Form(email, host)
# Check if it has been assigned using AJAX or not
assign_ajax(form, request_wants_json())
if form.disabled:
raise SubmitFormError(errors.disabled_error())
return form
def validate_user_form(hashid, host):
'''
Gets a form from a hashid, created on the dashboard.
Checks to make sure the submission can be accepted by this form.
'''
form = Form.get_with_hashid(hashid)
if not form:
raise SubmitFormError(errors.bad_hashid_error(hashid))
# Check if it has been assigned about using AJAX or not
assign_ajax(form, request_wants_json())
if form.disabled:
raise SubmitFormError(errors.disabled_error())
if not form.host:
# add the host to the form
# ALERT: As a side effect, sets the form's host if not already set
form.host = host
DB.session.add(form)
DB.session.commit()
# it is an error when
# form is not sitewide, and submission came from a different host
# form is sitewide, but submission came from a host rooted somewhere else, or
elif (not form.sitewide and
# ending slashes can be safely ignored here:
form.host.rstrip('/') != host.rstrip('/')) \
or (form.sitewide and \
# removing www from both sides makes this a neutral operation:
not remove_www(host).startswith(remove_www(form.host))):
raise SubmitFormError(errors.mismatched_host_error(host, form))
return form