Provide an example of a time based honeypot value generator

Question

Provide an example of a time based honeypot value generator

jaap3 opened this issue 4 years ago · 0 comments

The README mentions that HONEYPOT_VALUE and HONEYPOT_VERIFIER can be used to "implement a more advanced technique such as using timestamps".

It would be nice to include a recipe so people don't have to reinvent the wheel. I use something like this:

utils/honeypot.py:

import time
from django.core.signing import BadSignature, Signer

SALT = 'honey'


def value_generator():
    # Return monotonic timestamp (won't ever go backwards)
    signer = Signer(salt=SALT)
    value = int(time.monotonic())
    return signer.sign(value)


def value_verifier(value):
    # Verify that the submitted value was generated at most
    # an hour (in seconds) ago
    signer = Signer(salt=SALT)
    try:
        value = signer.unsign(value)
    except BadSignature:
        return False
    else:
        return 0 < time.monotonic() - int(value) < 60 * 60

settings.py:

import utils.honeypot

HONEYPOT_VALUE = honeypot.value_generator
HONEYPOT_VERIFIER = honeypot.value_verifier