opensensor
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 24 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎django_forms_workflows/form_builder_views.py‎
Lines changed: 18 additions & 0 deletions b/‎django_forms_workflows/form_builder_views.py‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎django_forms_workflows/forms.py‎
Lines changed: 178 additions & 0 deletions b/‎django_forms_workflows/forms.py‎
Lines changed: 178 additions & 0 deletions
diff --git a/‎django_forms_workflows/migrations/0080_add_rating_matrix_address_slider_fields_and_form_controls.py‎
Lines changed: 86 additions & 0 deletions b/‎django_forms_workflows/migrations/0080_add_rating_matrix_address_slider_fields_and_form_controls.py‎
Lines changed: 86 additions & 0 deletions
@@ -4,3 +4,4 @@ db.sqlite3
 form-workflows/
 __pycache__/
 .venv/
+FEATURE_GAP_ANALYSIS.md
@@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.53.0] - 2026-04-01
+
+### Added
+- **Rating field** (`field_type = "rating"`) — star-based rating widget rendered via a CSS-only radio button group. `max_value` controls the star count (default 5). Stored as a string `"1"`–`"5"` (or up to the configured max).
+- **Slider field** (`field_type = "slider"`) — range slider input backed by `DecimalField`. `min_value`/`max_value` set the range; `default_value` sets the step size. Live value badge updates as the user drags. Rendered with Bootstrap's `form-range` class.
+- **Address field** (`field_type = "address"`) — structured address stored as free-text (up to 500 chars). The JS form-enhancements layer splits the textarea into labelled sub-inputs (street, city, state, ZIP, country) on the client side.
+- **Matrix / Grid field** (`field_type = "matrix"`) — questionnaire-style grid defined by `choices = {"rows": [...], "columns": [...]}`. Each row becomes a separate `RadioSelect` sub-field; answers are collected as a hidden marker field. Falls back to a plain `Textarea` when no rows/columns are configured.
+- **Submission controls on `FormDefinition`** — three new fields enforced at the view layer before any form is rendered or submitted:
+  - `close_date` (`DateTimeField`, nullable) — stops accepting submissions after the configured date/time.
+  - `max_submissions` (`PositiveIntegerField`, nullable) — caps the total number of non-draft submissions.
+  - `one_per_user` (`BooleanField`, default `False`) — restricts each authenticated user to a single non-draft, non-withdrawn submission.
+- **CAPTCHA support** (`enable_captcha` on `FormDefinition`) — when enabled, injects a hidden `captcha_token` field and a `<div data-captcha-widget>` placeholder. The JS layer dynamically loads either Google reCAPTCHA v2/v3 or hCaptcha (detected by script tag). Server-side verification via `DynamicForm._verify_captcha_token()` calls the provider's `siteverify` endpoint using `FORMS_WORKFLOWS_CAPTCHA_SECRET_KEY` / `FORMS_WORKFLOWS_CAPTCHA_VERIFY_URL` settings; fails open when the key is not configured.
+- **Analytics CSV export** — new `/analytics/export/` endpoint (`analytics_export_csv`) returns a CSV of all non-draft submissions in the selected time range, filterable by form slug. Columns: Date, Form, Status, Submitter, Submission ID.
+- **Analytics period-over-period comparison** — the analytics dashboard now computes the previous equivalent period and exposes `total_change`, `approved_change`, `rejected_change`, and `approval_rate` / `approval_rate_change` context variables for trend indicators.
+- **Form builder: Submission Controls panel** — close date picker, max-submissions input, and one-per-user / CAPTCHA checkboxes added to the form-settings panel in the visual form builder; values round-trip through `form_builder_load` / `form_builder_save`.
+- **Form builder: palette search** — live filter input in the field-palette panel narrows the displayed field types as the user types.
+- **Migration `0080`** — adds `close_date`, `max_submissions`, `one_per_user`, `enable_captcha` to `FormDefinition`; extends `FormField.field_type` choices with `rating`, `matrix`, `address`, `slider`.
+
+### Fixed
+- **QR code view: inactive form now returns 404 before 501** — `form_qr_code` previously checked for the `segno` package before resolving the form, so requests for inactive or non-existent slugs returned 501 (Not Implemented) instead of 404 when `segno` was not installed. The `get_object_or_404` call is now performed first.
+
+### Tests
+- 156 new test cases across `tests/test_forms.py` and `tests/test_views.py` covering all four new field types, CAPTCHA injection and verification, all three submission controls (positive and negative paths), the analytics dashboard context keys and period comparison, and the CSV export (content, headers, filtering, filename).
+
 ## [0.49.0] - 2026-04-01
 
 ### Added
 
@@ -311,6 +311,12 @@ def form_builder_load(request, form_id):
         "requires_login": form_definition.requires_login,
         "allow_save_draft": form_definition.allow_save_draft,
         "allow_withdrawal": form_definition.allow_withdrawal,
+        "close_date": form_definition.close_date.isoformat()
+        if form_definition.close_date
+        else None,
+        "max_submissions": form_definition.max_submissions,
+        "one_per_user": form_definition.one_per_user,
+        "enable_captcha": form_definition.enable_captcha,
         "enable_multi_step": form_definition.enable_multi_step,
         "form_steps": form_definition.form_steps or [],
         "enable_auto_save": form_definition.enable_auto_save,
@@ -343,6 +349,10 @@ def form_builder_save(request):
         requires_login = data.get("requires_login", True)
         allow_save_draft = data.get("allow_save_draft", True)
         allow_withdrawal = data.get("allow_withdrawal", True)
+        close_date = data.get("close_date") or None
+        max_submissions = data.get("max_submissions") or None
+        one_per_user = data.get("one_per_user", False)
+        enable_captcha = data.get("enable_captcha", False)
         enable_multi_step = data.get("enable_multi_step", False)
         form_steps = data.get("form_steps", [])
         enable_auto_save = data.get("enable_auto_save", True)
@@ -372,6 +382,10 @@ def form_builder_save(request):
                 form_definition.requires_login = requires_login
                 form_definition.allow_save_draft = allow_save_draft
                 form_definition.allow_withdrawal = allow_withdrawal
+                form_definition.close_date = close_date
+                form_definition.max_submissions = max_submissions
+                form_definition.one_per_user = one_per_user
+                form_definition.enable_captcha = enable_captcha
                 form_definition.enable_multi_step = enable_multi_step
                 form_definition.form_steps = form_steps
                 form_definition.enable_auto_save = enable_auto_save
@@ -388,6 +402,10 @@ def form_builder_save(request):
                     requires_login=requires_login,
                     allow_save_draft=allow_save_draft,
                     allow_withdrawal=allow_withdrawal,
+                    close_date=close_date,
+                    max_submissions=max_submissions,
+                    one_per_user=one_per_user,
+                    enable_captcha=enable_captcha,
                     enable_multi_step=enable_multi_step,
                     form_steps=form_steps,
                     enable_auto_save=enable_auto_save,
 
@@ -6,6 +6,7 @@
 class for handling approval-step field editing.
 """
 
+import json
 import logging
 import re
 from datetime import date, datetime
@@ -320,6 +321,23 @@ def __init__(self, form_definition, user=None, initial_data=None, *args, **kwarg
                 )
                 i += 1
 
+        # CAPTCHA field (rendered before submit buttons)
+        if form_definition.enable_captcha:
+            self.fields["captcha_token"] = forms.CharField(
+                widget=forms.HiddenInput(attrs={"data-captcha-field": "true"}),
+                required=True,
+                error_messages={
+                    "required": "Please complete the CAPTCHA verification."
+                },
+            )
+            layout_fields.append(
+                Div(
+                    HTML('<div data-captcha-widget="true" class="mb-3"></div>'),
+                    Field("captcha_token"),
+                    css_class="captcha-wrapper",
+                )
+            )
+
         # Add submit buttons
         buttons = [Submit("submit", "Submit", css_class="btn btn-primary")]
         # Save Draft is only available for authenticated users
@@ -681,6 +699,113 @@ def add_field(self, field_def, initial_data):
                 widget=forms.HiddenInput(), required=False, initial=initial
             )
 
+        elif field_def.field_type == "rating":
+            max_stars = int(field_def.max_value) if field_def.max_value else 5
+            rating_choices = [(str(i), str(i)) for i in range(1, max_stars + 1)]
+            widget_attrs.update(
+                {
+                    "class": "rating-stars-input " + widget_attrs.get("class", ""),
+                    "data-max-stars": str(max_stars),
+                }
+            )
+            self.fields[field_def.field_name] = forms.ChoiceField(
+                choices=[("", "")] + rating_choices,
+                widget=forms.Select(attrs=widget_attrs),
+                **field_args,
+            )
+
+        elif field_def.field_type == "slider":
+            min_val = float(field_def.min_value) if field_def.min_value else 0
+            max_val = float(field_def.max_value) if field_def.max_value else 100
+            step = float(field_def.default_value) if field_def.default_value else 1
+            widget_attrs.update(
+                {
+                    "type": "range",
+                    "min": str(min_val),
+                    "max": str(max_val),
+                    "step": str(step),
+                    "class": "form-range " + widget_attrs.get("class", ""),
+                    "data-slider-field": "true",
+                }
+            )
+            self.fields[field_def.field_name] = forms.DecimalField(
+                min_value=field_def.min_value,
+                max_value=field_def.max_value,
+                widget=forms.NumberInput(attrs=widget_attrs),
+                **field_args,
+            )
+
+        elif field_def.field_type == "address":
+            # Structured address stored as JSON with sub-fields rendered
+            # via a single Textarea.  The form-enhancements JS splits this
+            # into sub-inputs (street, city, state, zip, country) on the
+            # client side.
+            widget_attrs.update(
+                {
+                    "rows": 4,
+                    "data-address-field": "true",
+                    "placeholder": widget_attrs.get(
+                        "placeholder",
+                        "Street Address\nCity, State ZIP\nCountry",
+                    ),
+                }
+            )
+            self.fields[field_def.field_name] = forms.CharField(
+                widget=forms.Textarea(attrs=widget_attrs),
+                max_length=500,
+                **field_args,
+            )
+
+        elif field_def.field_type == "matrix":
+            # Matrix/grid: rows and columns defined via `choices` JSON.
+            # Expected format: {"rows": ["Row 1", ...], "columns": ["Col A", ...]}
+            # Stored as JSON dict mapping row labels to selected column values.
+            rows = []
+            cols = []
+            if field_def.choices and isinstance(field_def.choices, dict):
+                rows = field_def.choices.get("rows", [])
+                cols = field_def.choices.get("columns", [])
+
+            if rows and cols:
+                # Create one radio/select per row, rendered together by template
+                for row_label in rows:
+                    sub_name = f"{field_def.field_name}__{row_label}"
+                    col_choices = [(c, c) for c in cols]
+                    self.fields[sub_name] = forms.ChoiceField(
+                        choices=[("", "—")] + col_choices,
+                        label=row_label,
+                        required=field_def.required,
+                        widget=forms.RadioSelect(
+                            attrs={
+                                "class": "matrix-row-input",
+                                "data-matrix-group": field_def.field_name,
+                            }
+                        ),
+                    )
+                # Marker field so the template knows this is a matrix group
+                self.fields[field_def.field_name] = forms.CharField(
+                    widget=forms.HiddenInput(
+                        attrs={
+                            "data-matrix-field": "true",
+                            "data-matrix-rows": ",".join(rows),
+                        }
+                    ),
+                    required=False,
+                    initial="matrix",
+                )
+            else:
+                # Fallback if rows/cols not configured yet
+                widget_attrs["rows"] = 3
+                widget_attrs["placeholder"] = (
+                    "Configure rows/columns in choices as JSON: "
+                    '{"rows": [...], "columns": [...]}'
+                )
+                self.fields[field_def.field_name] = forms.CharField(
+                    widget=forms.Textarea(attrs=widget_attrs),
+                    required=False,
+                    **{k: v for k, v in field_args.items() if k != "required"},
+                )
+
         # Add custom validation if regex provided
         if field_def.regex_validation and field_def.field_type in ["text", "textarea"]:
             self.fields[field_def.field_name].validators.append(
@@ -873,6 +998,19 @@ def clean(self):
 
         cleaned_data = super().clean()
 
+        # ── CAPTCHA verification ───────────────────────────────────────────
+        if self.form_definition.enable_captcha and "captcha_token" in cleaned_data:
+            token = cleaned_data.pop("captcha_token", "")
+            if token:
+                if not self._verify_captcha_token(token):
+                    self.add_error(
+                        None,
+                        ValidationError(
+                            "CAPTCHA verification failed. Please try again.",
+                            code="captcha_failed",
+                        ),
+                    )
+
         for field_def in (
             self.form_definition.fields.exclude(field_type="section")
             .filter(workflow_stage__isnull=True)
@@ -938,6 +1076,46 @@ def clean(self):
 
         return cleaned_data
 
+    def _verify_captcha_token(self, token):
+        """Verify a CAPTCHA token with the provider's API.
+
+        Supports both Google reCAPTCHA v2/v3 and hCaptcha — both use the
+        same ``siteverify`` POST contract.  Configure via Django settings:
+
+        - ``FORMS_WORKFLOWS_CAPTCHA_SECRET_KEY``  (required)
+        - ``FORMS_WORKFLOWS_CAPTCHA_VERIFY_URL``   (optional; defaults to
+          Google reCAPTCHA)
+        """
+        import urllib.parse
+        import urllib.request
+
+        from django.conf import settings
+
+        secret = getattr(settings, "FORMS_WORKFLOWS_CAPTCHA_SECRET_KEY", "")
+        if not secret:
+            logger.warning(
+                "CAPTCHA enabled but FORMS_WORKFLOWS_CAPTCHA_SECRET_KEY not set"
+            )
+            return True  # Fail open if misconfigured
+
+        verify_url = getattr(
+            settings,
+            "FORMS_WORKFLOWS_CAPTCHA_VERIFY_URL",
+            "https://www.google.com/recaptcha/api/siteverify",
+        )
+
+        try:
+            data = urllib.parse.urlencode(
+                {"secret": secret, "response": token}
+            ).encode()
+            req = urllib.request.Request(verify_url, data=data, method="POST")
+            with urllib.request.urlopen(req, timeout=5) as resp:
+                result = json.loads(resp.read())
+            return result.get("success", False)
+        except Exception:
+            logger.exception("CAPTCHA verification request failed")
+            return False
+
     def get_enhancements_config(self):
         """
         Generate JavaScript configuration for form enhancements.
 
@@ -0,0 +1,86 @@
+# Generated by Django 5.2.7 on 2026-04-01 09:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("django_forms_workflows", "0079_webhookendpoint_webhookdeliverylog"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="formdefinition",
+            name="close_date",
+            field=models.DateTimeField(
+                blank=True,
+                help_text="Automatically stop accepting submissions after this date/time",
+                null=True,
+            ),
+        ),
+        migrations.AddField(
+            model_name="formdefinition",
+            name="enable_captcha",
+            field=models.BooleanField(
+                default=False,
+                help_text="Show a CAPTCHA challenge before submission. Requires FORMS_WORKFLOWS_CAPTCHA_SITE_KEY and FORMS_WORKFLOWS_CAPTCHA_SECRET_KEY in settings.",
+            ),
+        ),
+        migrations.AddField(
+            model_name="formdefinition",
+            name="max_submissions",
+            field=models.PositiveIntegerField(
+                blank=True,
+                help_text="Maximum total submissions allowed (leave blank for unlimited)",
+                null=True,
+            ),
+        ),
+        migrations.AddField(
+            model_name="formdefinition",
+            name="one_per_user",
+            field=models.BooleanField(
+                default=False,
+                help_text="Restrict each authenticated user to a single submission",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="formfield",
+            name="field_type",
+            field=models.CharField(
+                choices=[
+                    ("text", "Single Line Text"),
+                    ("phone", "Phone Number"),
+                    ("textarea", "Multi-line Text"),
+                    ("number", "Whole Number"),
+                    ("decimal", "Decimal Number"),
+                    ("currency", "Currency ($)"),
+                    ("date", "Date"),
+                    ("datetime", "Date and Time"),
+                    ("time", "Time"),
+                    ("email", "Email Address"),
+                    ("url", "Website URL"),
+                    ("select", "Dropdown Select"),
+                    ("multiselect", "Multiple Select (Checkboxes)"),
+                    ("multiselect_list", "Multiple Select (List)"),
+                    ("radio", "Radio Buttons"),
+                    ("checkbox", "Single Checkbox"),
+                    ("checkboxes", "Multiple Checkboxes"),
+                    ("file", "File Upload"),
+                    ("multifile", "Multi-File Upload"),
+                    ("hidden", "Hidden Field"),
+                    ("section", "Section Header (not a field)"),
+                    ("calculated", "Calculated / Formula"),
+                    ("spreadsheet", "Spreadsheet Upload (CSV / Excel)"),
+                    ("country", "Country Picker"),
+                    ("us_state", "US State Picker"),
+                    ("signature", "Signature"),
+                    ("rating", "Rating (Stars)"),
+                    ("matrix", "Matrix / Grid"),
+                    ("address", "Address"),
+                    ("slider", "Slider"),
+                ],
+                max_length=20,
+            ),
+        ),
+    ]