From bbe0e0770ca7abfc5d9d1c6b345fd39e5f9a9d84 Mon Sep 17 00:00:00 2001
From: Shana Moore <shana@scientist.com>
Date: Tue, 28 Jan 2025 11:12:11 -0800
Subject: [PATCH] :bug: Fix contact form submission with negative captcha

Issue:
- https://github.com/notch8/palni_palci_knapsack/issues/159

The contact form was failing to process submissions due to conflicts between negative captcha and regular form parameters. This update:

- Removes category and contact_method from negative captcha protected fields
- Properly merges protected captcha values with regular form parameters
- Fixes the "Subject/Category can't be blank" validation error
- Ensures all form fields are properly processed while maintaining spam protection

This allows the contact form to successfully submit while keeping the negative captcha security measures intact.
---
 .../hyrax/contact_form_controller_decorator.rb | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/app/controllers/hyrax/contact_form_controller_decorator.rb b/app/controllers/hyrax/contact_form_controller_decorator.rb
index abd6de26e..7aabff567 100644
--- a/app/controllers/hyrax/contact_form_controller_decorator.rb
+++ b/app/controllers/hyrax/contact_form_controller_decorator.rb
@@ -47,12 +47,17 @@ def new
 
     # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     def create
-      # not spam and a valid form
       # Override to include captcha
-      @captcha.values[:category] = params[:contact_form][:category]
-      @captcha.values[:contact_method] = params[:contact_form][:contact_method]
-      @captcha.values[:subject] = params[:contact_form][:subject]
-      @contact_form = model_class.new(@captcha.values)
+      # Negative captcha handles text inputs (name, email, subject, message) to prevent spam
+      # Select/dropdown fields (category, contact_method) are processed normally since they:
+      # 1. Have predefined values making them less vulnerable to spam
+      # 2. Don't work well with negative captcha's encryption
+      form_values = @captcha.values.merge(
+        category: params.dig(:contact_form, :category),
+        contact_method: params.dig(:contact_form, :contact_method)
+      )
+
+      @contact_form = model_class.new(form_values)
       if @contact_form.valid? && @captcha.valid?
         ContactMailer.contact(@contact_form).deliver_now
         flash.now[:notice] = 'Thank you for your message!'
@@ -89,7 +94,8 @@ def setup_negative_captcha
         # A secret key entered in environment.rb. 'rake secret' will give you a good one.
         secret: ENV.fetch('NEGATIVE_CAPTCHA_SECRET', 'default-value-change-me'),
         spinner: request.remote_ip,
-        # Whatever fields are in your form
+        # Only protect text input fields with negative captcha
+        # Select/dropdown fields are handled separately in the create action
         fields: %i[name email subject message],
         # If you wish to override the default CSS styles (position: absolute; left: -2000px;)
         # used to position the fields off-screen