Add honeypot protection to contact forms

tests/Feature/Marketing/ContactFormTest.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Tests\Feature\Marketing;
+
+use App\Mail\ContactConfirmation;
+use App\Mail\ContactRequest;
+use Illuminate\Support\Facades\Mail;
+use Spatie\Honeypot\EncryptedTime;
+use Spatie\Honeypot\Honeypot;
+use Tests\TestCase;
+
+class ContactFormTest extends TestCase
+{
+    public function test_contact_form_accepts_valid_submission(): void
+    {
+        config(['mail.contact_address' => 'contact@example.com']);
+        Mail::fake();
+
+        $honeypot = new Honeypot(config('honeypot'));
+
+        $response = $this->from('/de/kontakt')->post('/de/kontakt', [
+            'name' => 'Test User',
+            'email' => 'user@example.com',
+            'message' => 'Hello there!',
+            $honeypot->nameFieldName() => '',
+            $honeypot->validFromFieldName() => (string) EncryptedTime::create(now()->subSeconds(5)),
+        ]);
+
+        $response->assertRedirect('/de/kontakt');
+        $response->assertSessionHas('success');
+
+        Mail::assertSent(ContactRequest::class);
+        Mail::assertQueued(ContactConfirmation::class, function (ContactConfirmation $mail) {
+            return $mail->hasTo('user@example.com');
+        });
+    }
+
+    public function test_contact_form_blocks_spam_when_honeypot_filled(): void
+    {
+        Mail::fake();
+
+        $honeypot = new Honeypot(config('honeypot'));
+
+        $response = $this->from('/de/kontakt')->post('/de/kontakt', [
+            'name' => 'Spam Bot',
+            'email' => 'spam@example.com',
+            'message' => 'Spam message',
+            $honeypot->nameFieldName() => 'filled',
+            $honeypot->validFromFieldName() => (string) EncryptedTime::create(now()->subSeconds(5)),
+        ]);
+
+        $response->assertOk();
+        $response->assertContent('');
+
+        Mail::assertNothingSent();
+    }
+}