Plone Form Using Honeypot Technology

It’s always an issue to protect forms (especially contact or support forms) against robots and spammer.Usual technologies of protection are the use of question and answers (e.g. a calculation task) or a captcha. But this way of protection has an impact on the usability and user friendliness of the site and especially of the forms. The user get bothered by the necessity to always look an click on small pictures. And if you use the service recaptcha for the protection task you may get in addition into a privacy issue too. The picture below shows the HCaptcha protected form.

Plone contact form with hcaptcha protection

And once the user activated the checkbox to submit that she/he is no robot, the user get the captcha showed in the screenshot below.

Plone form HCaptcha user interaction

But there is a new solution for the protection task. This technology works with a honeypot technology. Plone community members created a new add-on, which build on this technology: collective.honeypot. They published releases on PyPI: https://pypi.org/project/collective.honeypot/. The current release is version 2.0.

I used this honeypot add-on and its technology for new versions of Plone add-ons, which I already created and published some months ago. This add-ons contain mail forms to get in contact with the author of a product or a project owner. This forms previously used the captcha technology, and especially the recaptcha service. Thus I decided to move away from recaptcha. First I created a new version of the add-on, which uses the hcaptcha service. I created a new Plone add-on for this purpose: plone.formwidget.hcaptcha (https://github.com/plone/plone.formwidget.hcaptcha). This add-on is available on PyPI: https://pypi.org/project/plone.formwidget.hcaptcha/. It’s current version is 1.0.

Plone contact form using honeypot technology

Once I finished the move to hcaptcha I worked on a further version of the Plone add-ons which uses the honeypot technology instead of hcaptcha. The honeypot technology makes it possible that the protection of the form works without the need of user interaction. The human user will not notice anything about this protection technology. The form has no visible extras, like e.g. a captcha (see screenshot above). Thus it is more user friendly. You can download the two Plone add-ons with the honeypot technology from PyPI:
https://pypi.org/project/collective.templates/3.0/
https://pypi.org/project/collective.addons/3.1/

Exploring New Plone Frontend ‘Volto’

I got the current version of Plone with the new frontend ‘Volto’ today. I cloned the repository ‘https://github.com/plone/volto.git, installed ‘docker-composer’ on my machine, activated ‘docker’ and run ‘docker-composer up’ inside the new local git repository.

I got an error with a version conflict during the first run of the docker-composer command. I had to stop the command with ctrl + c. But the second run works without issues and the demo-site was up on ‘http://localhost:3000’. It uses the usual login for Plone development sites.

Volto default homepage

Once you’re logged in you’ll get a menu bar with tools to edit existing content and create new content on the left side (see screenshot below, logged in as admin user). (This is the only user after creating the new site, but it is possible to create new users with different, fine grained rights of access).


Volto homepage after login as admin user

LibreOffice Extension erstellen: Neue Version des HowTo

In den letzten Tagen habe ich mein kleines HowTo, wie man LibreOffice Extensions (Erweiterungen) für Inhalte erstellt, überarbeitet. Das HowTo enthält Informationen dazu, wie man mit einer Extension verschiedene Arten von zusätzlichen Inhalten, z.B. einer Gallery mit Bildern, für seine Anwender zur Verfügung stellen kann. Das HowTo enthält auch Hinweise auf entsprechende für die einzelnen Arten dieser Non-Code-Extensions für LibreOffice. Diese habe ich meinem Github-Repository erstellt. Die Links zu Ihnen werden im HowTo jeweils genannt.
Die neue Version des HowTo können Sie von meiner Webseite über folgenden Link herunterladen:
https://amantke.de/wp-content/uploads/2021/04/extensionsbook20210417.pdf

Zwischenzeitlich habe ich auch noch an einer PythonQT-Anwendung gearbeitet, über die sich die entsprechenden LibreOffice Non-Code-Extensions (Inhalte-Erweiterungen) über eine Benutzeroberfläche erstellen lassen. Diese Anwendung können Sie aus dem Python Package Index (PyPI) herunterladen bzw. mit Pip installieren (empfohlen in einer virtuellen Python3-Umgebung):
https://pypi.org/project/liboextensioncreator/

LibreOffice Extension Creator

I’m currently working on a Python program to create LibreOffice (non-code) extensions. This program uses the PyQt5 framework to create a user interface, where the extension author could add the necessary information and the links to the files which should be included in the LibreOffice extension, e.g. gallery files.

The source code of this Python program is available from my Github repository:
https://github.com/andreasma/liboextensioncreator

It is work in progress and the functions will be implemented step by step.

Plone Add-On Development Configuration Panel – Part 1

If you are developing an add-on for the Plone Content Management System (CMS) there will be regularly the need for some configuration options, e.g. you want the user to choose from some categories or versions. And you don’t want to hard code this options and thus make you program more flexible.

Therefore you need some fields where you could provide this entries (options) and a place to store them. The first option to do this would be inside the add-on objects itself, e.g. in the root content object. There you could add such fields, index their values into the Plone ‘portal_catalog’ and query them from there. But I think there is a much better option to set such options. You could create a controlpanel and add this to the ‘site configuration’ page, dedicated to the admin and site admin of a Plone site. There is already a section for add-on configuration entries available.

It’s very easy to add new configuration fields to the controlpanel. There are fields available for lists, tuple, Textline and Text etc. The values of the fields could be stored in Plone’s ‘Configuration Registry’ and taken with features from the Plone api from there very easy.

Here a first example for the source code of a controlpanel:

# -*- coding: utf-8 -*-
from collective.templates import _
from plone.app.multilingual.dx import directives
from plone.app.registry.browser.controlpanel import ControlPanelFormWrapper
from plone.app.registry.browser.controlpanel import RegistryEditForm
from plone.supermodel import model
from plone.z3cform import layout
from Products.CMFPlone.utils import safe_unicode
from zope import schema
from zope.interface import Interface


class ICollectivetemplatesControlPanel(Interface):
    available_category = schema.Tuple(
        title=_(safe_unicode('Available Categories')),
        default=('Business',),
        value_type=schema.TextLine())

    allowed_templatefileextension = schema.TextLine(
        title=_(safe_unicode(
                   'Allowed template file extensions')),
        description=_(safe_unicode(
           'Fill in the allowed (...).')),
        default=safe_unicode('ott|ots|otp|otg'),
    )

    legal_disclaimer = schema.Text(
        title=_(safe_unicode(
                    'Text of the Legal Disclaimer and Limitations')),
        description=_(safe_unicode(
            'Enter the text of the legal disclaimer (...).')),
        default=_(safe_unicode(
            'Fill in the legal disclaimer, (...).')),
        required=False,
    )

(...)

class CollectivetemplatesControlPanelForm(RegistryEditForm):
    schema = ICollectivetemplatesControlPanel
    schema_prefix = 'collectivetemplates'
    label = u'Collective Templates Settings'


CollectivetemplatesControlPanelView = layout.wrap_form(
    CollectivetemplatesControlPanelForm, ControlPanelFormWrapper)

The code above showed different field types for the configuration options. There are the ‘Tuple’ which contains a listing of values. Because the value type is schema.Textline every line of the field contains a single value of the listing.

Then there is a TextLine field for in this example a single value of allowed file extensions. The different allowed values are seperated by a pipe in this case.

The last field is Text field which is able to get a text with more than one line. In this case a text which should be shown to a user (contributor) of a site. It would be possible to use also a RichText field inside this controlpanel, but there will pop up an error message once you try to write the value of such field to the Plone Configuration Registry.

But the use of a RichText field isn’t necessary in this case. If you want to display the content of a Text field on a webpage inside Plone you could write the text including HTML tags, e.g. for headings and paragraphs.

I’ll explain in an upcomming blog post how to add this controlpanel to the site configuration page and to write the values of the fields to the Plone configuration registry.

The last lines of the above source code example create the registry form from the above schema.

Further Steps Forward On Conference Add-on

I worked on a Plone add-on to manage conferences. I already created such an add-on to run the LibreOffice conferences in Berlin (2012) and Milano (2013). But this add-on was build against a former version of Plone and Python 2. It used the Grok style which could have some side effects. Thus I decided to move away from Grok style for an upgrade / a new setup of the add-on.

I already moved all modules and active functions away from Grok and reordered the structure of the add-on. I added a new configuration panel to the administration page. I could also fix relations and the indexing. You could get the code from Github at: https://github.com/collective/collective.conferences.

Worked On Plone Conference Add-On And With Navigation Root

I worked further on a Plone add-on to manage conferences and had to work with the navigation root of a Plone site. I moved this navigation root to the container object of the conference add-on. The navigation worked as expected yet (the objects in top container made it to the main navigation menubar), but the login and register links at the top of the site didn’t work anymore. Thus I had to edit the links of this actions / portal_actions inside the ‘Site Setup’ or the Plone ‘Management Interface’. I added a short howto about this.

Working On Plone Conference Add-On

I created a Plone conference add-on a longer time ago, which was used to run two LibreOffice conferences. I published the code of this add-on on the Plone collective Github account.

This add-on was created and used within Plone 4 and the Grok method. This is not the usal way to develop on Plone anymore thus I decided to first drop all grok ties and replace them with other Plone methods, especially make better use of configure.zcml. I’ll finish this work during the next days.

The goal of my work is the migration of the conference add-on to Plone 5.2.x and Python 3 and add new features afterwards to support the work of organizers of analog and online conferences.

The code of the conference add-on is available at: https://github.com/collective/collective.conferences

New Releases Of Collective.Addons And Collective.Templates

I added a feature to choose if the name and / or the contact e-mail address of an addon project should be published on the projects page during the last days. Today I created a release from this changes and published it on the Cheeseshop (https://pypi.org): https://pypi.org/project/collective.addons/

The source code of this Plone add-on is available on its Github repository:
https://github.com/collective/collective.addons

In addition I made a small bugfix release for the Plone add-on collective.templates and published it to on pypi.org:
https://pypi.org/project/collective.templates/
The source code of this add-on could be cloned from Github at:
https://github.com/collective/collective.templates.

New Release Of Collective.Templates

I worked further on the source code of the Plone add-on collective.templates and added a feature to display the username and the e-mail address of a project owner on his/her choice. The new release contains also an improved user documentation.

You could download the new release from the Cheeseshop (https://pypi.org):
https://pypi.org/project/collective.templates/
The source code is available from the Github repository of the Plone collective:
https://github.com/collective/collective.templates