Merge pull request #1063 from dvdnwoke/honeypot

Honeypot Filter

Author: lonnieezell

application/Config/Filters.php

@@ -9,15 +9,18 @@ class Filters extends BaseConfig
 	public $aliases = [
 		'csrf' 	  => \App\Filters\CSRF::class,
 		'toolbar' => \App\Filters\DebugToolbar::class,
+		'honeypot' => \App\Filters\Honeypot::class
 	];
 
 	// Always applied before every request
 	public $globals = [
 		'before' => [
-			// 'csrf'
+			//'honeypot'
+			// 'csrf',
 		],
 		'after'  => [
-			'toolbar'
+			'toolbar',
+			//'honeypot'
 		]
 	];
 

application/Config/Honeypot.php

@@ -0,0 +1,31 @@
+<?php namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class Honeypot extends BaseConfig
+{
+
+	/**
+	 * Makes Honeypot visible or not to human
+	 * 
+	 * @var boolean
+	 */
+	public $hidden = true;
+    /**
+	 * Honeypot Label Content
+	 * @var String
+	 */
+    public $label = 'Fill This Field';
+
+    /**
+	 * Honeypot Field Name 
+	 * @var String
+	 */
+    public $name = 'honeypot';
+
+    /**
+	 * Honeypot HTML Template 
+	 * @var String
+	 */
+    public $template = '<label>{label}</label><input type="text" name="{name}" value=""/>';
+}

application/Config/Services.php

@@ -1,6 +1,7 @@
 <?php namespace Config;
 
 use CodeIgniter\Config\Services as CoreServices;
+use CodeIgniter\Config\BaseConfig;
 
 require_once BASEPATH.'Config/Services.php';
 
@@ -30,5 +31,20 @@ class Services extends CoreServices
 //        return new \CodeIgniter\Example();
 //    }
 
+    public static function honeypot(BaseConfig $config = null, $getShared = true)
+    {
+        if ($getShared)
+        {
+            return self::getSharedInstance('honeypot', $config);
+        }
+
+        if (is_null($config)) 
+        {
+            $config = new \Config\Honeypot();
+        }
+
+        return new \CodeIgniter\Honeypot\Honeypot($config);
+    }
+
 
 }

application/Filters/Honeypot.php

@@ -0,0 +1,51 @@
+<?php namespace App\Filters;
+
+use CodeIgniter\Filters\FilterInterface;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Services;
+use CodeIgniter\Honeypot\Exceptions\HoneypotException;
+
+class Honeypot implements FilterInterface 
+{
+
+    /**
+	 * Checks if Honeypot field is empty, if so
+     * then the requester is a bot,show a blank
+     * page
+	 *
+	 * @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
+	 *
+	 * @return mixed
+	 */
+
+    public function before (RequestInterface $request) 
+    {
+
+        // Checks honeypot field if value was entered then show blank if so.
+    
+        $honeypot = Services::honeypot(new \Config\Honeypot());
+        if($honeypot->hasContent($request))
+        {
+            throw HoneypotException::isBot();
+        }
+        
+    }
+
+    /**
+	 * Checks if Honeypot field is empty, if so
+     * then the requester is a bot,show a blank
+     * page
+	 *
+	 * @param RequestInterface|\CodeIgniter\HTTP\IncomingRequest $request
+	 * @param ResponseInterface|\CodeIgniter\HTTP\Response $response
+	 * @return mixed
+	 */
+
+    public function after (RequestInterface $request, ResponseInterface $response) 
+    {
+        
+        $honeypot = Services::honeypot(new \Config\Honeypot());
+        $honeypot->attachHoneypot($response);
+    }
+}

env

@@ -76,3 +76,12 @@
 # contentsecuritypolicy.reportURI = null
 # contentsecuritypolicy.sandbox = false
 # contentsecuritypolicy.upgradeInsecureRequests = false
+
+#--------------------------------------------------------------------
+# HONEYPOT
+#--------------------------------------------------------------------
+
+#  honeypot.hidden = 'true'
+#  honeypot.label = 'Fill This Field'
+#  honeypot.name = 'honeypot'
+#  honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'

system/Honeypot/Exceptions/HoneypotException.php

@@ -0,0 +1,28 @@
+<?php namespace CodeIgniter\Honeypot\Exceptions;
+
+use CodeIgniter\Exceptions\ConfigException;
+use CodeIgniter\Exceptions\ExceptionInterface;
+
+class HoneypotException extends ConfigException implements ExceptionInterface
+{
+	public static function forNoTemplate()
+	{
+		return new static(lang('Honeypot.noTemplate'));
+	}
+
+	public static function forNoNameField()
+	{
+		return new static(lang('Honeypot.noNameField'));
+    }
+    
+    public static function forNoHiddenValue()
+	{
+		return new static(lang('Honeypot.noHiddenValue'));
+	}
+
+	public static function isBot()
+	{
+		return new static(lang('Honeypot.theClientIsABot'));
+	}
+
+}

system/Honeypot/Honeypot.php

@@ -0,0 +1,143 @@
+<?php namespace CodeIgniter\Honeypot;
+
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2014-2018 British Columbia Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package	CodeIgniter
+ * @author	CodeIgniter Dev Team
+ * @copyright	2014-2018 British Columbia Institute of Technology (https://bcit.ca/)
+ * @license	https://opensource.org/licenses/MIT	MIT License
+ * @link	https://codeigniter.com
+ * @since	Version 3.0.0
+ * @filesource
+ */
+
+use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\HTTP\RequestInterface;
+use CodeIgniter\HTTP\ResponseInterface;
+use Config\Honeypot as HoneypotConfig;
+use CodeIgniter\Honeypot\Exceptions\HoneypotException;
+
+class Honeypot 
+{
+
+    /**
+	 * Honeypot Template
+	 * @var String
+	 */
+    protected $template;
+
+    /**
+	 * Honeypot text field name
+	 * @var String
+	 */
+    protected $name;
+
+    /**
+	 * Honeypot lable content
+	 * @var String
+	 */
+    protected $label;
+
+    /**
+	 * Self Instance of Class
+	 * @var Honeypot
+	 */
+    protected $config;
+
+    //--------------------------------------------------------------------
+
+    function __construct (BaseConfig $config) {
+        $this->config = $config;
+
+        if($this->config->hidden === '')
+        {
+            throw HoneypotException::forNoHiddenValue();
+        }
+
+        if($this->config->template === '')
+        {
+            throw HoneypotException::forNoTemplate();
+        }
+
+        if($this->config->name === '')
+        {
+            throw HoneypotException::forNoNameField();
+        }
+    }
+
+    //--------------------------------------------------------------------
+
+    /**
+	 * Checks the request if honeypot field has data.
+	 *
+	 * @param \CodeIgniter\HTTP\RequestInterface $request
+	 * 
+	 */
+    public function hasContent(RequestInterface $request) 
+    {
+        if($request->getVar($this->config->name))
+        {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+	 * Attachs Honeypot template to response.
+	 *
+	 * @param \CodeIgniter\HTTP\ResponseInterface $response
+	 */
+    public function attachHoneypot(ResponseInterface $response)
+    {
+        $prep_field = $this->prepareTemplate($this->config->template);  
+        
+        $body = $response->getBody();
+        $body = str_ireplace('</form>', $prep_field, $body);
+        $response->setBody($body);
+    }
+
+    /**
+	 * Prepares the template by adding label
+     * content and field name.
+	 *
+	 * @param string $template
+	 * @return string
+	 */
+    protected function prepareTemplate($template): string
+    {
+        $template = str_ireplace('{label}', $this->config->label, $template);
+        $template = str_ireplace('{name}', $this->config->name, $template);
+
+        if($this->config->hidden)
+        {
+            $template = '<div style="display:none">'. $template . '</div>';
+        }
+        return $template;
+    }
+    
+}

tests/system/Honeypot/HoneypotTest.php

@@ -0,0 +1,44 @@
+<?php namespace CodeIgniter\Honeypot;
+
+use CodeIgniter\Test\CIUnitTestCase;
+use CodeIgniter\Honeypot\Honeypot;
+use CodeIgniter\Config\Services;
+
+class HoneypotTest extends CIUnitTestCase
+{
+
+    protected $request;
+    protected $response;
+    protected $honeypot;
+    
+    public function setUp()
+    {
+        parent::setUp();
+        $this->request = Services::request();
+        $this->response = Services::response();    
+        $config = new \Config\Honeypot();
+        $this->honeypot = new Honeypot($config);    
+        
+    }
+
+    public function testAttachHoneypot()
+    {     
+
+        $this->response->setBody('<form></form>');
+        $this->honeypot->attachHoneypot($this->response);      
+        $this->assertContains('honeypot', $this->response->getBody());
+        $this->response->setBody('<div></div>');
+        $this->assertNotContains('honeypot', $this->response->getBody());
+    }
+
+    public function testHasHoneypot()
+    {
+            
+        $_REQUEST['honeypot'] = 'hey';
+        $this->assertEquals(true, $this->honeypot->hasContent($this->request));
+        $_POST['honeypot'] = 'hey';
+        $this->assertEquals(true, $this->honeypot->hasContent($this->request));
+        $_GET['honeypot'] = 'hey';
+        $this->assertEquals(true, $this->honeypot->hasContent($this->request));
+    }
+}

user_guide_src/source/index.rst

@@ -61,10 +61,7 @@ General Topics
 Library Reference
 *****************
 
-.. toctree::
-	:titlesonly:
-
-	libraries/index
+* ``Honeypot``
 
 ******************
 Database Reference