Add basic antispam measure to contact form (#263)

mbta · Nov 6, 2019 · e4df013 · e4df013
1 parent a23b501
commit e4df013
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/apps/site/lib/site_web/controllers/customer_support_controller.ex b/apps/site/lib/site_web/controllers/customer_support_controller.ex
@@ -92,12 +92,13 @@ defmodule SiteWeb.CustomerSupportController do
         [
           &validate_comments/1,
           &validate_service/1,
+          &validate_antispam/1,
           &validate_name/1,
           &validate_email/1,
           &validate_privacy/1
         ]
       else
-        [&validate_comments/1, &validate_service/1]
+        [&validate_comments/1, &validate_service/1, &validate_antispam/1]
       end
 
     Site.Validation.validate(validators, params)
@@ -136,6 +137,10 @@ defmodule SiteWeb.CustomerSupportController do
   defp validate_privacy(%{"privacy" => "on"}), do: :ok
   defp validate_privacy(_), do: "privacy"
 
+  @spec validate_antispam(map) :: :ok | String.t()
+  defp validate_antispam(%{"leave_this_alone" => value}) when byte_size(value) > 0, do: "antispam"
+  defp validate_antispam(_), do: :ok
+
   def send_ticket(params) do
     Feedback.Repo.send_ticket(%Feedback.Message{
       photos: params["photos"],

diff --git a/apps/site/lib/site_web/templates/customer_support/_form.html.eex b/apps/site/lib/site_web/templates/customer_support/_form.html.eex
@@ -30,7 +30,7 @@
           <% comments_placeholder = "If applicable, please make sure to include the time and date of the incident, the route, and the vehicle number." %>
           <%= textarea f, :comments, id: "comments", class: "support-form-text-input form-control", maxlength: "3000",
                                      rows: "3", placeholder: comments_placeholder, required: "required", value: assigns[:comments] %>
-  
+
           <span></span>
           <small class="form-text">3000 characters maximum</small>
         </div>
@@ -101,6 +101,10 @@
             %>
           </div>
         </div>
+        <div style="display: none" class="form-group contrast">
+          <label for="leave-this-alone">As a security measure, please leave this field blank.</label>
+          <%= text_input f, :leave_this_alone, id: "leave-this-alone", tabindex: -1, autocomplete: "off" %>
+        </div>
         <div class="response-time-disclaimer">
           Responses may take up to 5 business days. If this is an emergency, please <%= link("contact the Transit Police", to: "/transit-police") %>.
         </div>

diff --git a/apps/site/test/site_web/controllers/customer_support_controller_test.exs b/apps/site/test/site_web/controllers/customer_support_controller_test.exs
@@ -209,6 +209,14 @@ defmodule SiteWeb.CustomerSupportControllerTest do
              ]
     end
 
+    test "prevents submissions when the anti-spam field is filled", %{conn: conn} do
+      params = valid_request_response_data() |> Map.put("leave_this_alone", "spam!")
+
+      conn = post(conn, customer_support_path(conn, :submit), %{"support" => params})
+
+      assert "antispam" in conn.assigns.errors
+    end
+
     test "logs a warning, returns 429, and shows an error when rate limit reached", %{conn: conn} do
       path = customer_support_path(conn, :submit)