Skip to content

Commit

Permalink
Removed camelCase assumption when validating spam-filtered form field…
Browse files Browse the repository at this point in the history 
… names
  • Loading branch information
@ixnas
ixnas committed Nov 4, 2024
1 parent 47c04a9 commit 2bdb049
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 20 deletions.
12 changes: 6 additions & 6 deletions Ixnas.AltchaNet.AspNetCoreExample/Views/Home/Index.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,16 @@
<h4 class="card-heading mb-3">ALTCHA API - Spam filtered</h4>
<form action="/verifyApiSpamFiltered" method="post">
<div class="mb-3">
<label class="form-label" for="email">E-mail</label>
<input class="form-control" id="email" name="email" type="text"/>
<label class="form-label" for="Email">E-mail</label>
<input class="form-control" id="Email" name="Email" type="text"/>
</div>
<div class="mb-3">
<label class="form-label" for="something">Something</label>
<input class="form-control" id="something" name="something" type="text"/>
<label class="form-label" for="Something">Something</label>
<input class="form-control" id="Something" name="Something" type="text"/>
</div>
<div class="mb-3">
<label class="form-label" for="text">Text</label>
<input class="form-control" id="text" name="text" type="text"/>
<label class="form-label" for="Text">Text</label>
<input class="form-control" id="Text" name="Text" type="text"/>
</div>
<altcha-widget
challengeurl="https://eu.altcha.org/api/v1/challenge?apiKey=@(Model.ApiKey)"
Expand Down
5 changes: 1 addition & 4 deletions Ixnas.AltchaNet.Tests/Simulations/AltchaApiSimulation.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,7 @@ public string GenerateSpamFiltered<T>(T form,
&& property.Name != altchaPropertyName);
var propertyDictionary = formProperties.Select(property => new
{
Key = property.Name[0]
.ToString()
.ToLower()
+ property.Name.Substring(1),
Key = property.Name,
Value = (property.GetValue(form) as string)?.Trim()
})
.Where(property => !string.IsNullOrWhiteSpace(
Expand Down
2 changes: 1 addition & 1 deletion Ixnas.AltchaNet.Tests/Simulations/AltchaFrontEndSimulation.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public AltchaFrontEndSimulationResult Run(AltchaChallenge altchaChallenge,
Func<string, string> malformSaltFn = null,
Func<int> replaceSecretNumberFn = null,
Func<string> replaceAlgorithmFn = null)
#pragma warning restore CA1822)
#pragma warning restore CA1822
{
using (var sha = SHA256.Create())
{
Expand Down
13 changes: 5 additions & 8 deletions Ixnas.AltchaNet/Internal/SpamFilter/SpamFilterValidator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,10 +139,7 @@ private static Form ParseForm<T>(T form, Expression<Func<T, string>> altchaSelec
property.Name != altchaPropertyName)
.Select(property => new Form.FormField
{
Key = property.Name[0]
.ToString()
.ToLower()
+ property.Name.Substring(1),
Key = property.Name,
Value = (property.GetValue(form) as string)?.Trim()
})
.Where(property => !string.IsNullOrWhiteSpace(property.Value))
Expand Down Expand Up @@ -229,7 +226,7 @@ private async static Task<Result<SpamFilteredAltcha>> ChallengeIsNew(IAltchaChal
var isValid = _clock.UtcNow < timestamp;
if (!isValid)
return Result<(SpamFilteredAltcha, SpamFilterVerificationData)>.Fail(ErrorCode
.FormSubmissionExpired);
.FormSubmissionExpired);

return Result<(SpamFilteredAltcha, SpamFilterVerificationData)>.Ok((altcha, verificationData));
}
Expand All @@ -248,18 +245,18 @@ private async static Task<Result<SpamFilteredAltcha>> ChallengeIsNew(IAltchaChal
if (!fieldsToHash.Select(field => field.Key)
.SequenceEqual(fieldNames))
return Result<(SpamFilteredAltcha, SpamFilterVerificationData)>.Fail(ErrorCode
.FormFieldsDontMatch);
.FormFieldsDontMatch);

var combinedFields = string.Join("\n", fieldsToHash.Select(field => field.Value));
var calculatedHash =
ByteConverter.GetHexStringFromBytes(_cryptoAlgorithm.Hash(ByteConverter
.GetByteArrayFromUtf8String(combinedFields)));
.GetByteArrayFromUtf8String(combinedFields)));

var fieldsHash = verificationData.FieldHash;
var fieldValuesMatch = calculatedHash == fieldsHash;
if (!fieldValuesMatch)
return Result<(SpamFilteredAltcha, SpamFilterVerificationData)>.Fail(ErrorCode
.FormFieldValuesDontMatch);
.FormFieldValuesDontMatch);
return Result<(SpamFilteredAltcha, SpamFilterVerificationData)>.Ok((altcha, verificationData));
}

Expand Down
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,6 @@ The `ValidationError` property contains more details on why the validation faile
The result's `PassedSpamFilter` property tells you whether the form data successfully passed through the spam filter.
You might want to keep the form submission and mark it as spam in your application for manual approval.


## Solving challenges

### Set up
Expand Down

0 comments on commit 2bdb049

Please sign in to comment.