Feedback: Better Spam Checks (#1546)

pglombardo · web-flow · commit e09124d2476d · 2023-10-14T19:46:19.000+02:00
* Better Feedback Form Spam Checks

* Set reply-to

* Remove debugger
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -24,4 +24,7 @@ Metrics/AbcSize:
   Max: 100
 
 Metrics/BlockLength:
-  Max: 45
+  Max: 45
+
+Layout/LineLength:
+  Max: 120
diff --git a/app/controllers/feedbacks_controller.rb b/app/controllers/feedbacks_controller.rb
@@ -8,15 +8,18 @@ def create
 
     # spam? will tell us if the hidden field was filled in (it shouldn't be filled in)
     # valid? will tell us if the humanity test was answered correctly
-    if @feedback.spam? or !@feedback.valid?
-      flash[:alert] = _('Our apologies but you failed the spam check.  You could try contacting us on Github instead.')
+    if @feedback.spam? || !@feedback.valid?
+      flash[:alert] =
+        _('Our apologies but you failed the spam check.  You could try contacting us on Github instead.')
       render :new, status: :unprocessable_entity
     else
       @feedback.request = request
       if @feedback.deliver
-        redirect_to root_path, :notice => _('Feedback sent!  We will get back to you as soon as possible.')
+        redirect_to root_path,
+                    notice: _('Feedback sent!  We will get back to you as soon as possible.')
       else
-        flash[:alert] = _('Could not send feedback.  Did you pass the Humanity Test?  Valid email?  Try again?')
+        flash[:alert] =
+          _('Could not send feedback.  Did you pass the Humanity Test?  Valid email?  Try again?')
         render :new, status: :unprocessable_entity
       end
     end
diff --git a/app/models/feedback.rb b/app/models/feedback.rb
@@ -3,20 +3,23 @@ class Feedback < MailForm::Base
   append :remote_ip, :user_agent, :referrer
 
   attribute :name,      validate: true
-  attribute :email,     validate: /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
+  attribute :email,     validate: /\A([\w.%+-]+)@([\w-]+\.)+(\w{2,})\z/i
   attribute :message,   validate: true
-  attribute :control,   validate: /\A95\z/
+  attribute :control,   validate: /\A97\z/
   attributes :nickname, captcha: true
 
+  validates :message,   format: { without: /\b(SEO|offer|ranking)\b+/i,
+                                  message: 'spam detected' }
+
   # Declare the e-mail headers. It accepts anything the mail method
   # in ActionMailer accepts.
   def headers
-    headers = {
+    {
       to: Settings.feedback.email,
       from: Settings.mail.mailer_sender,
-      subject: Settings.brand.title + ' Feedback',
+      subject: "#{Settings.brand.title} Feedback",
+      reply_to: email,
       'X-PWPUSH-URL' => request.url
     }
-    headers
   end
 end
diff --git a/app/views/feedbacks/new.html.erb b/app/views/feedbacks/new.html.erb
@@ -26,7 +26,7 @@
   </div>
   
   <div class="my-3">
-    <%= f.label :name, _('What is one hundred minus 5?'), for: 'feedback_control', class: 'form-label' %>
+    <%= f.label :name, _('What is one hundred minus 3?'), for: 'feedback_control', class: 'form-label' %>
     <%= f.text_field :control, { class: "form-control", required: true } %>
   </div>
 
diff --git a/test/models/feedback_test.rb b/test/models/feedback_test.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+CONTROL = '97'
+
+class FeedbackTest < ActiveSupport::TestCase
+  test 'spam is caught and trashed' do
+    feedback = Feedback.new(
+      control: CONTROL,
+      name: 'Joey',
+      email: 'joey@blah.com',
+      message: <<~SPAMMSG
+        Hello pwpush.com owner,
+
+        We can help you grow your online presence and attract more customers to your business with our Top SEO Services.
+
+        Our team of experts can improve your Google and YouTube Ranking, optimize your Google Maps listing, provide Professional Content for your website, and increase your Website Traffic.
+
+        Don't miss this opportunity to grow your business and stay ahead of the competition.
+
+        =>> https://some-spam-site.com
+
+        Best regards,
+        Mullet
+      SPAMMSG
+    )
+    assert_not feedback.valid?
+  end
+
+  test 'valid emails are allowed through' do
+    feedback = Feedback.new(
+      control: CONTROL,
+      name: 'Joey',
+      email: 'joey@blah.com',
+      message: <<~MSG
+        Hello!  We love Password Pusher!  It's the best!
+      MSG
+    )
+    assert feedback.valid?
+  end
+
+  test 'bad control is blocked' do
+    feedback = Feedback.new(
+      control: 1,
+      name: 'Joey',
+      email: 'joey@blah.com',
+      message: <<~MSG
+        Hello!  We love Password Pusher!  It's the best!
+      MSG
+    )
+    assert_not feedback.valid?
+  end
+end
