🐛 Fix contact form submission with negative captcha

Issue: - notch8/palni_palci_knapsack#159 The contact form was failing to process submissions due to conflicts between negative captcha and regular form parameters. This update: - Removes category and contact_method from negative captcha protected fields - Properly merges protected captcha values with regular form parameters - Fixes the "Subject/Category can't be blank" validation error - Ensures all form fields are properly processed while maintaining spam protection This allows the contact form to successfully submit while keeping the negative captcha security measures intact.
samvera · Jan 28, 2025 · 724085d · 724085d
1 parent 644b589
commit 724085d
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/app/controllers/hyrax/contact_form_controller_decorator.rb b/app/controllers/hyrax/contact_form_controller_decorator.rb
@@ -47,12 +47,17 @@ def new
 
     # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     def create
-      # not spam and a valid form
       # Override to include captcha
-      @captcha.values[:category] = params[:contact_form][:category]
-      @captcha.values[:contact_method] = params[:contact_form][:contact_method]
-      @captcha.values[:subject] = params[:contact_form][:subject]
-      @contact_form = model_class.new(@captcha.values)
+      # Negative captcha handles text inputs (name, email, subject, message) to prevent spam
+      # Select/dropdown fields (category, contact_method) are processed normally since they:
+      # 1. Have predefined values making them less vulnerable to spam
+      # 2. Don't work well with negative captcha's encryption
+      form_values = @captcha.values.merge(
+        category: params.dig(:contact_form, :category),
+        contact_method: params.dig(:contact_form, :contact_method)
+      )
+
+      @contact_form = model_class.new(form_values)
       if @contact_form.valid? && @captcha.valid?
         ContactMailer.contact(@contact_form).deliver_now
         flash.now[:notice] = 'Thank you for your message!'
@@ -86,13 +91,11 @@ def collections(rows: 6)
 
     def setup_negative_captcha
       @captcha = NegativeCaptcha.new(
-        # A secret key entered in environment.rb. 'rake secret' will give you a good one.
         secret: ENV.fetch('NEGATIVE_CAPTCHA_SECRET', 'default-value-change-me'),
         spinner: request.remote_ip,
-        # Whatever fields are in your form
+        # Only protect text input fields with negative captcha
+        # Select/dropdown fields are handled separately in the create action
         fields: %i[name email subject message],
-        # If you wish to override the default CSS styles (position: absolute; left: -2000px;)
-        # used to position the fields off-screen
         css: "display: none",
         params:
       )