Honeypot Filter

[dvdnwoke]

Implementation of bot Honeypot as discussed on this issue

[lonnieezell]

Good start, but there's a few things that need to be changed up to fit with the rest of the framework. Thanks!

[lonnieezell]

Let's rename this class/file to simply Honeypot.

[lonnieezell]

According to our style guide the opening brackets should be on a line of their own.

[lonnieezell]

To maintain consistency with the rest of the framework, this should not be a class with static methods. Instead, if should be instantiated with methods called non-statically. Since you need to inject a config class as a dependency, you should add a honeypot method to CodeIgniter\Services and use the service to get the instance. Like:

$honeypot = Services::honeypot();
if ($honeypot->hasContent($request) { ... }

[lonnieezell]

No need to protect the data since it's not be displayed or saved anywhere. Please remove the comment.

[lonnieezell]

This check and the one from getPost are redundant. getVar already checks both of those arrays.

[lonnieezell]

This isn't a script tag - it should be a style tag. And I think this might be overkill, actually. While it's good, and thorough, the developer should I think keeping a default of hidden in the config file is good enough. The developer can change as needed at that point. They'll notice the honeypot fields showing up during testing.

[lonnieezell]

Please move the default values to the config file. Easier for the developer spot/change that way.

[lonnieezell]

Please move to config file.

[lonnieezell]

Please move to config file.

[lonnieezell]

This is better done by pulling it from the Services class:

$this->request = Services::request();
``

[jim-parry]

For future reference, we expect commits to be GPG-signed :-/

[jim-parry]

You are not synchronizing properly. You would synch your develop branch locally, then merge your develop into your honeypot branch.
As it sits, you are trying to re-merge the most recent changes that were merged into the main repo, leaving all sorts of inaoorioriate commits in your PR :-/

[dvdnwoke]

@jim-parry the issue with the merge has been solve sorry for that

[lonnieezell]

Looking better - a few more small items noted. Also - will need some form of basic docs in place, please. We can always expand them later if needed, but a start would be appreciated.

[lonnieezell]

Please add the default values in this file for all values.

[lonnieezell]

This should take an instance of Config\Honeypot as an optional parameter. Something like:

public static function honeypot(BaseConfig $config = null, $getShared = true)
{
    if ($getShared) { ... }

   if (is_null($config))
    {
        $config = new Config\Honeypot();
     }

    return new CodeIgniter\Honeypot\Honeypot($config);
}

[lonnieezell]

should accept an instance of the BaseConfig in the parameter instead of creating an instance in side the header. Makes it more robust and easier to test.

[lonnieezell]

This should throw an exception with an explanatory method. Then devs have something they can catch and provide a better experience for users. In the near future, the exception handler in the framework will be upgraded to allow custom handlers.

[dvdnwoke]

I know die() is not a good option but never knew what to replace it with.
Thanks for that suggestion.

[lonnieezell]

Pretty sure uou need to return the modified $response object here in order for it to work....

[dvdnwoke]

@lonnieezell You are saying
$response = $honeypot->attachHoneypot($response);
should return the modified response?

[lonnieezell]

Correct. Unless it's working for you as it is. But I'm pretty sure you need to return the modified response for the change to stick.

[dvdnwoke]

It's working as it is. But do you feel returning it would be better?

[lonnieezell]

Nah - if it's working, that's cool. I might have been remembering it wrong. I built it then moved on and haven't had a chance to use it much just yet. :)

[lonnieezell]

I don't have an issue with them being here - but need to make sure to include default values in the config file. Any values in a .env file will overwrite those, so it all works as it should.

[lonnieezell]

I'm nit-picking here, but why use honeypot in the name? It's in a class named Honeypot already, so I'd go with the simpler $config personally.

[dvdnwoke]

@lonnieezell

Also - will need some form of basic docs in place, please. We can always expand them later if needed, but a start would be appreciated.

Do you mean documentation on the class or what? Please explain further.

[lonnieezell]

@dvdnwoke

Do you mean documentation on the class or what? Please explain further.

Yes, some documentation for the class. It would go in this folder. You should be able to look at any of the files in that area for an example. You'll also need to add it to the index.rst file that's in that directory.

If you have any questions feel free to ask!

[dvdnwoke]

This line was removed, Because after the changes it keeps throwing error.

And i don't know the actual function of that line. If it's needed just suggest to me how to add it.

[lonnieezell]

Yeah - it is needed. That allows the instance to be cached and shared among all classes. The problem is that you need to pass the $config param into it. Basically, any params that get passed in the main function need to be passed into the getSharedInstance method:

return self::getSharedInstance('honeypot', $config);

[dvdnwoke]

@lonnieezell @jim-parry

For future reference, we expect commits to be GPG-signed :-/

Can you advice me on how to add this?

[jim-parry]

@dvdnwoke https://bcit-ci.github.io/CodeIgniter4/contributing/index.html
Specifically, https://bcit-ci.github.io/CodeIgniter4/contributing/signing.html

[dvdnwoke]

@lonnieezell I think everything is ok here. If there is any more changes just let me know am available.

[lonnieezell]

Looks pretty good, @dvdnwoke, thanks! There are a couple of small things, but I can tweak those later.