collective · cekk · Sep 23, 2022 · Sep 23, 2022 · Sep 23, 2022 · Sep 23, 2022
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -6,7 +6,8 @@ Changelog
 ----------------
 
 - Test on GitHub Actions instead of Travis.  [maurits]
-
+- Add marker interface to disable automatic field insertion in forms.
+  [cekk]
 
 2.0 (2021-01-27)
 ----------------

diff --git a/README.rst b/README.rst
@@ -304,6 +304,14 @@ As an aside, if you have such a setup, you should make sure the
 script directly.  And he can bypass the honeypot checks by using a
 ``GET`` request.
 
+If you don't need honeypot automatic field creation in some forms,
+you only need to provide ``IHoneypotDisabledForm`` interface to the current request::
+
+  from collective.honeypot.interfaces import IHoneypotDisabledForm
+  from zope.interface import alsoProvides
+
+  alsoProvides(request, IHoneypotDisabledForm)
+
 
 z3c.form
 ========

diff --git a/collective/honeypot/auto.py b/collective/honeypot/auto.py
@@ -1,4 +1,5 @@
 from collective.honeypot import config
+from collective.honeypot.interfaces import IHoneypotDisabledForm
 from lxml import etree
 from lxml import html
 from plone.transformchain.interfaces import ITransform
@@ -41,7 +42,11 @@ def parseTree(self, result, encoding):
             return None
 
         contentEncoding = self.request.response.getHeader("Content-Encoding")
-        if contentEncoding and contentEncoding in ("zip", "deflate", "compress",):
+        if contentEncoding and contentEncoding in (
+            "zip",
+            "deflate",
+            "compress",
+        ):
             return None
 
         if isinstance(result, list) and len(result) == 1:
@@ -79,6 +84,8 @@ def transform(self, result, encoding):
         result = self.parseTree(result, encoding)
         if result is None:
             return None
+        if IHoneypotDisabledForm.providedBy(self.request):
+            return result
         root = result.tree.getroot()
 
         for form in root.cssselect("form"):

diff --git a/collective/honeypot/interfaces.py b/collective/honeypot/interfaces.py
@@ -3,8 +3,13 @@
 
 
 class IHoneypot(Interface):
-    """Honeypot text field.
-    """
+    """Honeypot text field."""
 
     # Keep field title empty so visitors do not see it.
     honeypot = schema.TextLine(title=u"", required=False)
+
+
+class IHoneypotDisabledForm(Interface):
+    """
+    Marker interface to disable automatic field insertion in some views
+    """
diff --git a/collective/honeypot/tests/test_auto.py b/collective/honeypot/tests/test_auto.py
@@ -0,0 +1,48 @@
+from collective.honeypot.auto import ProtectHoneyTransform
+from collective.honeypot.testing import HONEYPOT_FUNCTIONAL_TESTING
+from collective.honeypot.interfaces import IHoneypotDisabledForm
+from zope.interface import alsoProvides, noLongerProvides
+
+import unittest
+
+
+class HoneypotTransformTestCase(unittest.TestCase):
+    layer = HONEYPOT_FUNCTIONAL_TESTING
+
+    def setUp(self):
+        self.portal = self.layer["portal"]
+        self.request = self.layer["request"]
+        self.request.response.setHeader("Content-Type", "text/html")
+        self.request.REQUEST_METHOD = "POST"
+
+    def tearDown(self):
+        noLongerProvides(self.request, IHoneypotDisabledForm)
+
+    def test_transform_add_field_in_form(self):
+        transform = ProtectHoneyTransform(self.portal, self.request)
+        result = transform.transform(
+            [
+                (
+                    "<html>\n<body>"
+                    '<form action="http://nohost/myaction" method="POST">'
+                    "</form></body>\n</html>"
+                )
+            ],
+            "utf-8",
+        )
+        self.assertTrue(b'name="protected_1"' in result.serialize())
+
+    def test_transform_do_not_add_field_in_form_if_interface_provided(self):
+        alsoProvides(self.request, IHoneypotDisabledForm)
+        transform = ProtectHoneyTransform(self.portal, self.request)
+        result = transform.transform(
+            [
+                (
+                    "<html>\n<body>"
+                    '<form action="http://nohost/myaction" method="POST">'
+                    "</form></body>\n</html>"
+                )
+            ],
+            "utf-8",
+        )
+        self.assertFalse(b'name="protected_1"' in result.serialize())
diff --git a/requirements-60.txt b/requirements-60.txt
@@ -0,0 +1,13 @@
+# Keep these the same as in base.cfg please.
+pip==22.2.2 
+setuptools==65.3.0
+zc.buildout>=3.0.0rc3
+wheel==0.37.1
+
+# Windows specific down here (has to be installed here, fails in buildout)
+# Dependency of zope.sendmail:
+pywin32 ; platform_system == 'Windows'
+# SSL Certs on Windows, because Python is missing them otherwise:
+certifi ; platform_system == 'Windows'
+# Dependency of collective.recipe.omelette:
+ntfsutils ; platform_system == 'Windows' and python_version < '3.0'
diff --git a/test-6.0.x.cfg b/test-6.0.x.cfg
@@ -3,3 +3,8 @@ extends =
     https://raw.githubusercontent.com/collective/buildout.plonetest/master/test-6.0.x.cfg
     https://raw.githubusercontent.com/collective/buildout.plonetest/master/qa.cfg
     base.cfg
+
+[versions]
+zc.buildout = >=3.0.0rc3
+pip = 22.2.2
+setuptools = 65.3.0
diff --git a/tox.ini b/tox.ini
@@ -16,4 +16,5 @@ setenv =
     version_file=test-5.2.x.cfg
     plone60: version_file=test-6.0.x.cfg
 deps =
-    -rrequirements.txt
+    plone60: -rrequirements-60.txt
+    !plone60: -rrequirements.txt
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,8 @@ Changelog @@
     ----------------
     - Test on GitHub Actions instead of Travis.  [maurits]
+    - Add marker interface to disable automatic field insertion in forms.
+      [cekk]
 .0 (2021-01-27)
     ----------------
@@ Expand Down @@