Hi,

My honeypot configuration is set 5 seconds and enable honeypot time restriction on webform ("Add time restriction to contact us form"). I fill dummy information by typing each line which takes 10 seconds to complete forms and when click on submit button, its block submit form and shows 6 seconds remain on login page.

Reproduce Steps:
1) Set up honeypot configuration 5 seconds on Administer page
2) Enable honeypot and add time restriction on webform (on setting tab)
3) Submit form with information takes more than 5 seconds
4) Block submission and shows error message on user login page

Note: I didn't enable any restriction on Honeypot configuration at Administer configuration page. I've attached screen capture of my configuration and hope it helps you to identify issue.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

bhagirajlimbu created an issue. See original summary.

bhagirajlimbu’s picture

The issue is trigger from time restriction. Here is my observation

1) Time Limit is 2 seconds
2) Enable time restriction
3) When form submit (click on submit button) 60 seconds later, it checks $input['honeypot_time'] which always return empty because there is no such control on form (Does it need to add manually on form ?)
- Then it always assign a current time
$identifier = Crypt::randomBytesBase64();
\Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')->set($identifier, time(), 3600*24); => Which is latest time than
REQUEST_TIME and assign on $identifier
- and newly assign value on method variable $identifier set as default value on form : '#default_value' => $identifier,
4) On _honeypot_time_restriction_validate method
- Honey port time is retrieve from $identifier : $honeypot_time = \Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')
->get($identifier, 0);
- and compare with REQUEST_TIME which is always less than $honeypot_time if (!$honeypot_time ||
REQUEST_TIME < ($honeypot_time + $time_limit)) { // return error message of time }

There are two possible things happen here

1) Needs to define input (text box) field known as 'honeypot_time' on form and hide from display to end user and define a time before submit
(This needs to workout on webform extension third party module)
2) Need to correct conditional statement if (!$honeypot_time || REQUEST_TIME < ($honeypot_time + $time_limit))

Any suggestion is appreciate.

geerlingguy’s picture

Category: Bug report » Support request
Priority: Major » Normal

I can't reproduce this with a fresh installation, but I'm wondering if there might be a caching issue, or if there's an issue with a reverse proxy or CDN that's in front of your website?

Can you enable on other forms (e.g. user registration or a comment form or something) and see if the same problem happens there?

TR’s picture

Version: 8.x-1.27 » 8.x-1.x-dev
Status: Active » Postponed (maintainer needs more info)
Issue tags: -honeypot, -Webforms
TR’s picture

Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

Original poster has not responded with additional information. If you continue to experience this problem, feel free to re-open this issue with details of how to reproduce the problem.