From 8ac304db040241d9e4c0224d4bdaa25359782080 Mon Sep 17 00:00:00 2001
From: amdomanska <aga@cottagelabs.com>
Date: Tue, 22 Oct 2024 13:23:42 +0100
Subject: [PATCH] a few improvements to honeypot

---
 cms/sass/components/_honeypotfield.scss         | 1 -
 portality/settings.py                           | 2 +-
 portality/static/js/honeypot.js                 | 2 ++
 portality/templates/account/_register_form.html | 5 +++--
 portality/view/account.py                       | 5 ++---
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/cms/sass/components/_honeypotfield.scss b/cms/sass/components/_honeypotfield.scss
index 7811ea323..7dc4df79d 100644
--- a/cms/sass/components/_honeypotfield.scss
+++ b/cms/sass/components/_honeypotfield.scss
@@ -5,7 +5,6 @@
   height: 1px;
   width: 1px;
   overflow: hidden;
-  clip: rect(0, 0, 0, 0); /* Ensures the field is not visible for sr */
   border: 0;
   padding: 0;
   margin: 0;
diff --git a/portality/settings.py b/portality/settings.py
index cdb490156..2d9e7fa72 100644
--- a/portality/settings.py
+++ b/portality/settings.py
@@ -1566,4 +1566,4 @@
 
 ##################################################
 # Honeypot bot-trap settings for forms (now: only registration form)
-HONEYPOT_TIMER_THRESHOLD = 70000;
+HONEYPOT_TIMER_THRESHOLD = 5000;
diff --git a/portality/static/js/honeypot.js b/portality/static/js/honeypot.js
index 1cd438129..bd972abda 100644
--- a/portality/static/js/honeypot.js
+++ b/portality/static/js/honeypot.js
@@ -11,6 +11,8 @@ doaj.honeypot.handleRegistration = function (event) {
     event.preventDefault();
     const endTime = performance.now();
     const elapsedTime = endTime - doaj.honeypot.startTime;
+    // reset the timer
+    doaj.honeypot.startTime = performance.now();
     $("#hptimer").val(elapsedTime);
     $("#registrationForm").submit();
 }
\ No newline at end of file
diff --git a/portality/templates/account/_register_form.html b/portality/templates/account/_register_form.html
index 30e409a36..a102e90c4 100644
--- a/portality/templates/account/_register_form.html
+++ b/portality/templates/account/_register_form.html
@@ -6,8 +6,9 @@
         <input type="hidden" name="next" value="/register"/>
         {# This input is a bot-bait, it should stay invisible to the users and empty. #}
         {# Make sure it's invisible on the screen AND FOR SCREEN READERS/KEYBOARD USERS' #}
-        <input type="text" placeholder="Your email" id="email" name="email" autocomplete="false" tabindex="-1"
-               class="hpemail" value="">
+        <div aria-hidden="true" class="hpemail">
+            <input type="text" id="email" name="email" autocomplete="false" tabindex="-1" value="">
+        </div>
         <div class="form__question">
             {% if current_user.is_authenticated and current_user.has_role("create_user") %}
                 {# Admins can specify a user ID #}
diff --git a/portality/view/account.py b/portality/view/account.py
index 299ffb14d..5f5157d8a 100644
--- a/portality/view/account.py
+++ b/portality/view/account.py
@@ -342,10 +342,9 @@ def register():
     if request.method == 'POST':
 
         if not current_user.is_authenticated and form.is_bot():
-            print(current_user.is_authenticated)
-            print(form.is_bot())
             if app.config.get('DEBUG', True):
-                flash(f"Debug mode - Values submitted: bot trap field = '{form.email.data}'; anti-bot timer: '{form.hptimer.data}'")
+                flash(Messages.ARE_YOU_A_HUMAN, "error")
+                flash(f"Debug mode - Values submitted: bot trap field = '{form.email.data}'; anti-bot timer: '{form.hptimer.data}' ('{form.hptimer.data/1000:.2f}' sec)")
             else:
                 flash(Messages.ARE_YOU_A_HUMAN, "error")
             return render_template('account/register.html', form=form)