Merge pull request #1501 from MTES-MCT/feature/antispam-forms

Améliorer antispam des formulaires

Author: smdsgn

frontend/scripts/components/pages/Synthese/components/TerritoryIdentityCard.tsx

@@ -123,7 +123,7 @@ export const TerritoryIdentityCard = ({ landData, className }: TerritoryIdentity
 
   const population = populationData?.[0]?.population || null;
   const hasCompetenceUrba = landData.competence_planification;
-console.log(landData.competence_planification)
+
   const identityItems = [
     {
       icon: "bi bi-geo-alt-fill",

frontend/scripts/components/ui/Feedback.tsx

@@ -4,7 +4,7 @@ import Lottie, { LottieRefCurrentProps } from 'lottie-react';
 import { theme } from '@theme';
 import Button from '@components/ui/Button';
 import BaseCard from '@components/ui/BaseCard';
-import { useSubmitFeedbackMutation } from '@services/api';
+import { useSubmitFeedbackMutation, useGetAntispamTokenQuery } from '@services/api';
 
 import animation from '@animations/cup.json';
 
@@ -200,6 +200,7 @@ const Feedback: React.FC<FeedbackProps> = ({ context }) => {
   const [animatedStar, setAnimatedStar] = useState<number | null>(null);
   const [submitted, setSubmitted] = useState(false);
   const [submitFeedback, { isLoading }] = useSubmitFeedbackMutation();
+  const { data: tokenData, refetch: refetchToken } = useGetAntispamTokenQuery();
   const lottieRef = useRef<LottieRefCurrentProps>(null);
 
   useEffect(() => {
@@ -219,7 +220,7 @@ const Feedback: React.FC<FeedbackProps> = ({ context }) => {
   };
 
   const handleSubmit = async () => {
-    if (rating === 0 || isLoading) return;
+    if (rating === 0 || isLoading || !tokenData?.token) return;
 
     try {
       const payload = {
@@ -231,15 +232,17 @@ const Feedback: React.FC<FeedbackProps> = ({ context }) => {
         land_name: context?.landName ?? '',
         page_name: context?.pageName ?? '',
         crisp_session_id: getCrispSessionId(),
+        _token: tokenData.token,
       };
 
-      await submitFeedback(payload as any).unwrap();
+      await submitFeedback(payload).unwrap();
 
       lottieRef.current?.goToAndPlay(0);
       setSubmitted(true);
     } catch {
       setSubmitted(true);
     }
+    refetchToken();
   };
 
   const displayRating = hoveredRating || rating;

frontend/scripts/components/ui/SearchBar.tsx

@@ -1,4 +1,4 @@
-import React, { useEffect, ChangeEvent, useState, useRef } from 'react';
+import React, { useEffect, ChangeEvent, useState, useRef, useMemo } from 'react';
 import styled from 'styled-components';
 import { useSearchTerritoryQuery } from '@services/api';
 
@@ -144,11 +144,16 @@ const SearchBar: React.FC<SearchBarProps> = ({
         skip: shouldQueryBeSkipped,
     });
 
+    const stableExcludeTerritories = useMemo(() => excludeTerritories, 
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+        [JSON.stringify(excludeTerritories)]
+    );
+
     const shouldExcludeTerritoryFromResults = (territory: LandDetailResultType): boolean => {
-        if (excludeTerritories.length === 0) {
+        if (stableExcludeTerritories.length === 0) {
             return false;
         }
-        return excludeTerritories.some(
+        return stableExcludeTerritories.some(
             (excludedTerritory: LandDetailResultType) =>
                 territory.land_id === excludedTerritory.land_id &&
                 territory.land_type === excludedTerritory.land_type
@@ -159,14 +164,12 @@ const SearchBar: React.FC<SearchBarProps> = ({
         if (shouldQueryBeSkipped || isFetching) {
             setData(undefined);
         } else {
-            // Filter out excluded territories
-            let filteredData = queryData;
-            if (queryData) {
-                filteredData = queryData.filter((territory: LandDetailResultType) => !shouldExcludeTerritoryFromResults(territory));
-            }
+            const filteredData = queryData
+                ? queryData.filter((territory: LandDetailResultType) => !shouldExcludeTerritoryFromResults(territory))
+                : undefined;
             setData(filteredData);
         }
-    }, [isFetching, queryData, query, shouldQueryBeSkipped, excludeTerritories]);
+    }, [isFetching, queryData, query, shouldQueryBeSkipped, stableExcludeTerritories]);
 
     useEffect(() => {
         const handleClickOutside = (event: MouseEvent) => {

frontend/scripts/index.js

@@ -6,5 +6,8 @@ import '../styles/index.css'
 // Import dsfr
 import '@gouvfr/dsfr/dist/dsfr.module.min.js'
 
+// HTMX
+import 'htmx.org'
+
 // React
 import './react-roots.tsx'

frontend/scripts/services/api.ts

@@ -334,6 +334,9 @@ export const djangoApi = createApi({
 		getCurrentUser: builder.query<CurrentUserResponse, void>({
 			query: () => '/api/me/',
 		}),
+		getAntispamToken: builder.query<{ token: string }, void>({
+			query: () => '/api/token/',
+		}),
 		submitFeedback: builder.mutation<void, {
 			rating: number;
 			comment: string;
@@ -343,6 +346,7 @@ export const djangoApi = createApi({
 			land_name: string;
 			page_name: string;
 			crisp_session_id?: string;
+			_token: string;
 		}>({
 			query: (body) => {
 				const csrfToken = getCsrfToken();
@@ -383,6 +387,7 @@ const useStartExportPdfMutation = djangoApi.useStartExportPdfMutation;
 const useLazyGetExportStatusQuery = djangoApi.useLazyGetExportStatusQuery;
 
 const useSubmitFeedbackMutation = djangoApi.useSubmitFeedbackMutation;
+const useGetAntispamTokenQuery = djangoApi.useGetAntispamTokenQuery;
 
 const {
 	useGetDepartementListQuery,
@@ -448,4 +453,5 @@ export {
 	useDeleteReportDraftMutation,
 	useGetCurrentUserQuery,
 	useSubmitFeedbackMutation,
+	useGetAntispamTokenQuery,
 };

home/api.py

@@ -9,6 +9,7 @@
 from crisp.services import send_feedback_to_crisp
 from home.models import PageFeedback
 from public_data.models.administration import AdminRef, LandModel
+from utils.antispam import AntispamSerializerMixin
 from utils.mattermost import Mattermost
 
 logger = logging.getLogger(__name__)
@@ -18,7 +19,7 @@ class FeedbackThrottle(AnonRateThrottle):
     rate = "5/minute"
 
 
-class PageFeedbackSerializer(serializers.ModelSerializer):
+class PageFeedbackSerializer(AntispamSerializerMixin, serializers.ModelSerializer):
     crisp_session_id = serializers.CharField(required=False, allow_blank=True, write_only=True)
 
     class Meta:
@@ -46,6 +47,7 @@ def validate_page_url(self, value):
         return value
 
     def validate(self, data):
+        data = super().validate(data)
         land_type = data.get("land_type")
         land_id = data.get("land_id")
 

home/forms.py

@@ -1,10 +1,12 @@
 from django import forms
 from django.templatetags.static import static
 
+from utils.antispam import HoneypotFormMixin
+
 from .models import Newsletter, SatisfactionFormEntry
 
 
-class NewsletterForm(forms.ModelForm):
+class NewsletterForm(HoneypotFormMixin, forms.ModelForm):
     class Meta:
         model = Newsletter
         fields = ("email",)

home/templates/home/partials/newsletter_confirm_subscription.html

@@ -1,4 +1,4 @@
 <div class="fade-in fr-alert fr-alert--success fr-alert--sm" role="alert">
     <h3 class="fr-alert__title">Votre inscription a été prise en compte.</h3>
-    <p>Vous allez recevoir un e-mail vous demandant de confirmer votre souhait.</p>
+    <p>Vous allez recevoir un e-mail vous demandant de confirmer votre inscription.</p>
 </div>

home/templates/home/partials/newsletter_form.html

@@ -8,8 +8,11 @@ <h2 class="fr-h5">Abonnez-vous à notre lettre d'information</h2>
             <p class="fr-text--sm">Ne ratez rien de notre actualité.</p>
           </div>
           <div>
-            <form hx-post="{% url 'home:nwl-confirmation' %}">
+            <form hx-post="{% url 'home:nwl-confirmation' %}" hx-target="this" hx-swap="outerHTML">
               {% csrf_token %}
+              <div style="position:absolute;left:-9999px" aria-hidden="true">
+                <input type="text" name="website" autocomplete="off" tabindex="-1">
+              </div>
               <div class="fr-input-group">
                 <label class="fr-label" for="newsletter-email">
                   Votre adresse électronique (ex. : nom@domaine.fr)

project/api_urls.py

@@ -186,6 +186,7 @@
     NearestTerritoriesViewset,
 )
 from public_data.models.urbanisme import LogementVacantAutorisationStatsViewset
+from utils.antispam import generate_token
 
 app_name = "api"
 
@@ -194,6 +195,11 @@
 router.register(r"feedback", PageFeedbackViewSet, basename="feedback")
 
 
+@api_view(["GET"])
+def antispam_token_view(request):
+    return Response({"token": generate_token()})
+
+
 @api_view(["GET"])
 def me_view(request):
     """Retourne les informations de l'utilisateur connecté."""
@@ -396,6 +402,7 @@ def chart_view(request, id, land_type, land_id):
 urlpatterns = [
     path("", include(router.urls)),
     path("me/", me_view, name="me"),
+    path("token/", antispam_token_view, name="antispam-token"),
     path(
         "preference/<str:land_type>/<str:land_id>/",
         UserLandPreferenceAPIView.as_view(),