chore: rolled back honeypot due to errors (#58)

interledger · Feb 14, 2025 · cfa0ac8 · cfa0ac8
1 parent 4e56a21
commit cfa0ac8
Show file tree

Hide file tree

Showing 21 changed files with 258 additions and 661 deletions.
diff --git a/composer.json b/composer.json
@@ -27,7 +27,7 @@
         "drupal/feeds": "^3.0",
         "drupal/feeds_ex": "^1.0@beta",
         "drupal/feeds_tamper": "^2.0@beta",
-        "drupal/honeypot": "2.2.1",
+        "drupal/honeypot": "2.2.0",
         "drupal/layout_builder_admin_theme": "^2.0",
         "drupal/metatag": "^2.1",
         "drupal/paragraphs": "^1.16",

diff --git a/composer.lock b/composer.lock
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
@@ -2342,31 +2342,30 @@
         },
         {
             "name": "drupal/honeypot",
-            "version": "2.2.1",
-            "version_normalized": "2.2.1.0",
+            "version": "2.2.0",
+            "version_normalized": "2.2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://git.drupalcode.org/project/honeypot.git",
-                "reference": "2.2.1"
+                "reference": "2.2.0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://ftp.drupal.org/files/projects/honeypot-2.2.1.zip",
-                "reference": "2.2.1",
-                "shasum": "445fd3d22d5776dc9e517ef35a2bb3cc1c85c5a2"
+                "url": "https://ftp.drupal.org/files/projects/honeypot-2.2.0.zip",
+                "reference": "2.2.0",
+                "shasum": "56397c3779ebac1526cce9ecd39385017ee9a837"
             },
             "require": {
                 "drupal/core": "^10.3 || ^11"
             },
             "require-dev": {
-                "drupal/rules": "^4.0",
-                "drupal/webform": "^6.2"
+                "drupal/rules": "^4.0"
             },
             "type": "drupal-module",
             "extra": {
                 "drupal": {
-                    "version": "2.2.1",
-                    "datestamp": "1739062705",
+                    "version": "2.2.0",
+                    "datestamp": "1723761042",
                     "security-coverage": {
                         "status": "covered",
                         "message": "Covered by Drupal's security advisory policy"

diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
         'name' => 'drupal/recommended-project',
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => 'bb7d17feea84a6dec4af114f3ea64b1c0881e659',
+        'reference' => '4e56a218e81da7f904de3411bd3ff07eb0a6d9f1',
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -440,9 +440,9 @@
             'dev_requirement' => false,
         ),
         'drupal/honeypot' => array(
-            'pretty_version' => '2.2.1',
-            'version' => '2.2.1.0',
-            'reference' => '2.2.1',
+            'pretty_version' => '2.2.0',
+            'version' => '2.2.0.0',
+            'reference' => '2.2.0',
             'type' => 'drupal-module',
             'install_path' => __DIR__ . '/../../web/modules/contrib/honeypot',
             'aliases' => array(),
@@ -487,7 +487,7 @@
         'drupal/recommended-project' => array(
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => 'bb7d17feea84a6dec4af114f3ea64b1c0881e659',
+            'reference' => '4e56a218e81da7f904de3411bd3ff07eb0a6d9f1',
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),

diff --git a/web/modules/contrib/honeypot/.gitlab-ci.yml b/web/modules/contrib/honeypot/.gitlab-ci.yml
@@ -50,10 +50,9 @@ include:
 #   SKIP_ESLINT: '1'
 
 variables:
-  _CSPELL_WORDS: 'geerling, flocknote, webform, webforms'
+  _CSPELL_WORDS: 'geerling, flocknote'
   _SHOW_ENVIRONMENT_VARIABLES: 1
   _PHPUNIT_CONCURRENT: 1
-  OPT_IN_TEST_CURRENT: 1
-  OPT_IN_TEST_PREVIOUS_MAJOR: 1
   OPT_IN_TEST_MIN_PHP: 1
-  OPT_IN_TEST_MAX_PHP: 1
+  OPT_IN_TEST_CURRENT: 1
+  OPT_IN_TEST_NEXT_MAJOR: 1
diff --git a/web/modules/contrib/honeypot/composer.json b/web/modules/contrib/honeypot/composer.json
@@ -20,7 +20,6 @@
         "drupal/core": "^10.3 || ^11"
     },
     "require-dev": {
-        "drupal/rules": "^4.0",
-        "drupal/webform": "^6.2"
+        "drupal/rules": "^4.0"
     }
 }
diff --git a/web/modules/contrib/honeypot/honeypot.info.yml b/web/modules/contrib/honeypot/honeypot.info.yml
@@ -8,7 +8,7 @@ test_dependencies:
 
 configure: honeypot.config
 
-# Information added by Drupal.org packaging script on 2025-02-09
-version: '2.2.1'
+# Information added by Drupal.org packaging script on 2024-08-15
+version: '2.2.0'
 project: 'honeypot'
-datestamp: 1739062708
+datestamp: 1723761045
diff --git a/web/modules/contrib/honeypot/honeypot.module b/web/modules/contrib/honeypot/honeypot.module
@@ -6,57 +6,99 @@
  */
 
 use Drupal\Core\Form\FormStateInterface;
-use Drupal\Core\Hook\Attribute\LegacyHook;
 use Drupal\Core\Routing\RouteMatchInterface;
-use Drupal\honeypot\Hook\HoneypotCronHooks;
-use Drupal\honeypot\Hook\HoneypotFormHooks;
-use Drupal\honeypot\Hook\HoneypotHelpHooks;
-use Drupal\honeypot\Hook\HoneypotHoneypotHooks;
+use Drupal\Core\Url;
+use Drupal\honeypot\Event\HoneypotRejectEvent;
 
 /**
  * Implements hook_help().
  */
-#[LegacyHook]
 function honeypot_help($route_name, RouteMatchInterface $route_match) {
-  return \Drupal::service(HoneypotHelpHooks::class)->help($route_name, $route_match);
+  switch ($route_name) {
+    case 'help.page.honeypot':
+      $output = '';
+      $output .= '<h3>' . t('About') . '</h3>';
+      $output .= '<p>' . t('The Honeypot module uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user. For more information, see the <a href=":url">online documentation for the Honeypot module</a>.', [':url' => 'https://www.drupal.org/docs/contributed-modules/honeypot']) . '</p>';
+      $output .= '<h3>' . t('Uses') . '</h3>';
+      $output .= '<dl>';
+      $output .= '<dt>' . t('Configuring Honeypot') . '</dt>';
+      $output .= '<dd>' . t('All settings for this module are on the Honeypot configuration page, under the Configuration section, in the Content authoring settings. You can visit the configuration page directly from the Honeypot configuration link below. The configuration settings are described in the <a href=":url">online documentation for the Honeypot module</a>.', [':url' => 'https://www.drupal.org/docs/contributed-modules/honeypot/using-honeypot']) . '</dd>';
+      $output .= '<dt>' . t('Setting up Honeypot in your own forms') . '</dt>';
+      $output .= '<dd>' . t("Honeypot protection can be bypassed for certain user roles. For instance, site administrators, who just might be able to fill out a form in less than 5 seconds. And, Honeypot protection can be enabled only for certain forms. Or, it can protect all forms on the site. Finally, honeypot protection can be used in any of your own forms by simply including a little code snippet included on the module's project page.") . '</dd>';
+      $output .= '</dl>';
+      return $output;
+  }
 }
 
 /**
  * Implements hook_cron().
  */
-#[LegacyHook]
 function honeypot_cron() {
-  \Drupal::service(HoneypotCronHooks::class)->cron();
+  // Delete {honeypot_user} entries older than the value of 'expire'.
+  $expire_limit = \Drupal::config('honeypot.settings')->get('expire');
+  \Drupal::database()->delete('honeypot_user')
+    ->condition('timestamp', \Drupal::time()->getRequestTime() - $expire_limit, '<')
+    ->execute();
 }
 
 /**
  * Implements hook_form_FORM_ID_alter().
  */
-#[LegacyHook]
 function honeypot_form_system_performance_settings_alter(&$form, FormStateInterface $form_state, $form_id) {
-  \Drupal::service(HoneypotFormHooks::class)->systemPerformanceSettingsFormAlter($form, $form_state, $form_id);
+  // If time-based protection is effectively disabled, no need for a warning.
+  if (\Drupal::config('honeypot.settings')->get('time_limit') === 0) {
+    return;
+  }
+
+  // Add a warning about caching on the Performance settings page.
+  $description = '';
+  if (!empty($form['caching']['page_cache_maximum_age']['#description'])) {
+    // If there's existing description on 'caching' field, append a break to it
+    // so that our verbiage is on its own line.
+    $description .= $form['caching']['page_cache_maximum_age']['#description'] . '<br />';
+  }
+
+  $description .= t('<em>Page caching may be disabled on any pages where a form is present due to the <a href=":url">Honeypot module\'s configuration</a>.</em>', [
+    ':url' => Url::fromRoute('honeypot.config')->toString(),
+  ]);
+
+  $form['caching']['page_cache_maximum_age']['#description'] = $description;
 }
 
 /**
  * Implements hook_form_alter().
  *
  * Adds Honeypot features to forms enabled in the Honeypot admin interface.
  */
-#[LegacyHook]
 function honeypot_form_alter(&$form, FormStateInterface $form_state, $form_id) {
-  \Drupal::service(HoneypotFormHooks::class)->formAlter($form, $form_state, $form_id);
-}
+  // Don't use for maintenance mode forms (install, update, etc.).
+  if (defined('MAINTENANCE_MODE')) {
+    return;
+  }
 
-/**
- * Implements hook_honeypot_reject().
- *
- * Generates an event when a form submission is rejected.
- *
- * @todo Only accepts two args - see above.
- */
-#[LegacyHook]
-function honeypot_honeypot_reject($form_id, $uid, $type) {
-  \Drupal::service(HoneypotHoneypotHooks::class)->honeypotReject($form_id, $uid, $type);
+  // Add a tag to all forms, so that if they are cached and honeypot
+  // configuration is changed, the cached forms are invalidated and honeypot
+  // protection can be re-evaluated.
+  $form['#cache']['tags'][] = 'config:honeypot.settings';
+
+  // Get list of unprotected forms and setting for whether to protect all forms.
+  $unprotected_forms = \Drupal::config('honeypot.settings')->get('unprotected_forms');
+  $protect_all_forms = \Drupal::config('honeypot.settings')->get('protect_all_forms');
+
+  // If configured to protect all forms, add protection to every form.
+  if ($protect_all_forms && !in_array($form_id, $unprotected_forms)) {
+    // Don't protect system forms - only admins should have access, and system
+    // forms may be programmatically submitted by drush and other modules.
+    if (preg_match('/[^a-zA-Z]system_/', $form_id) === 0 && preg_match('/[^a-zA-Z]search_/', $form_id) === 0 && preg_match('/[^a-zA-Z]views_exposed_form_/', $form_id) === 0) {
+      \Drupal::service('honeypot')->addFormProtection($form, $form_state, ['honeypot', 'time_restriction']);
+    }
+  }
+  // Otherwise add form protection only to the admin-configured forms.
+  elseif (in_array($form_id, \Drupal::service('honeypot')->getProtectedForms())) {
+    // The $form_id of the form we're currently altering is found
+    // in the list of protected forms.
+    \Drupal::service('honeypot')->addFormProtection($form, $form_state, ['honeypot', 'time_restriction']);
+  }
 }
 
 /**
@@ -135,3 +177,16 @@ function honeypot_log_failure($form_id, $type) {
   @trigger_error("honeypot_log_failure() is deprecated in honeypot:2.1.0 and is removed from honeypot:3.0.0. Use the 'honeypot' service instead. For example, \Drupal::service('honeypot')->logFailure(\$form_id, \$type). See https://www.drupal.org/node/2949447", E_USER_DEPRECATED);
   \Drupal::service('honeypot')->logFailure($form_id, $type);
 }
+
+/**
+ * Implements hook_honeypot_reject().
+ *
+ * Generates an event when a form submission is rejected.
+ *
+ * @todo Only accepts two args - see above.
+ */
+function honeypot_honeypot_reject($form_id, $uid, $type) {
+  $event = new HoneypotRejectEvent($form_id, $uid, $type);
+  $event_dispatcher = \Drupal::service('event_dispatcher');
+  $event_dispatcher->dispatch($event, $event::EVENT_NAME);
+}
diff --git a/web/modules/contrib/honeypot/honeypot.services.yml b/web/modules/contrib/honeypot/honeypot.services.yml
@@ -1,20 +1,4 @@
 services:
   honeypot:
-    class: \Drupal\honeypot\HoneypotService
-    autowire: true
-    arguments:
-      $key_value: '@keyvalue.expirable'
-  Drupal\honeypot\HoneypotServiceInterface: '@honeypot'
-
-  Drupal\honeypot\Hook\HoneypotCronHooks:
-    class: \Drupal\honeypot\Hook\HoneypotCronHooks
-    autowire: true
-  Drupal\honeypot\Hook\HoneypotFormHooks:
-    class: \Drupal\honeypot\Hook\HoneypotFormHooks
-    autowire: true
-  Drupal\honeypot\Hook\HoneypotHelpHooks:
-    class: \Drupal\honeypot\Hook\HoneypotHelpHooks
-    autowire: true
-  Drupal\honeypot\Hook\HoneypotHoneypotHooks:
-    class: \Drupal\honeypot\Hook\HoneypotHoneypotHooks
-    autowire: true
+    class: Drupal\honeypot\HoneypotService
+    arguments: ['@current_user', '@module_handler', '@config.factory', '@keyvalue.expirable', '@page_cache_kill_switch', '@database', '@logger.factory', '@datetime.time', '@string_translation', '@cache.default', '@request_stack']