Require JavaScript to be turned on for subsciption confirmations

2016-09-08 17:49:01 +03:00 · 2016-09-08 17:49:01 +03:00 · 78083c33fd
commit 78083c33fd
parent f0e772933e
3 changed files with 18 additions and 0 deletions
--- a/lib/models/subscriptions.js
+++ b/lib/models/subscriptions.js
@ -214,6 +214,9 @@ module.exports.addConfirmation = (list, email, optInIp, data, callback) => {
                        }

                        setImmediate(() => {
+                            if (data._skip) {
+                                return;
+                            }

                            mailer.sendMail({
                                from: {
--- a/routes/subscription.js
+++ b/routes/subscription.js
@ -216,6 +216,11 @@ router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req
        return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body));
    }

+    let subTime = Number(req.body.sub) || 0;
+    let subTest = !!(subTime > Date.now() - 3600 * 1000 && subTime < Date.now() + 3600 * 1000);
+    let addressTest = !req.body.address;
+    let testsPass = subTest && addressTest;
+
    lists.getByCid(req.params.cid, (err, list) => {
        if (!err && !list) {
            err = new Error('Selected list not found');
@ -232,6 +237,9 @@ router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req
                data[key] = (req.body[key] || '').toString().trim();
            }
        });
+        data._address = req.body.address;
+        data._sub = req.body.sub;
+        data._skip = !testsPass;
        data = tools.convertKeys(data);

        subscriptions.addConfirmation(list, email, req.ip, data, (err, confirmCid) => {
--- a/views/subscription/subscribe.hbs
+++ b/views/subscription/subscribe.hbs
@ -10,6 +10,9 @@
    <input type="hidden" name="_csrf" value="{{csrfToken}}">
    <input type="hidden" class="tz-detect" name="tz" id="tz" value="{{tz}}">

+    <input type="hidden" name="address" value="">
+    <input type="hidden" name="sub" id="sub" value="">
+
    <div class="form-group">
        <label for="email">Email Address</label>
        <input type="email" class="form-control" name="email" id="email" placeholder="" value="{{email}}" required>
@ -121,3 +124,7 @@
        <button type="submit" class="btn btn-primary">Subscribe to list</button>
    </div>
 </form>
+
+<script>
+    document.getElementById('sub').value = new Date().getTime();
+</script>