Add robot protection with hidden fields

[Ichag]

Should we add something like this to the forms to raise validation errors if an bot is trying to fill out the form additional or instead if using captchas?

class UnfillableField(forms.CharField):
    """
    A CharField raising a `forms.ValidationError` when filled.

    hide this field with css! E.g.

        .invisifi { display: none; }
    """
    widget = forms.TextInput(attrs={'class': 'invisifi'})

    def clean(self, value):
        if value:
            raise forms.ValidationError('Unknown error')


class UnfillableHiddenField(UnfillableField):
    """
    Like `UnfillableField` but with a `forms.HiddenInput` widget instead.
    """
    widget = forms.HiddenInput()
    hidden_widget = forms.HiddenInput()

It could be added to the wizard as optional fields or can be rendered into any generated form.

Suggestions?

[czpython]

@Ichag Hello, I think it's a good idea to provide some honeypot functionality. That said, I'm leaning more towards using a third party integration vs implementing it directly on the core of aldryn-forms, the same way captchas are implemented.

django-honeypot looks like a good option, would have to check which versions of Django it's compatible with to make sure it matches the ones we support.

[derek-adair]

I'd much rather use a honeypot instead of using captcha... good call.

[wfehr]

Any news here?

[viktor-yunenko]

@yvladislav implemented it for one project by forking aldryn-forms. I can try to look into integrating it, although I wouldn't expect it to happen in the next 1-2 weeks.

[viktor-yunenko]

@yvladislav, I know that you don't have time for implementation right now, but perhaps you could at least post the code here?

[viktor-yunenko]

For those who are comfortable with recaptcha v3 there's a pypi plugin - aldryn-forms-recaptcha-plugin