trabajo-afectivo/app/controllers/form_controller.rb

# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

class FormController < ApplicationController
  prepend_before_action -> { authorize! }, only: %i[configuration submit]

  skip_before_action :verify_csrf_token
  before_action :cors_preflight_check
  after_action :set_access_control_headers_execute
  skip_before_action :user_device_log

  def configuration
    return if !fingerprint_exists?
    return if limit_reached?

    api_path  = Rails.configuration.api_path
    http_type = Setting.get('http_type')
    fqdn      = Setting.get('fqdn')

    endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"

    result = {
      enabled:  Setting.get('form_ticket_create'),
      endpoint: endpoint,
      token:    token_gen(params[:fingerprint])
    }

    if authorized?(policy_record, :test?)
      result[:enabled] = true
    end

    render json: result, status: :ok
  end

  def submit
    return if !fingerprint_exists?
    return if !token_valid?(params[:token], params[:fingerprint])
    return if limit_reached?

    # validate input
    errors = {}
    if params[:name].blank?
      errors['name'] = 'required'
    end
    if params[:title].blank?
      errors['title'] = 'required'
    end
    if params[:body].blank?
      errors['body'] = 'required'
    end

    if params[:email].blank?
      errors['email'] = 'required'
    else
      begin
        email_address_validation = EmailAddressValidation.new(params[:email])
        if !email_address_validation.valid_format? || !email_address_validation.valid_mx?
          errors['email'] = 'invalid'
        end
      rescue => e
        message = e.to_s
        Rails.logger.info "Can't verify email #{params[:email]}: #{message}"

        # ignore 450, graylistings
        errors['email'] = message if message.exclude?('450')
      end
    end

    if errors.present?
      render json: {
        errors: errors
      }, status: :ok
      return
    end

    name = params[:name].strip
    email = params[:email].strip.downcase

    customer = User.find_by(email: email)
    if !customer
      role_ids = Role.signup_role_ids
      customer = User.create(
        firstname:     name,
        lastname:      '',
        email:         email,
        active:        true,
        role_ids:      role_ids,
        updated_by_id: 1,
        created_by_id: 1,
      )
    end

    ticket = nil

    # set current user
    UserInfo.current_user_id = customer.id
    ApplicationHandleInfo.in_context('form') do # rubocop:disable Metrics/BlockLength
      group = Group.find_by(id: Setting.get('form_ticket_create_group_id'))
      if !group
        group = Group.where(active: true).first
        if !group
          group = Group.first
        end
      end
      ticket = Ticket.create!(
        group_id:    group.id,
        customer_id: customer.id,
        title:       params[:title],
        preferences: {
          form: {
            remote_ip:       request.remote_ip,
            fingerprint_md5: Digest::MD5.hexdigest(params[:fingerprint]),
          }
        }
      )
      article = Ticket::Article.create!(
        ticket_id: ticket.id,
        type_id:   Ticket::Article::Type.find_by(name: 'web').id,
        sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id,
        body:      params[:body],
        subject:   params[:title],
        internal:  false,
      )

      params[:file]&.each do |file|
        Store.add(
          object:      'Ticket::Article',
          o_id:        article.id,
          data:        file.read,
          filename:    file.original_filename,
          preferences: {
            'Mime-Type' => file.content_type,
          }
        )
      end
    end

    UserInfo.current_user_id = 1

    result = {
      ticket: {
        id:     ticket.id,
        number: ticket.number
      }
    }
    render json: result, status: :ok
  end

  private

  # we don't wann to tell what the cause for the authorization error is
  # so we capture the exception and raise an anonymized one
  def authorize!(...)
    super
  rescue Pundit::NotAuthorizedError
    raise Exceptions::Forbidden
  end

  def token_gen(fingerprint)
    crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)
    fingerprint = "#{Base64.strict_encode64(Setting.get('fqdn'))}:#{Time.zone.now.to_i}:#{Base64.strict_encode64(fingerprint)}"
    Base64.strict_encode64(crypt.encrypt_and_sign(fingerprint))
  end

  def token_valid?(token, fingerprint)
    if token.blank?
      Rails.logger.info 'No token for form!'
      raise Exceptions::Forbidden
    end
    begin
      crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)
      result = crypt.decrypt_and_verify(Base64.decode64(token))
    rescue
      Rails.logger.info 'Invalid token for form!'
      raise Exceptions::NotAuthorized
    end
    if result.blank?
      Rails.logger.info 'Invalid token for form!'
      raise Exceptions::NotAuthorized
    end
    parts = result.split(':')
    if parts.count != 3
      Rails.logger.info "Invalid token for form (need to have 3 parts, only #{parts.count} found)!"
      raise Exceptions::NotAuthorized
    end
    fqdn_local = Base64.decode64(parts[0])
    if fqdn_local != Setting.get('fqdn')
      Rails.logger.info "Invalid token for form (invalid fqdn found #{fqdn_local} != #{Setting.get('fqdn')})!"
      raise Exceptions::NotAuthorized
    end
    fingerprint_local = Base64.decode64(parts[2])
    if fingerprint_local != fingerprint
      Rails.logger.info "Invalid token for form (invalid fingerprint found #{fingerprint_local} != #{fingerprint})!"
      raise Exceptions::NotAuthorized
    end
    if parts[1].to_i < (Time.zone.now.to_i - (60 * 60 * 24))
      Rails.logger.info 'Invalid token for form (token expired})!'
      raise Exceptions::NotAuthorized
    end
    true
  end

  def limit_reached?
    return false if !SearchIndexBackend.enabled?

    # quote ipv6 ip'
    remote_ip = request.remote_ip.gsub(':', '\\:')

    # in elasticsearch7 "created_at:>now-1h" is not working. Needed to catch -2h
    form_limit_by_ip_per_hour = Setting.get('form_ticket_create_by_ip_per_hour') || 20
    result = SearchIndexBackend.search("preferences.form.remote_ip:'#{remote_ip}' AND created_at:>now-2h", 'Ticket', limit: form_limit_by_ip_per_hour)
    raise Exceptions::Forbidden if result.count >= form_limit_by_ip_per_hour.to_i

    form_limit_by_ip_per_day = Setting.get('form_ticket_create_by_ip_per_day') || 240
    result = SearchIndexBackend.search("preferences.form.remote_ip:'#{remote_ip}' AND created_at:>now-1d", 'Ticket', limit: form_limit_by_ip_per_day)
    raise Exceptions::Forbidden if result.count >= form_limit_by_ip_per_day.to_i

    form_limit_per_day = Setting.get('form_ticket_create_per_day') || 5000
    result = SearchIndexBackend.search('preferences.form.remote_ip:* AND created_at:>now-1d', 'Ticket', limit: form_limit_per_day)
    raise Exceptions::Forbidden if result.count >= form_limit_per_day.to_i

    false
  end

  def fingerprint_exists?
    return true if params[:fingerprint].present? && params[:fingerprint].length > 30

    Rails.logger.info 'No fingerprint given!'
    raise Exceptions::Forbidden
  end
end
Maintenance: Update copyright information and add a new rubocop cop to watch over it. 2021-06-01 12:20:20 +00:00			`# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/`
Init form feature. 2015-08-10 00:10:41 +00:00
			`class FormController < ApplicationController`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`prepend_before_action -> { authorize! }, only: %i[configuration submit]`

Improved session validation and usage of cors headers. 2017-02-15 12:29:25 +00:00			`skip_before_action :verify_csrf_token`
Enhancement: Made CORS Preflight Check specification conform. 2020-02-13 10:49:33 +00:00			`before_action :cors_preflight_check`
Improved session validation and usage of cors headers. 2017-02-15 12:29:25 +00:00			`after_action :set_access_control_headers_execute`
Refactoring: Migrate user permission handling to Pundit policies. 2021-07-23 13:07:16 +00:00			`skip_before_action :user_device_log`
Init form feature. 2015-08-10 00:10:41 +00:00
Fixed issue #1318 - 'Access-Control-Allow-Origin' error when submitting web form. 2017-09-05 14:54:22 +00:00			`def configuration`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`return if !fingerprint_exists?`
			`return if limit_reached?`
Init form feature. 2015-08-10 00:10:41 +00:00
			`api_path = Rails.configuration.api_path`
			`http_type = Setting.get('http_type')`
			`fqdn = Setting.get('fqdn')`

			`endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"`

Fixed issue #1318 - 'Access-Control-Allow-Origin' error when submitting web form. 2017-09-05 14:54:22 +00:00			`result = {`
Init form feature. 2015-08-10 00:10:41 +00:00			`enabled: Setting.get('form_ticket_create'),`
			`endpoint: endpoint,`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`token: token_gen(params[:fingerprint])`
Init form feature. 2015-08-10 00:10:41 +00:00			`}`

Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`if authorized?(policy_record, :test?)`
Fixed issue #1318 - 'Access-Control-Allow-Origin' error when submitting web form. 2017-09-05 14:54:22 +00:00			`result[:enabled] = true`
Added support for admin form preview also for admins if feature is disabled. 2016-10-06 19:01:48 +00:00			`end`

Fixed issue #1318 - 'Access-Control-Allow-Origin' error when submitting web form. 2017-09-05 14:54:22 +00:00			`render json: result, status: :ok`
Init form feature. 2015-08-10 00:10:41 +00:00			`end`

			`def submit`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`return if !fingerprint_exists?`
			`return if !token_valid?(params[:token], params[:fingerprint])`
			`return if limit_reached?`
Init form feature. 2015-08-10 00:10:41 +00:00
			`# validate input`
			`errors = {}`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`if params[:name].blank?`
Init form feature. 2015-08-10 00:10:41 +00:00			`errors['name'] = 'required'`
			`end`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`if params[:title].blank?`
Second version of forms. 2015-08-10 08:56:55 +00:00			`errors['title'] = 'required'`
			`end`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`if params[:body].blank?`
Init form feature. 2015-08-10 00:10:41 +00:00			`errors['body'] = 'required'`
			`end`

Refactoring: Added consistent email address validation to backend. 2019-11-21 15:49:14 +00:00			`if params[:email].blank?`
			`errors['email'] = 'required'`
			`else`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`begin`
Refactoring: Added consistent email address validation to backend. 2019-11-21 15:49:14 +00:00			`email_address_validation = EmailAddressValidation.new(params[:email])`
			`if !email_address_validation.valid_format? \|\| !email_address_validation.valid_mx?`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`errors['email'] = 'invalid'`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`end`
			`rescue => e`
Improved validation (ignore 450, graylistings). 2016-02-01 10:28:44 +00:00			`message = e.to_s`
			`Rails.logger.info "Can't verify email #{params[:email]}: #{message}"`

			`# ignore 450, graylistings`
Maintenance: Updated rubocop(-* gems) to latest version (0.92.0). 2020-09-30 09:07:01 +00:00			`errors['email'] = message if message.exclude?('450')`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`end`
			`end`

Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`if errors.present?`
Init form feature. 2015-08-10 00:10:41 +00:00			`render json: {`
			`errors: errors`
			`}, status: :ok`
			`return`
			`end`

			`name = params[:name].strip`
			`email = params[:email].strip.downcase`

			`customer = User.find_by(email: email)`
			`if !customer`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`role_ids = Role.signup_role_ids`
Init form feature. 2015-08-10 00:10:41 +00:00			`customer = User.create(`
Updated rubocop - applied custom Layout/AlignHash style. 2018-12-19 17:31:51 +00:00			`firstname: name,`
			`lastname: '',`
			`email: email,`
			`active: true,`
			`role_ids: role_ids,`
Init form feature. 2015-08-10 00:10:41 +00:00			`updated_by_id: 1,`
			`created_by_id: 1,`
			`)`
			`end`

Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`ticket = nil`

Added preview do admin interface for form config. 2016-10-06 16:56:10 +00:00			`# set current user`
			`UserInfo.current_user_id = customer.id`
Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`ApplicationHandleInfo.in_context('form') do # rubocop:disable Metrics/BlockLength`
			`group = Group.find_by(id: Setting.get('form_ticket_create_group_id'))`
Implemented issue #1206 - Feedback Form Channel - Ability to set a target group for incoming tickets. 2017-06-28 17:19:19 +00:00			`if !group`
Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`group = Group.where(active: true).first`
			`if !group`
			`group = Group.first`
			`end`
Implemented issue #1206 - Feedback Form Channel - Ability to set a target group for incoming tickets. 2017-06-28 17:19:19 +00:00			`end`
Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`ticket = Ticket.create!(`
			`group_id: group.id,`
			`customer_id: customer.id,`
			`title: params[:title],`
Applied changes for Rubocop 0.51. 2017-11-23 08:09:44 +00:00			`preferences: {`
Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`form: {`
			`remote_ip: request.remote_ip,`
			`fingerprint_md5: Digest::MD5.hexdigest(params[:fingerprint]),`
			`}`
Applied changes for Rubocop 0.51. 2017-11-23 08:09:44 +00:00			`}`
			`)`
Fixes #2634 - Merge not possible with not set, required attributes 2021-08-20 03:36:30 +00:00			`article = Ticket::Article.create!(`
			`ticket_id: ticket.id,`
			`type_id: Ticket::Article::Type.find_by(name: 'web').id,`
			`sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id,`
			`body: params[:body],`
			`subject: params[:title],`
			`internal: false,`
			`)`

			`params[:file]&.each do \|file\|`
			`Store.add(`
			`object: 'Ticket::Article',`
			`o_id: article.id,`
			`data: file.read,`
			`filename: file.original_filename,`
			`preferences: {`
			`'Mime-Type' => file.content_type,`
			`}`
			`)`
			`end`
Enable form to include file attachments (#586) Enable form controller and widget to store file attachments. 2017-01-09 14:16:29 +00:00			`end`

Added preview do admin interface for form config. 2016-10-06 16:56:10 +00:00			`UserInfo.current_user_id = 1`

Return ticket data on form submission (#584) Form controller will return ticket id and number on success, so this data can be displayed on the calling page. 2017-01-09 12:45:22 +00:00			`result = {`
			`ticket: {`
Updated rubocop - applied custom Layout/AlignHash style. 2018-12-19 17:31:51 +00:00			`id: ticket.id,`
Return ticket data on form submission (#584) Form controller will return ticket id and number on success, so this data can be displayed on the calling page. 2017-01-09 12:45:22 +00:00			`number: ticket.number`
			`}`
			`}`
Init form feature. 2015-08-10 00:10:41 +00:00			`render json: result, status: :ok`
			`end`

			`private`

Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`# we don't wann to tell what the cause for the authorization error is`
			`# so we capture the exception and raise an anonymized one`
Maintenance: Treat Ruby deprecation warnings as test errors. 2021-07-06 07:52:22 +00:00			`def authorize!(...)`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`super`
			`rescue Pundit::NotAuthorizedError`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden`
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`end`

Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`def token_gen(fingerprint)`
Maintenance: Increase performance of ticket creation via form. 2021-09-01 07:46:00 +00:00			`crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`fingerprint = "#{Base64.strict_encode64(Setting.get('fqdn'))}:#{Time.zone.now.to_i}:#{Base64.strict_encode64(fingerprint)}"`
			`Base64.strict_encode64(crypt.encrypt_and_sign(fingerprint))`
			`end`

			`def token_valid?(token, fingerprint)`
			`if token.blank?`
			`Rails.logger.info 'No token for form!'`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
			`begin`
Maintenance: Increase performance of ticket creation via form. 2021-09-01 07:46:00 +00:00			`crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`result = crypt.decrypt_and_verify(Base64.decode64(token))`
			`rescue`
			`Rails.logger.info 'Invalid token for form!'`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
			`if result.blank?`
			`Rails.logger.info 'Invalid token for form!'`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
Maintenance: Updated rubocop(-* gems) to latest version (1.11.0). 2021-03-02 07:26:51 +00:00			`parts = result.split(':')`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`if parts.count != 3`
			`Rails.logger.info "Invalid token for form (need to have 3 parts, only #{parts.count} found)!"`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
			`fqdn_local = Base64.decode64(parts[0])`
			`if fqdn_local != Setting.get('fqdn')`
			`Rails.logger.info "Invalid token for form (invalid fqdn found #{fqdn_local} != #{Setting.get('fqdn')})!"`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
			`fingerprint_local = Base64.decode64(parts[2])`
			`if fingerprint_local != fingerprint`
			`Rails.logger.info "Invalid token for form (invalid fingerprint found #{fingerprint_local} != #{fingerprint})!"`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
Maintenance: Bump rubocop from 1.20.0 to 1.21.0 2021-09-14 07:46:08 +00:00			`if parts[1].to_i < (Time.zone.now.to_i - (60 * 60 * 24))`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`Rails.logger.info 'Invalid token for form (token expired})!'`
Refactoring: Removed use of unnecessary exception wrapper method `response_access_deny`. 2019-02-26 10:37:31 +00:00			`raise Exceptions::NotAuthorized`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
			`true`
			`end`

			`def limit_reached?`
			`return false if !SearchIndexBackend.enabled?`

Added support for elasticsearch 6 and 7. Fixes #1688. 2019-06-20 10:45:27 +00:00			`# quote ipv6 ip'`
			`remote_ip = request.remote_ip.gsub(':', '\\:')`

			`# in elasticsearch7 "created_at:>now-1h" is not working. Needed to catch -2h`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`form_limit_by_ip_per_hour = Setting.get('form_ticket_create_by_ip_per_hour') \|\| 20`
Added support for elasticsearch 6 and 7. Fixes #1688. 2019-06-20 10:45:27 +00:00			`result = SearchIndexBackend.search("preferences.form.remote_ip:'#{remote_ip}' AND created_at:>now-2h", 'Ticket', limit: form_limit_by_ip_per_hour)`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden if result.count >= form_limit_by_ip_per_hour.to_i`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00
			`form_limit_by_ip_per_day = Setting.get('form_ticket_create_by_ip_per_day') \|\| 240`
Added support for elasticsearch 6 and 7. Fixes #1688. 2019-06-20 10:45:27 +00:00			`result = SearchIndexBackend.search("preferences.form.remote_ip:'#{remote_ip}' AND created_at:>now-1d", 'Ticket', limit: form_limit_by_ip_per_day)`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden if result.count >= form_limit_by_ip_per_day.to_i`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00
			`form_limit_per_day = Setting.get('form_ticket_create_per_day') \|\| 5000`
Search query extension refactoring to use params and not arguments. 2018-11-06 16:11:10 +00:00			`result = SearchIndexBackend.search('preferences.form.remote_ip:* AND created_at:>now-1d', 'Ticket', limit: form_limit_per_day)`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden if result.count >= form_limit_per_day.to_i`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00
			`false`
			`end`

			`def fingerprint_exists?`
			`return true if params[:fingerprint].present? && params[:fingerprint].length > 30`
Updated rubocop to latest version (0.59.2) and applied required changes. 2018-10-09 06:17:41 +00:00
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`Rails.logger.info 'No fingerprint given!'`
Fixes issue #2983 - HTTP 401 responses causing issues with Basic Authentication. 2021-02-04 08:28:41 +00:00			`raise Exceptions::Forbidden`
Improved bot detection - issue #1207. Added ticket limits per hour and day. 2017-06-28 17:13:52 +00:00			`end`
Init form feature. 2015-08-10 00:10:41 +00:00			`end`