Webiant Logo Webiant Logo
  1. No results found.

    Try your search with a different keyword or use * as a wildcard.

ValidateHoneypotAttribute.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using Nop.Core;
using Nop.Core.Domain.Security;
using Nop.Core.Http.Extensions;
using Nop.Data;
using Nop.Services.Localization;
using Nop.Services.Logging;

namespace Nop.Web.Framework.Mvc.Filters;

/// 
/// Represents a filter attribute enabling honeypot validation
/// 
public sealed class ValidateHoneypotAttribute : TypeFilterAttribute
{
    #region Ctor

    /// 
    /// Create instance of the filter attribute
    /// 
    public ValidateHoneypotAttribute() : base(typeof(ValidateHoneypotFilter))
    {
    }

    #endregion

    #region Nested filter

    /// 
    /// Represents a filter enabling honeypot validation
    /// 
    private class ValidateHoneypotFilter : IAsyncAuthorizationFilter
    {
        #region Fields

        protected readonly ILocalizationService _localizationService;
        protected readonly ILogger _logger;
        protected readonly IWebHelper _webHelper;
        protected readonly SecuritySettings _securitySettings;

        #endregion

        #region Ctor

        public ValidateHoneypotFilter(ILocalizationService localizationService,
            ILogger logger,
            IWebHelper webHelper,
            SecuritySettings securitySettings)
        {
            _localizationService = localizationService;
            _logger = logger;
            _webHelper = webHelper;
            _securitySettings = securitySettings;
        }

        #endregion

        #region Utilities

        /// 
        /// Called early in the filter pipeline to confirm request is authorized
        /// 
        /// Authorization filter context
        /// A task that represents the asynchronous operation
        private async Task ValidateHoneypotAsync(AuthorizationFilterContext context)
        {
            ArgumentNullException.ThrowIfNull(context);

            if (!DataSettingsManager.IsDatabaseInstalled())
                return;

            //whether honeypot is enabled
            if (!_securitySettings.HoneypotEnabled)
                return;

            //try get honeypot input value 
            var inputValue = await context.HttpContext.Request.GetFormValueAsync(_securitySettings.HoneypotInputName);

            //if exists, bot is caught
            if (!StringValues.IsNullOrEmpty(inputValue))
            {
                //warning admin about it
                if (_securitySettings.LogHoneypotDetection) 
                    await _logger.WarningAsync(await _localizationService.GetResourceAsync("Honeypot.BotDetected"));

                //and redirect to the original page
                var page = _webHelper.GetThisPageUrl(true);
                context.Result = new RedirectResult(page);
            }
        }

        #endregion

        #region Methods

        /// 
        /// Called early in the filter pipeline to confirm request is authorized
        /// 
        /// Authorization filter context
        /// A task that represents the asynchronous operation
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            await ValidateHoneypotAsync(context);
        }

        #endregion
    }

    #endregion
}