Require subscribers to have JavaScript turned on
This commit is contained in:
Andris Reinman
parent
83ac907f24
commit
e1ace459cf
5 changed files with 34 additions and 11 deletions
|
|
@ -215,7 +215,7 @@ module.exports.addConfirmation = (list, email, optInIp, data, callback) => {
|
|||
|
||||
setImmediate(() => {
|
||||
if (data._skip) {
|
||||
log.error('Subscription', 'Confirmation message for %s marked to be skipped (%s)', email, JSON.stringify(data));
|
||||
log.info('Subscription', 'Confirmation message for %s marked to be skipped (%s)', email, JSON.stringify(data));
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
14
package.json
14
package.json
|
|
@ -31,7 +31,7 @@
|
|||
"dependencies": {
|
||||
"bcrypt-nodejs": "0.0.3",
|
||||
"body-parser": "^1.15.2",
|
||||
"bounce-handler": "^7.3.2-fork.1",
|
||||
"bounce-handler": "^7.3.2-fork.2",
|
||||
"compression": "^1.6.2",
|
||||
"config": "^1.21.0",
|
||||
"connect-flash": "^0.1.1",
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
"csv-parse": "^1.1.7",
|
||||
"escape-html": "^1.0.3",
|
||||
"express": "^4.14.0",
|
||||
"express-session": "^1.14.0",
|
||||
"express-session": "^1.14.1",
|
||||
"faker": "^3.1.0",
|
||||
"feedparser": "^1.1.4",
|
||||
"geoip-ultralight": "^0.1.4",
|
||||
|
|
@ -52,15 +52,15 @@
|
|||
"humanize": "0.0.9",
|
||||
"is-url": "^1.2.2",
|
||||
"isemail": "^2.2.1",
|
||||
"jsdom": "^9.4.2",
|
||||
"juice": "^2.0.0",
|
||||
"libmime": "^2.0.3",
|
||||
"jsdom": "^9.5.0",
|
||||
"juice": "^3.0.0",
|
||||
"libmime": "^2.1.0",
|
||||
"mkdirp": "^0.5.1",
|
||||
"moment-timezone": "^0.5.5",
|
||||
"morgan": "^1.7.0",
|
||||
"multer": "^1.2.0",
|
||||
"mysql": "^2.11.1",
|
||||
"nodemailer": "^2.5.0",
|
||||
"nodemailer": "^2.6.0",
|
||||
"nodemailer-openpgp": "^1.0.2",
|
||||
"npmlog": "^4.0.0",
|
||||
"openpgp": "^2.3.3",
|
||||
|
|
@ -70,7 +70,7 @@
|
|||
"serve-favicon": "^2.3.0",
|
||||
"shortid": "^2.2.6",
|
||||
"slugify": "^1.0.2",
|
||||
"smtp-server": "^1.14.1",
|
||||
"smtp-server": "^1.14.2",
|
||||
"striptags": "^2.1.1",
|
||||
"toml": "^2.3.0"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -216,10 +216,14 @@ router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req
|
|||
return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body));
|
||||
}
|
||||
|
||||
// Check if the subscriber seems legit. This is a really simple check, the only requirement is that
|
||||
// the subsciber has JavaScript turned on and thats it. If Mailtrain gets more targeted then this
|
||||
// simple check should be replaced with an actual captcha
|
||||
let subTime = Number(req.body.sub) || 0;
|
||||
let subTest = !!(subTime > Date.now() - 3600 * 1000 && subTime < Date.now() + 3600 * 1000);
|
||||
// allow clock skew 24h in the past and 24h to the future
|
||||
let subTimeTest = !!(subTime > Date.now() - 24 * 3600 * 1000 && subTime < Date.now() + 24 * 3600 * 1000);
|
||||
let addressTest = !req.body.address;
|
||||
let testsPass = subTest && addressTest;
|
||||
let testsPass = subTimeTest && addressTest;
|
||||
|
||||
lists.getByCid(req.params.cid, (err, list) => {
|
||||
if (!err && !list) {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,11 @@
|
|||
<div class="alert alert-warning alert-dismissible" role="alert" id="js-warning">
|
||||
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
|
||||
<strong>Warning!</strong> If JavaScript was not enabled then no confirmation message was sent
|
||||
</div>
|
||||
<script>
|
||||
document.getElementById('js-warning').style.display = 'none';
|
||||
</script>
|
||||
|
||||
<h2>Almost finished.</h2>
|
||||
|
||||
<p>We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.</p>
|
||||
|
|
|
|||
|
|
@ -5,6 +5,14 @@
|
|||
</form>
|
||||
{{/if}}
|
||||
|
||||
<div class="alert alert-warning alert-dismissible" role="alert" id="js-warning">
|
||||
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
|
||||
<strong>Warning!</strong> JavaScript must be enabled in order for the subscription form to work
|
||||
</div>
|
||||
<script>
|
||||
document.getElementById('js-warning').style.display = 'none';
|
||||
</script>
|
||||
|
||||
<form method="post" action="/subscription/{{cid}}/subscribe">
|
||||
|
||||
<input type="hidden" name="_csrf" value="{{csrfToken}}">
|
||||
|
|
@ -120,9 +128,12 @@
|
|||
</div>
|
||||
{{/each}}
|
||||
|
||||
<div class="form-group">
|
||||
<div class="form-group" id="js-subscribe" style="display: none">
|
||||
<button type="submit" class="btn btn-primary">Subscribe to list</button>
|
||||
</div>
|
||||
<script>
|
||||
document.getElementById('js-subscribe').style.display = 'block';
|
||||
</script>
|
||||
</form>
|
||||
|
||||
<script>
|
||||
|
|
|
|||
Loading…
Reference in a new issue