Try your search with a different keyword or use * as a wildcard.
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.Primitives;
using Nop.Core;
using Nop.Core.Domain.Security;
using Nop.Core.Http.Extensions;
using Nop.Data;
using Nop.Services.Localization;
using Nop.Services.Logging;
namespace Nop.Web.Framework.Mvc.Filters;
///
/// Represents a filter attribute enabling honeypot validation
///
public sealed class ValidateHoneypotAttribute : TypeFilterAttribute
{
#region Ctor
///
/// Create instance of the filter attribute
///
public ValidateHoneypotAttribute() : base(typeof(ValidateHoneypotFilter))
{
}
#endregion
#region Nested filter
///
/// Represents a filter enabling honeypot validation
///
private class ValidateHoneypotFilter : IAsyncAuthorizationFilter
{
#region Fields
protected readonly ILocalizationService _localizationService;
protected readonly ILogger _logger;
protected readonly IWebHelper _webHelper;
protected readonly SecuritySettings _securitySettings;
#endregion
#region Ctor
public ValidateHoneypotFilter(ILocalizationService localizationService,
ILogger logger,
IWebHelper webHelper,
SecuritySettings securitySettings)
{
_localizationService = localizationService;
_logger = logger;
_webHelper = webHelper;
_securitySettings = securitySettings;
}
#endregion
#region Utilities
///
/// Called early in the filter pipeline to confirm request is authorized
///
/// Authorization filter context
/// A task that represents the asynchronous operation
private async Task ValidateHoneypotAsync(AuthorizationFilterContext context)
{
ArgumentNullException.ThrowIfNull(context);
if (!DataSettingsManager.IsDatabaseInstalled())
return;
//whether honeypot is enabled
if (!_securitySettings.HoneypotEnabled)
return;
//try get honeypot input value
var inputValue = await context.HttpContext.Request.GetFormValueAsync(_securitySettings.HoneypotInputName);
//if exists, bot is caught
if (!StringValues.IsNullOrEmpty(inputValue))
{
//warning admin about it
if (_securitySettings.LogHoneypotDetection)
await _logger.WarningAsync(await _localizationService.GetResourceAsync("Honeypot.BotDetected"));
//and redirect to the original page
var page = _webHelper.GetThisPageUrl(true);
context.Result = new RedirectResult(page);
}
}
#endregion
#region Methods
///
/// Called early in the filter pipeline to confirm request is authorized
///
/// Authorization filter context
/// A task that represents the asynchronous operation
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
await ValidateHoneypotAsync(context);
}
#endregion
}
#endregion
}