Hi,
My honeypot configuration is set 5 seconds and enable honeypot time restriction on webform ("Add time restriction to contact us form"). I fill dummy information by typing each line which takes 10 seconds to complete forms and when click on submit button, its block submit form and shows 6 seconds remain on login page.
Reproduce Steps:
1) Set up honeypot configuration 5 seconds on Administer page
2) Enable honeypot and add time restriction on webform (on setting tab)
3) Submit form with information takes more than 5 seconds
4) Block submission and shows error message on user login page
Note: I didn't enable any restriction on Honeypot configuration at Administer configuration page. I've attached screen capture of my configuration and hope it helps you to identify issue.
Comment | File | Size | Author |
---|---|---|---|
ErrorMessage-FormSubmission.png | 25.07 KB | bhagirajlimbu | |
Enable-HoneyPot-On-WebForm.png | 36.19 KB | bhagirajlimbu | |
HoneyPot-Configuration.png | 55.22 KB | bhagirajlimbu |
Comments
Comment #2
bhagirajlimbu CreditAttribution: bhagirajlimbu commentedThe issue is trigger from time restriction. Here is my observation
1) Time Limit is 2 seconds
2) Enable time restriction
3) When form submit (click on submit button) 60 seconds later, it checks $input['honeypot_time'] which always return empty because there is no such control on form (Does it need to add manually on form ?)
- Then it always assign a current time
$identifier = Crypt::randomBytesBase64();
\Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')->set($identifier, time(), 3600*24); => Which is latest time than
REQUEST_TIME and assign on $identifier
- and newly assign value on method variable $identifier set as default value on form : '#default_value' => $identifier,
4) On _honeypot_time_restriction_validate method
- Honey port time is retrieve from $identifier : $honeypot_time = \Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')
->get($identifier, 0);
- and compare with REQUEST_TIME which is always less than $honeypot_time if (!$honeypot_time ||
REQUEST_TIME < ($honeypot_time + $time_limit)) { // return error message of time }
There are two possible things happen here
1) Needs to define input (text box) field known as 'honeypot_time' on form and hide from display to end user and define a time before submit
(This needs to workout on webform extension third party module)
2) Need to correct conditional statement if (!$honeypot_time || REQUEST_TIME < ($honeypot_time + $time_limit))
Any suggestion is appreciate.
Comment #3
geerlingguy CreditAttribution: geerlingguy at Midwestern Mac, LLC commentedI can't reproduce this with a fresh installation, but I'm wondering if there might be a caching issue, or if there's an issue with a reverse proxy or CDN that's in front of your website?
Can you enable on other forms (e.g. user registration or a comment form or something) and see if the same problem happens there?
Comment #4
TR CreditAttribution: TR commentedComment #5
TR CreditAttribution: TR commentedOriginal poster has not responded with additional information. If you continue to experience this problem, feel free to re-open this issue with details of how to reproduce the problem.