better registration form and accompt creation

sites/all/modules/contrib/security/honeypot/.travis.yml

@@ -0,0 +1,40 @@
+---
+language: php
+php: '7.1'
+services: docker
+
+env:
+  DOCKER_COMPOSE_VERSION: 1.13.0
+
+before_install:
+  # List available docker-engine versions.
+  - apt-cache madison docker-engine
+
+  # Upgrade docker.
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+  - sudo apt-get update
+  - sudo apt-get -y install docker-ce
+
+  # Upgrade docker-compose.
+  - sudo rm /usr/local/bin/docker-compose
+  - curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose
+  - chmod +x docker-compose
+  - sudo mv docker-compose /usr/local/bin
+
+  # Pull container.
+  - docker pull geerlingguy/drupal-vm:latest
+
+script:
+  # Build environment and install Honeypot.
+  - docker-compose up -d
+  - docker exec honeypot install-drupal
+  - docker exec honeypot ln -s /opt/honeypot/ /var/www/drupalvm/drupal/web/modules/honeypot
+  - docker exec honeypot bash -c 'cd /var/www/drupalvm/drupal/web; drush en -y honeypot simpletest'
+
+  # Fix permissions on the simpletest directories.
+  - docker exec honeypot chown -R www-data:www-data /var/www/drupalvm/drupal/web/sites/simpletest
+  - docker exec honeypot chown -R www-data:www-data /var/www/drupalvm/drupal/web/sites/default/files
+
+  # Run module tests.
+  - docker exec honeypot bash -c 'sudo -u www-data php /var/www/drupalvm/drupal/web/core/scripts/run-tests.sh --verbose --module honeypot --url http://local.drupalhoneypot.com/'

sites/all/modules/contrib/security/honeypot/LICENSE.txt

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

sites/all/modules/contrib/security/honeypot/README.md

@@ -0,0 +1,56 @@
+
+# Honeypot
+
+[![Build Status](https://travis-ci.org/geerlingguy/drupal-honeypot.svg?branch=8.x-1.x)](https://travis-ci.org/geerlingguy/drupal-honeypot)
+
+
+## Installation
+
+To install this module, `composer require` it, or  place it in your modules
+folder and enable it on the modules page.
+
+
+## Configuration
+
+All settings for this module are on the Honeypot configuration page, under the
+Configuration section, in the Content authoring settings. You can visit the
+configuration page directly at admin/config/content/honeypot.
+
+Note that, when testing Honeypot on your website, make sure you're not logged in
+as an administrative user or user 1; Honeypot allows administrative users to
+bypass Honeypot protection, so by default, Honeypot will not be added to forms
+accessed by site administrators.
+
+
+## Use in Your Own Forms
+
+If you want to add honeypot to your own forms, or to any form through your own
+module's hook_form_alter's, you can simply place the following function call
+inside your form builder function (or inside a hook_form_alter):
+
+    honeypot_add_form_protection(
+      $form,
+      $form_state,
+      ['honeypot', 'time_restriction']
+    );
+
+Note that you can enable or disable either the honeypot field, or the time
+restriction on the form by including or not including the option in the array.
+
+
+## Testing
+
+Honeypot includes a `docker-compose.yml` file that can be used for testing purposes. To build a Drupal 8 environment for local testing, do the following:
+
+  1. Make sure you have Docker for Mac (or for whatever OS you're using) installed.
+  2. Add the following entry to your `/etc/hosts` file: `192.168.22.33   local.drupalhoneypot.com`
+  3. Run `docker-compose up -d` in this directory.
+  4. Install Drupal: `docker exec honeypot install-drupal` (optionally provide a version after `install-drupal`).
+  5. Link the honeypot module directory into the Drupal modules directory: `docker exec honeypot ln -s /opt/honeypot/ /var/www/drupalvm/drupal/web/modules/honeypot`
+  6. Visit `http://local.drupalhoneypot.com/user` and log in using the admin credentials Drush displayed.
+
+
+## Credit
+
+The Honeypot module was originally developed by Jeff Geerling of Midwestern Mac,
+LLC (midwesternmac.com), and sponsored by Flocknote (flocknote.com).

sites/all/modules/contrib/security/honeypot/composer.json

@@ -0,0 +1,16 @@
+{
+  "name": "drupal/honeypot",
+  "description": "Mitigates spam form submissions using the honeypot method.",
+  "type": "drupal-module",
+  "license": "GPL-2.0+",
+  "keywords": ["spam", "php", "form", "honeypot", "honeytrap", "deterrent"],
+  "homepage": "https://www.drupal.org/project/honeypot",
+  "minimum-stability": "dev",
+  "authors": [
+    {
+      "name": "Jeff Geerling",
+      "email": "geerlingguy@mac.com"
+    }
+  ],
+  "require": { }
+}

sites/all/modules/contrib/security/honeypot/config/install/honeypot.settings.yml

@@ -0,0 +1,16 @@
+unprotected_forms:
+  - 'user_login_form'
+  - 'search_form'
+  - 'search_block_form'
+  - 'views_exposed_form'
+  - 'honeypot_settings_form'
+protect_all_forms: false
+log: false
+element_name: 'url'
+time_limit: 5
+expire: 300
+form_settings:
+  user_register_form: false
+  user_pass: false
+  feedback_contact_message_form: false
+  _contact_message_form: false

sites/all/modules/contrib/security/honeypot/config/optional/tour.tour.honeypot.yml

@@ -0,0 +1,59 @@
+id: honeypot
+module: honeypot
+label: Honeypot
+langcode: en
+routes:
+  - route_name: honeypot.config
+tips:
+  honeypot-configuration:
+    id: honeypot-configuration
+    plugin: text
+    label: Honeypot
+    weight: -10
+    body: "Congratulations on installing Honeypot on your site! With just a few clicks, you can have your site well-protected against automated spam bots.\r\n\r\nClick Next to be guided through this configuration page."
+    location: top
+  protect-all-forms:
+    id: protect-all-forms
+    plugin: text
+    label: 'Protect all forms'
+    weight: -9
+    attributes:
+      data-id: edit-protect-all-forms
+    body: "Protecting all the forms is the easiest way to quickly cut down on spam on your site, but doing this disables Drupal's caching for every page where a form is displayed.\r\n\r\nNote: If you have the honeypot time limit enabled, this option may cause issues with Drupal Commerce product forms or similarly-sparse forms that are able to be completed in a very short time."
+    location: bottom
+  log-blocked-form-submissions:
+    id: log-blocked-form-submissions
+    plugin: text
+    label: 'Log blocked form submissions'
+    weight: -8
+    attributes:
+      data-id: edit-log
+    body: 'Check this box to log every form submission using watchdog. If you have Database Logging enabled, you can view these log entries in the Recent log messages page under Reports.'
+    location: bottom
+  honeypot-element-name:
+    id: honeypot-element-name
+    plugin: text
+    label: 'Honeypot Element Name'
+    weight: -7
+    attributes:
+      data-id: edit-element-name
+    body: 'Spam bots typically fill out any field they believe will help get links back to their site, so tempting them with a field named something like ''url'', ''homepage'', or ''link'' makes it hard for them to resist filling in the field—and easy to catch them in the trap and reject their submissions!'
+    location: top
+  honeypot-time-limit:
+    id: honeypot-time-limit
+    plugin: text
+    label: 'Honeypot Time Limit'
+    weight: -6
+    attributes:
+      data-id: edit-time-limit
+    body: 'If you enter a positive value, Honeypot will require that all protected forms take at least that many seconds long to fill out. Most forms take at least 5-10 seconds to complete (if you''re a human), so setting this to a value < 5 will help protect against spam bots. Set to 0 to disable.'
+    location: top
+  honeypot-form-specific-settings:
+    id: honeypot-form-specific-settings
+    plugin: text
+    label: 'Honeypot form-specific settings'
+    weight: -5
+    attributes:
+      data-id: edit-form-settings
+    body: 'If you would like to choose particular forms to be protected by Honeypot, check the forms you wish to protect in this section. Most common types of forms are available for protection.'
+    location: top

sites/all/modules/contrib/security/honeypot/config/schema/honeypot.schema.yml

@@ -0,0 +1,28 @@
+honeypot.settings:
+  type: config_object
+  mapping:
+    protect_all_forms:
+      type: boolean
+      label: 'Protect all forms'
+    unprotected_forms:
+      type: sequence
+      label: 'Unprotected forms'
+      sequence:
+        type: string
+        label: 'Unprotected form'
+    log:
+      type: boolean
+      label: 'Log blocked form submissions'
+    element_name:
+      type: string
+      label: 'Honeypot element name'
+    time_limit:
+      type: integer
+      label: 'Honeypot time limit'
+    expire:
+      type: integer
+      label: 'Expiration'
+    form_settings:
+      type: sequence
+      sequence:
+        type: boolean

sites/all/modules/contrib/security/honeypot/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "3"
+
+services:
+
+  honeypot:
+    image: geerlingguy/drupal-vm
+    container_name: honeypot
+    ports:
+      - 80:80
+      - 443:443
+    privileged: true
+    extra_hosts:
+      local.drupalhoneypot.com: 127.0.0.1
+    dns:
+      - 8.8.8.8
+      - 8.8.4.4
+    volumes:
+      # Switch to the commented line once Docker CE stable has the feature.
+      - ./:/opt/honeypot/:rw
+      # - ./:/opt/honeypot/:rw,delegated
+    command: /lib/systemd/systemd
+    networks:
+      honeypot:
+        ipv4_address: 192.168.22.33
+
+networks:
+
+  honeypot:
+    driver: bridge
+    driver_opts:
+      ip: 192.168.22.1
+    ipam:
+      config:
+        - subnet: "192.168.22.0/16"

sites/all/modules/contrib/security/honeypot/honeypot.api.php

@@ -0,0 +1,100 @@
+<?php
+
+/**
+ * @file
+ * API Functionality for Honeypot module.
+ */
+
+/**
+ * @addtogroup hooks
+ * @{
+ */
+
+/**
+ * Alter the honeypot protections added to a particular form.
+ *
+ * @param array $options
+ *   Protections that will be applied to the form. May be empty, or may include
+ *   'honeypot' and/or 'time_restriction'.
+ * @param array $form
+ *   The Form API form to which protections will be added.
+ */
+function hook_honeypot_form_protections_alter(array &$options, array $form) {
+  // Add 'time_restriction' protection to 'mymodule-form' if it's not set.
+  if ($form['form_id']['#value'] == 'mymodule_form' && !in_array('time_restriction', $options)) {
+    $options[] = 'time_restriction';
+  }
+}
+
+/**
+ * React to an addition of honeypot form protections for a given form_id.
+ *
+ * After honeypot has added its protections to a form, this hook will be called.
+ * You can use this hook to track when and how many times certain protected
+ * forms are displayed to certain users, or for other tracking purposes.
+ *
+ * @param array $options
+ *   Protections that were applied to the form. Includes 'honeypot' and/or
+ *   'time_restriction'.
+ * @param array $form
+ *   The Form API form to which protections were added.
+ */
+function hook_honeypot_add_form_protection(array $options, array $form) {
+  if ($form['form_id']['#value'] == 'mymodule_form') {
+    // Do something...
+  }
+}
+
+/**
+ * React to the rejection of a form submission.
+ *
+ * When honeypot rejects a form submission, it calls this hook with the form ID,
+ * the user ID (0 if anonymous) of the user that was disallowed from submitting
+ * the form, and the reason (type) for the rejection of the form submission.
+ *
+ * @param string $form_id
+ *   Form ID of the form the user was disallowed from submitting.
+ * @param int $uid
+ *   0 for anonymous users, otherwise the user ID of the user.
+ * @param string $type
+ *   String indicating the reason the submission was blocked. Allowed values:
+ *     - honeypot: If honeypot field was filled in.
+ *     - honeypot_time: If form was completed before the configured time limit.
+ */
+function hook_honeypot_reject($form_id, $uid, $type) {
+  if ($form_id == 'mymodule_form') {
+    // Do something...
+  }
+}
+
+/**
+ * Add time to the Honeypot time limit.
+ *
+ * In certain circumstances (for example, on forms routinely targeted by
+ * spammers), you may want to add an additional time delay. You can use this
+ * hook to return additional time (in seconds) to honeypot when it is calculates
+ * the time limit for a particular form.
+ *
+ * @param int $honeypot_time_limit
+ *   The current honeypot time limit (in seconds), to which any additions you
+ *   return will be added.
+ * @param array $form_values
+ *   Array of form values (may be empty).
+ * @param int $number
+ *   Number of times the current user has already fallen into the honeypot trap.
+ *
+ * @return int
+ *   Additional time to add to the honeypot_time_limit, in seconds (integer).
+ */
+function hook_honeypot_time_limit($honeypot_time_limit, array $form_values, $number) {
+  $additions = 0;
+  // If 'some_interesting_value' is set in your form, add 10 seconds to limit.
+  if (!empty($form_values['some_interesting_value']) && $form_values['some_interesting_value']) {
+    $additions = 10;
+  }
+  return $additions;
+}
+
+/**
+ * @} End of "addtogroup hooks".
+ */

sites/all/modules/contrib/security/honeypot/honeypot.info.yml

@@ -0,0 +1,13 @@
+name: Honeypot
+type: module
+description: 'Mitigates spam form submissions using the honeypot method.'
+package: "Spam control"
+# core: 8.x
+configure: honeypot.config
+hidden: false
+
+# Information added by Drupal.org packaging script on 2017-07-12
+version: '8.x-1.27'
+core: '8.x'
+project: 'honeypot'
+datestamp: 1499867346

sites/all/modules/contrib/security/honeypot/honeypot.install

@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * @file
+ * Contains install and update functions for Honeypot.
+ */
+
+use Drupal\Core\Url;
+use Drupal\Core\Link;
+
+/**
+ * Implements hook_schema().
+ */
+function honeypot_schema() {
+  $schema['honeypot_user'] = [
+    'description' => 'Table that stores failed attempts to submit a form.',
+    'fields' => [
+      'uid' => [
+        'description' => 'Foreign key to {users}.uid; uniquely identifies a Drupal user to whom this ACL data applies.',
+        'type' => 'int',
+        'unsigned' => TRUE,
+        'not null' => TRUE,
+      ],
+      'hostname' => [
+        'type' => 'varchar',
+        'length' => 128,
+        'not null' => TRUE,
+        'description' => 'Hostname of user that that triggered honeypot.',
+      ],
+      'timestamp' => [
+        'description' => 'Date/time when the form submission failed, as Unix timestamp.',
+        'type' => 'int',
+        'unsigned' => TRUE,
+        'not null' => TRUE,
+      ],
+    ],
+    'indexes' => [
+      'uid' => ['uid'],
+      'timestamp' => ['timestamp'],
+    ],
+  ];
+  return $schema;
+}
+
+/**
+ * Implements hook_install().
+ */
+function honeypot_install() {
+  if (PHP_SAPI !== 'cli') {
+    $config_url = Url::fromUri('base://admin/config/content/honeypot');
+    drupal_set_message(t(
+      'Honeypot installed successfully. Please <a href=":url">configure Honeypot</a> to protect your forms from spam bots.',
+      [':url' => $config_url->toString()]
+    ));
+  }
+}
+
+/**
+ * Implements hook_uninstall().
+ */
+function honeypot_uninstall() {
+  // Clear the bootstrap cache.
+  \Drupal::cache('bootstrap')->deleteAll();
+}
+
+/**
+ * Adds the 'hostname' column to the {honeypot_user} table.
+ */
+function honeypot_update_8100() {
+  $schema = honeypot_schema();
+  $spec = $schema['honeypot_user']['fields']['hostname'];
+  $spec['initial'] = '';
+  \Drupal::database()->schema()->addField('honeypot_user', 'hostname', $spec);
+}

sites/all/modules/contrib/security/honeypot/honeypot.links.menu.yml

@@ -0,0 +1,5 @@
+honeypot.config:
+  title: Honeypot configuration
+  description: 'Configure Honeypot spam prevention and the forms on which Honeypot will be used.'
+  parent: system.admin_config_content
+  route_name: honeypot.config

sites/all/modules/contrib/security/honeypot/honeypot.module

@@ -0,0 +1,316 @@
+<?php
+
+/**
+ * @file
+ * Honeypot module, for deterring spam bots from completing Drupal forms.
+ */
+
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Component\Utility\Crypt;
+
+/**
+ * Implements hook_cron().
+ */
+function honeypot_cron() {
+  // Delete {honeypot_user} entries older than the value of honeypot_expire.
+  $expire_limit = \Drupal::config('honeypot.settings')->get('expire');
+  \Drupal::database()->delete('honeypot_user')
+    ->condition('timestamp', REQUEST_TIME - $expire_limit, '<')
+    ->execute();
+}
+
+/**
+ * Implements hook_form_alter().
+ *
+ * Add Honeypot features to forms enabled in the Honeypot admin interface.
+ */
+function honeypot_form_alter(&$form, FormStateInterface $form_state, $form_id) {
+  // Don't use for maintenance mode forms (install, update, etc.).
+  if (defined('MAINTENANCE_MODE')) {
+    return;
+  }
+
+  // Add a tag to all forms, so that if they are cached and honeypot
+  // configuration is changed, the cached forms are invalidated and honeypot
+  // protection can be re-evaluated.
+  $form['#cache']['tags'][] = 'config:honeypot.settings';
+
+  // Get list of unprotected forms and setting for whether to protect all forms.
+  $unprotected_forms = \Drupal::config('honeypot.settings')->get('unprotected_forms');
+  $protect_all_forms = \Drupal::config('honeypot.settings')->get('protect_all_forms');
+
+  // If configured to protect all forms, add protection to every form.
+  if ($protect_all_forms && !in_array($form_id, $unprotected_forms)) {
+    // Don't protect system forms - only admins should have access, and system
+    // forms may be programmatically submitted by drush and other modules.
+    if (strpos($form_id, 'system_') === FALSE && strpos($form_id, 'search_') === FALSE && strpos($form_id, 'views_exposed_form_') === FALSE) {
+      honeypot_add_form_protection($form, $form_state, ['honeypot', 'time_restriction']);
+    }
+  }
+
+  // Otherwise add form protection to admin-configured forms.
+  elseif ($forms_to_protect = honeypot_get_protected_forms()) {
+    foreach ($forms_to_protect as $protect_form_id) {
+      // For most forms, do a straight check on the form ID.
+      if ($form_id == $protect_form_id) {
+        honeypot_add_form_protection($form, $form_state, ['honeypot', 'time_restriction']);
+      }
+    }
+  }
+}
+
+/**
+ * Build an array of all the protected forms on the site, by form_id.
+ */
+function honeypot_get_protected_forms() {
+  $forms = &drupal_static(__FUNCTION__);
+
+  // If the data isn't already in memory, get from cache or look it up fresh.
+  if (!isset($forms)) {
+    if ($cache = \Drupal::cache()->get('honeypot_protected_forms')) {
+      $forms = $cache->data;
+    }
+    else {
+      $form_settings = \Drupal::config('honeypot.settings')->get('form_settings');
+      if (!empty($form_settings)) {
+        // Add each form that's enabled to the $forms array.
+        foreach ($form_settings as $form_id => $enabled) {
+          if ($enabled) {
+            $forms[] = $form_id;
+          }
+        }
+      }
+      else {
+        $forms = [];
+      }
+
+      // Save the cached data.
+      \Drupal::cache()->set('honeypot_protected_forms', $forms);
+    }
+  }
+
+  return $forms;
+}
+
+/**
+ * Form builder function to add different types of protection to forms.
+ *
+ * @param array $options
+ *   Array of options to be added to form. Currently accepts 'honeypot' and
+ *   'time_restriction'.
+ */
+function honeypot_add_form_protection(&$form, FormStateInterface $form_state, array $options = []) {
+  $account = \Drupal::currentUser();
+
+  // Allow other modules to alter the protections applied to this form.
+  \Drupal::moduleHandler()->alter('honeypot_form_protections', $options, $form);
+
+  // Don't add any protections if the user can bypass the Honeypot.
+  if ($account->hasPermission('bypass honeypot protection')) {
+    return;
+  }
+
+  // Build the honeypot element.
+  if (in_array('honeypot', $options)) {
+    // Get the element name (default is generic 'url').
+    $honeypot_element = \Drupal::config('honeypot.settings')->get('element_name');
+
+    // Build the honeypot element.
+    $honeypot_class = $honeypot_element . '-textfield';
+    $form[$honeypot_element] = [
+      '#theme_wrappers' => [
+        'container' => [
+          '#id' => NULL,
+          '#attributes' => [
+            'class' => [
+              $honeypot_class,
+            ],
+            'style' => [
+              'display: none !important;',
+            ],
+          ],
+        ],
+      ],
+      '#type' => 'textfield',
+      '#title' => t('Leave this field blank'),
+      '#size' => 20,
+      '#weight' => 100,
+      '#attributes' => ['autocomplete' => 'off'],
+      '#element_validate' => ['_honeypot_honeypot_validate'],
+    ];
+
+  }
+
+  // Set the time restriction for this form (if it's not disabled).
+  if (in_array('time_restriction', $options) && \Drupal::config('honeypot.settings')->get('time_limit') != 0) {
+    // Set the current time in a hidden value to be checked later.
+    $input = $form_state->getUserInput();
+    if (empty($input['honeypot_time'])) {
+      $identifier = Crypt::randomBytesBase64();
+      \Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')->set($identifier, time(), 3600*24);
+    }
+    else {
+      $identifier = $input['honeypot_time'];
+    }
+    $form['honeypot_time'] = [
+      '#type' => 'hidden',
+      '#title' => t('Timestamp'),
+      '#default_value' => $identifier,
+      '#element_validate' => ['_honeypot_time_restriction_validate'],
+      '#cache' => [
+        'max-age' => 0,
+      ],
+    ];
+
+    // Disable page caching to make sure timestamp isn't cached.
+    $account = \Drupal::currentUser();
+    if ($account->id() == 0) {
+      // TODO D8 - Use DIC? See: http://drupal.org/node/1539454
+      // Should this now set 'omit_vary_cookie' instead?
+      Drupal::service('page_cache_kill_switch')->trigger();
+    }
+  }
+
+  // Allow other modules to react to addition of form protection.
+  if (!empty($options)) {
+    \Drupal::moduleHandler()->invokeAll('honeypot_add_form_protection', [$options, $form]);
+  }
+}
+
+/**
+ * Validate honeypot field.
+ */
+function _honeypot_honeypot_validate($element, FormStateInterface $form_state) {
+  // Get the honeypot field value.
+  $honeypot_value = $element['#value'];
+
+  // Make sure it's empty.
+  if (!empty($honeypot_value)) {
+    _honeypot_log($form_state->getValue('form_id'), 'honeypot');
+    $form_state->setErrorByName('', t('There was a problem with your form submission. Please refresh the page and try again.'));
+  }
+}
+
+/**
+ * Validate honeypot's time restriction field.
+ */
+function _honeypot_time_restriction_validate($element, FormStateInterface $form_state) {
+  if ($form_state->isProgrammed()) {
+    // Don't do anything if the form was submitted programmatically.
+    return;
+  }
+
+  $triggering_element = $form_state->getTriggeringElement();
+  // Don't do anything if the triggering element is a preview button.
+  if ($triggering_element['#value'] == t('Preview')) {
+    return;
+  }
+
+  // Get the time value.
+  $identifier = $form_state->getValue('honeypot_time', FALSE);
+  $honeypot_time = \Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')->get($identifier, 0);
+
+  // Get the honeypot_time_limit.
+  $time_limit = honeypot_get_time_limit($form_state->getValues());
+
+  // Make sure current time - (time_limit + form time value) is greater than 0.
+  // If not, throw an error.
+  if (!$honeypot_time || REQUEST_TIME < ($honeypot_time + $time_limit)) {
+    _honeypot_log($form_state->getValue('form_id'), 'honeypot_time');
+    $time_limit = honeypot_get_time_limit();
+    \Drupal::service('keyvalue.expirable')->get('honeypot_time_restriction')->set($identifier, REQUEST_TIME, 3600*24);
+    $form_state->setErrorByName('', t('There was a problem with your form submission. Please wait @limit seconds and try again.', ['@limit' => $time_limit]));
+  }
+}
+
+/**
+ * Log blocked form submissions.
+ *
+ * @param string $form_id
+ *   Form ID for the form on which submission was blocked.
+ * @param string $type
+ *   String indicating the reason the submission was blocked. Allowed values:
+ *     - honeypot: If honeypot field was filled in.
+ *     - honeypot_time: If form was completed before the configured time limit.
+ */
+function _honeypot_log($form_id, $type) {
+  honeypot_log_failure($form_id, $type);
+  if (\Drupal::config('honeypot.settings')->get('log')) {
+    $variables = [
+      '%form'  => $form_id,
+      '@cause' => ($type == 'honeypot') ? t('submission of a value in the honeypot field') : t('submission of the form in less than minimum required time'),
+    ];
+    \Drupal::logger('honeypot')->notice(t('Blocked submission of %form due to @cause.', $variables));
+  }
+}
+
+/**
+ * Look up the time limit for the current user.
+ *
+ * @param array $form_values
+ *   Array of form values (optional).
+ */
+function honeypot_get_time_limit(array $form_values = []) {
+  $account = \Drupal::currentUser();
+  $honeypot_time_limit = \Drupal::config('honeypot.settings')->get('time_limit');
+
+  // Only calculate time limit if honeypot_time_limit has a value > 0.
+  if ($honeypot_time_limit) {
+    $expire_time = \Drupal::config('honeypot.settings')->get('expire');
+
+    // Query the {honeypot_user} table to determine the number of failed
+    // submissions for the current user.
+    $uid = $account->id();
+    $query = \Drupal::database()->select('honeypot_user', 'hu')
+      ->condition('uid', $uid)
+      ->condition('timestamp', REQUEST_TIME - $expire_time, '>');
+
+    // For anonymous users, take the hostname into account.
+    if ($uid === 0) {
+      $hostname = \Drupal::request()->getClientIp();
+      $query->condition('hostname', $hostname);
+    }
+    $number = $query->countQuery()->execute()->fetchField();
+
+    // Don't add more than 30 days' worth of extra time.
+    $honeypot_time_limit = (int) min($honeypot_time_limit + exp($number) - 1, 2592000);
+    // TODO - Only accepts two args.
+    $additions = \Drupal::moduleHandler()->invokeAll('honeypot_time_limit', [
+      $honeypot_time_limit,
+      $form_values,
+      $number,
+    ]);
+    if (count($additions)) {
+      $honeypot_time_limit += array_sum($additions);
+    }
+  }
+  return $honeypot_time_limit;
+}
+
+/**
+ * Log the failed submission with timestamp and hostname.
+ *
+ * @param string $form_id
+ *   Form ID for the rejected form submission.
+ * @param string $type
+ *   String indicating the reason the submission was blocked. Allowed values:
+ *     - honeypot: If honeypot field was filled in.
+ *     - honeypot_time: If form was completed before the configured time limit.
+ */
+function honeypot_log_failure($form_id, $type) {
+  $account = \Drupal::currentUser();
+  $uid = $account->id();
+
+  // Log failed submissions.
+  \Drupal::database()->insert('honeypot_user')
+    ->fields([
+      'uid' => $uid,
+      'hostname' => Drupal::request()->getClientIp(),
+      'timestamp' => REQUEST_TIME,
+    ])
+    ->execute();
+
+  // Allow other modules to react to honeypot rejections.
+  // TODO - Only accepts two args.
+  \Drupal::moduleHandler()->invokeAll('honeypot_reject', [$form_id, $uid, $type]);
+}

sites/all/modules/contrib/security/honeypot/honeypot.permissions.yml

@@ -0,0 +1,7 @@
+'administer honeypot':
+  title: 'Administer Honeypot'
+  description: 'Administer Honeypot-protected forms and settings.'
+
+'bypass honeypot protection':
+  title: 'Bypass Honeypot protection'
+  description: 'Bypass Honeypot form protection.'

sites/all/modules/contrib/security/honeypot/honeypot.routing.yml

@@ -0,0 +1,7 @@
+honeypot.config:
+  path: '/admin/config/content/honeypot'
+  defaults:
+    _form: '\Drupal\honeypot\Controller\HoneypotSettingsController'
+    _title: 'Honeypot configuration'
+  requirements:
+    _permission: 'administer honeypot'

sites/all/modules/contrib/security/honeypot/src/Controller/HoneypotSettingsController.php

@@ -0,0 +1,329 @@
+<?php
+
+namespace Drupal\honeypot\Controller;
+
+use Drupal\Component\Utility\Html;
+use Drupal\Core\Form\ConfigFormBase;
+use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\node\Entity\NodeType;
+use Drupal\comment\Entity\CommentType;
+use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\Entity\EntityTypeBundleInfoInterface;
+use Drupal\Core\Cache\CacheBackendInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Returns responses for Honeypot module routes.
+ */
+class HoneypotSettingsController extends ConfigFormBase {
+
+  /**
+   * The module handler service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
+  /**
+   * The entity type manager.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * The entity type bundle info service.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeBundleInfoInterface
+   */
+  protected $entityTypeBundleInfo;
+
+  /**
+   * A cache backend interface.
+   *
+   * @var \Drupal\Core\Cache\CacheBackendInterface
+   */
+  protected $cache;
+
+  /**
+   * Constructs a settings controller.
+   *
+   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
+   *   The factory for configuration objects.
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module handler.
+   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
+   *   The entity type manager.
+   * @param \Drupal\Core\Entity\EntityTypeBundleInfoInterface $entity_type_bundle_info
+   *   The entity type bundle info service.
+   * @param \Drupal\Core\Cache\CacheBackendInterface $cache_backend
+   *   The cache backend interface.
+   */
+  public function __construct(ConfigFactoryInterface $config_factory, ModuleHandlerInterface $module_handler, EntityTypeManagerInterface $entity_type_manager, EntityTypeBundleInfoInterface $entity_type_bundle_info, CacheBackendInterface $cache_backend) {
+    parent::__construct($config_factory);
+    $this->moduleHandler = $module_handler;
+    $this->entityTypeManager = $entity_type_manager;
+    $this->entityTypeBundleInfo = $entity_type_bundle_info;
+    $this->cache = $cache_backend;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('config.factory'),
+      $container->get('module_handler'),
+      $container->get('entity_type.manager'),
+      $container->get('entity_type.bundle.info'),
+      $container->get('cache.default')
+    );
+  }
+
+  /**
+   * Get a value from the retrieved form settings array.
+   */
+  public function getFormSettingsValue($form_settings, $form_id) {
+    // If there are settings in the array and the form ID already has a setting,
+    // return the saved setting for the form ID.
+    if (!empty($form_settings) && isset($form_settings[$form_id])) {
+      return $form_settings[$form_id];
+    }
+    // Default to false.
+    else {
+      return 0;
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function getEditableConfigNames() {
+    return ['honeypot.settings'];
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'honeypot_settings_form';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    // Honeypot Configuration.
+    $form['configuration'] = [
+      '#type' => 'fieldset',
+      '#title' => $this->t('Honeypot Configuration'),
+      '#collapsible' => TRUE,
+      '#collapsed' => FALSE,
+    ];
+    $form['configuration']['protect_all_forms'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Protect all forms with Honeypot'),
+      '#description' => $this->t('Enable Honeypot protection for ALL forms on this site (it is best to only enable Honeypot for the forms you need below).'),
+      '#default_value' => $this->config('honeypot.settings')->get('protect_all_forms'),
+    ];
+    $form['configuration']['protect_all_forms']['#description'] .= '<br />' . $this->t('<strong>Page caching will be disabled on any page where a form is present if the Honeypot time limit is not set to 0.</strong>');
+    $form['configuration']['log'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Log blocked form submissions'),
+      '#description' => $this->t('Log submissions that are blocked due to Honeypot protection.'),
+      '#default_value' => $this->config('honeypot.settings')->get('log'),
+    ];
+    $form['configuration']['element_name'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Honeypot element name'),
+      '#description' => $this->t("The name of the Honeypot form field. It's usually most effective to use a generic name like email, homepage, or link, but this should be changed if it interferes with fields that are already in your forms. Must not contain spaces or special characters."),
+      '#default_value' => $this->config('honeypot.settings')->get('element_name'),
+      '#required' => TRUE,
+      '#size' => 30,
+    ];
+    $form['configuration']['time_limit'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Honeypot time limit'),
+      '#description' => $this->t('Minimum time required before form should be considered entered by a human instead of a bot. Set to 0 to disable.'),
+      '#default_value' => $this->config('honeypot.settings')->get('time_limit'),
+      '#required' => TRUE,
+      '#size' => 5,
+      '#field_suffix' => $this->t('seconds'),
+    ];
+    $form['configuration']['time_limit']['#description'] .= '<br />' . $this->t('<strong>Page caching will be disabled if there is a form protected by time limit on the page.</strong>');
+
+    // Honeypot Enabled forms.
+    $form_settings = $this->config('honeypot.settings')->get('form_settings');
+    $form['form_settings'] = [
+      '#type' => 'fieldset',
+      '#title' => $this->t('Honeypot Enabled Forms'),
+      '#description' => $this->t("Check the boxes next to individual forms on which you'd like Honeypot protection enabled."),
+      '#collapsible' => TRUE,
+      '#collapsed' => FALSE,
+      '#tree' => TRUE,
+      '#states' => [
+        // Hide this fieldset when all forms are protected.
+        'invisible' => [
+          'input[name="protect_all_forms"]' => ['checked' => TRUE],
+        ],
+      ],
+    ];
+
+    // Generic forms.
+    $form['form_settings']['general_forms'] = ['#markup' => '<h5>' . $this->t('General Forms') . '</h5>'];
+    // User register form.
+    $form['form_settings']['user_register_form'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('User Registration form'),
+      '#default_value' => $this->getFormSettingsValue($form_settings, 'user_register_form'),
+    ];
+    // User password form.
+    $form['form_settings']['user_pass'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('User Password Reset form'),
+      '#default_value' => $this->getFormSettingsValue($form_settings, 'user_pass'),
+    ];
+
+    // If contact.module enabled, add contact forms.
+    if ($this->moduleHandler->moduleExists('contact')) {
+      $form['form_settings']['contact_forms'] = ['#markup' => '<h5>' . $this->t('Contact Forms') . '</h5>'];
+
+      $bundles = $this->entityTypeBundleInfo->getBundleInfo('contact_message');
+      $formController = $this->entityTypeManager->getFormObject('contact_message', 'default');
+
+      foreach ($bundles as $bundle_key => $bundle) {
+        $stub = $this->entityTypeManager->getStorage('contact_message')->create([
+          'contact_form' => $bundle_key,
+        ]);
+        $formController->setEntity($stub);
+        $form_id = $formController->getFormId();
+
+        $form['form_settings'][$form_id] = [
+          '#type' => 'checkbox',
+          '#title' => Html::escape($bundle['label']),
+          '#default_value' => $this->getFormSettingsValue($form_settings, $form_id),
+        ];
+      }
+    }
+
+    // Node types for node forms.
+    if ($this->moduleHandler->moduleExists('node')) {
+      $types = NodeType::loadMultiple();
+      if (!empty($types)) {
+        // Node forms.
+        $form['form_settings']['node_forms'] = ['#markup' => '<h5>' . $this->t('Node Forms') . '</h5>'];
+        foreach ($types as $type) {
+          $id = 'node_' . $type->get('type') . '_form';
+          $form['form_settings'][$id] = [
+            '#type' => 'checkbox',
+            '#title' => $this->t('@name node form', ['@name' => $type->label()]),
+            '#default_value' => $this->getFormSettingsValue($form_settings, $id),
+          ];
+        }
+      }
+    }
+
+    // Comment types for comment forms.
+    if ($this->moduleHandler->moduleExists('comment')) {
+      $types = CommentType::loadMultiple();
+      if (!empty($types)) {
+        $form['form_settings']['comment_forms'] = ['#markup' => '<h5>' . $this->t('Comment Forms') . '</h5>'];
+        foreach ($types as $type) {
+          $id = 'comment_' . $type->id() . '_form';
+          $form['form_settings'][$id] = [
+            '#type' => 'checkbox',
+            '#title' => $this->t('@name comment form', ['@name' => $type->label()]),
+            '#default_value' => $this->getFormSettingsValue($form_settings, $id),
+          ];
+        }
+      }
+    }
+
+    // Store the keys we want to save in configuration when form is submitted.
+    $keys_to_save = array_keys($form['configuration']);
+    foreach ($keys_to_save as $key => $key_to_save) {
+      if (strpos($key_to_save, '#') !== FALSE) {
+        unset($keys_to_save[$key]);
+      }
+    }
+    $form_state->setStorage(['keys' => $keys_to_save]);
+
+    // For now, manually add submit button. Hopefully, by the time D8 is
+    // released, there will be something like system_settings_form() in D7.
+    $form['actions']['#type'] = 'container';
+    $form['actions']['submit'] = [
+      '#type' => 'submit',
+      '#value' => $this->t('Save configuration'),
+    ];
+
+    return $form;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function validateForm(array &$form, FormStateInterface $form_state) {
+    // Make sure the time limit is a positive integer or 0.
+    $time_limit = $form_state->getValue('time_limit');
+    if ((is_numeric($time_limit) && $time_limit > 0) || $time_limit === '0') {
+      if (ctype_digit($time_limit)) {
+        // Good to go.
+      }
+      else {
+        $form_state->setErrorByName('time_limit', $this->t("The time limit must be a positive integer or 0."));
+      }
+    }
+    else {
+      $form_state->setErrorByName('time_limit', $this->t("The time limit must be a positive integer or 0."));
+    }
+
+    // Make sure Honeypot element name only contains A-Z, 0-9.
+    if (!preg_match("/^[-_a-zA-Z0-9]+$/", $form_state->getValue('element_name'))) {
+      $form_state->setErrorByName('element_name', $this->t("The element name cannot contain spaces or other special characters."));
+    }
+
+    // Make sure Honeypot element name starts with a letter.
+    if (!preg_match("/^[a-zA-Z].+$/", $form_state->getValue('element_name'))) {
+      $form_state->setErrorByName('element_name', $this->t("The element name must start with a letter."));
+    }
+
+    // Make sure Honeypot element name isn't one of the reserved names.
+    $reserved_element_names = [
+      'name',
+      'pass',
+      'website',
+    ];
+    if (in_array($form_state->getValue('element_name'), $reserved_element_names)) {
+      $form_state->setErrorByName('element_name', $this->t("The element name cannot match one of the common Drupal form field names (e.g. @names).", ['@names' => implode(', ', $reserved_element_names)]));
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    $config = $this->config('honeypot.settings');
+    $storage = $form_state->getStorage();
+
+    // Save all the Honeypot configuration items from $form_state.
+    foreach ($form_state->getValues() as $key => $value) {
+      if (in_array($key, $storage['keys'])) {
+        $config->set($key, $value);
+      }
+    }
+
+    // Save the honeypot forms from $form_state into a 'form_settings' array.
+    $config->set('form_settings', $form_state->getValue('form_settings'));
+
+    $config->save();
+
+    // Clear the honeypot protected forms cache.
+    $this->cache->delete('honeypot_protected_forms');
+
+    // Tell the user the settings have been saved.
+    drupal_set_message($this->t('The configuration options have been saved.'));
+  }
+
+}

sites/all/modules/contrib/security/honeypot/src/Tests/HoneypotAdminFormTest.php

@@ -0,0 +1,96 @@
+<?php
+
+namespace Drupal\honeypot\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Test Honeypot spam protection admin form functionality.
+ *
+ * @group honeypot
+ */
+class HoneypotAdminFormTest extends WebTestBase {
+
+  protected $adminUser;
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['honeypot'];
+
+  /**
+   * Setup before test.
+   */
+  public function setUp() {
+    // Enable modules required for this test.
+    parent::setUp();
+
+    // Set up admin user.
+    $this->adminUser = $this->drupalCreateUser([
+      'administer honeypot',
+      'bypass honeypot protection',
+    ]);
+  }
+
+  /**
+   * Test a valid element name.
+   */
+  public function testElementNameUpdateSuccess() {
+    // Log in the admin user.
+    $this->drupalLogin($this->adminUser);
+
+    // Set up form and submit it.
+    $edit['element_name'] = "test";
+    $this->drupalPostForm('admin/config/content/honeypot', $edit, t('Save configuration'));
+
+    // Form should have been submitted successfully.
+    $this->assertText(t('The configuration options have been saved.'), 'Honeypot element name assertion works for valid names.');
+
+    // Set up form and submit it.
+    $edit['element_name'] = "test-1";
+    $this->drupalPostForm('admin/config/content/honeypot', $edit, t('Save configuration'));
+
+    // Form should have been submitted successfully.
+    $this->assertText(t('The configuration options have been saved.'), 'Honeypot element name assertion works for valid names with dashes and numbers.');
+  }
+
+  /**
+   * Test an invalid element name (invalid first character).
+   */
+  public function testElementNameUpdateFirstCharacterFail() {
+    // Log in the admin user.
+    $this->drupalLogin($this->adminUser);
+
+    // Set up form and submit it.
+    $edit['element_name'] = "1test";
+    $this->drupalPostForm('admin/config/content/honeypot', $edit, t('Save configuration'));
+
+    // Form submission should fail.
+    $this->assertText(t('The element name must start with a letter.'), 'Honeypot element name assertion works for invalid names.');
+  }
+
+  /**
+   * Test an invalid element name (invalid character in name).
+   */
+  public function testElementNameUpdateInvalidCharacterFail() {
+    // Log in the admin user.
+    $this->drupalLogin($this->adminUser);
+
+    // Set up form and submit it.
+    $edit['element_name'] = "special-character-&";
+    $this->drupalPostForm('admin/config/content/honeypot', $edit, t('Save configuration'));
+
+    // Form submission should fail.
+    $this->assertText(t('The element name cannot contain spaces or other special characters.'), 'Honeypot element name assertion works for invalid names with special characters.');
+
+    // Set up form and submit it.
+    $edit['element_name'] = "space in name";
+    $this->drupalPostForm('admin/config/content/honeypot', $edit, t('Save configuration'));
+
+    // Form submission should fail.
+    $this->assertText(t('The element name cannot contain spaces or other special characters.'), 'Honeypot element name assertion works for invalid names with spaces.');
+  }
+
+}

sites/all/modules/contrib/security/honeypot/src/Tests/HoneypotFormCacheTest.php

@@ -0,0 +1,137 @@
+<?php
+
+namespace Drupal\honeypot\Tests;
+
+use Drupal\comment\Tests\CommentTestTrait;
+use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\contact\Entity\ContactForm;
+use Drupal\simpletest\WebTestBase;
+use Drupal\user\Entity\Role;
+use Drupal\user\RoleInterface;
+
+/**
+ * Tests page caching on Honeypot protected forms.
+ *
+ * @group honeypot
+ */
+class HoneypotFormCacheTest extends WebTestBase {
+
+  use CommentTestTrait;
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['honeypot', 'node', 'comment', 'contact'];
+
+  protected $node;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+
+    // Set up required Honeypot configuration.
+    $honeypot_config = \Drupal::configFactory()->getEditable('honeypot.settings');
+    $honeypot_config->set('element_name', 'url');
+    // Enable time_limit protection.
+    $honeypot_config->set('time_limit', 5);
+    // Test protecting all forms.
+    $honeypot_config->set('protect_all_forms', TRUE);
+    $honeypot_config->set('log', FALSE);
+    $honeypot_config->save();
+
+    // Set up other required configuration.
+    $user_config = \Drupal::configFactory()->getEditable('user.settings');
+    $user_config->set('verify_mail', TRUE);
+    $user_config->set('register', USER_REGISTER_VISITORS);
+    $user_config->save();
+
+    // Create an Article node type.
+    if ($this->profile != 'standard') {
+      $this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
+      // Create comment field on article.
+      $this->addDefaultCommentField('node', 'article');
+    }
+  }
+
+  /**
+   * Test enabling and disabling of page cache based on time limit settings.
+   */
+  public function testCacheContactForm() {
+    // Create a Website feedback contact form.
+    $feedback_form = ContactForm::create([
+      'id' => 'feedback',
+      'label' => 'Website feedback',
+      'recipients' => [],
+      'reply' => '',
+      'weight' => 0,
+    ]);
+    $feedback_form->save();
+    $contact_settings = \Drupal::configFactory()->getEditable('contact.settings');
+    $contact_settings->set('default_form', 'feedback')->save();
+
+    // Give anonymous users permission to view contact form.
+    Role::load(RoleInterface::ANONYMOUS_ID)
+      ->grantPermission('access site-wide contact form')
+      ->save();
+
+    // Prime the cache.
+    $this->drupalGet('contact/feedback');
+
+    // Test on cache header with time limit enabled, cache should miss.
+    $this->drupalGet('contact/feedback');
+    $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), '', 'Page was not cached.');
+
+    // Disable time limit.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 0)->save();
+
+    // Prime the cache.
+    $this->drupalGet('contact/feedback');
+    // Test on cache header with time limit disabled, cache should hit.
+    $this->drupalGet('contact/feedback');
+    $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
+
+    // Re-enable the time limit, we should not be seeing the cached version.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 5)->save();
+    $this->drupalGet('contact/feedback');
+    $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), '', 'Page was not cached.');
+  }
+
+  /**
+   * Test enabling and disabling of page cache based on time limit settings.
+   */
+  public function testCacheCommentForm() {
+    // Set up example node.
+    $this->node = $this->drupalCreateNode([
+      'type' => 'article',
+      'comment' => CommentItemInterface::OPEN,
+    ]);
+
+    // Give anonymous users permission to post comments.
+    Role::load(RoleInterface::ANONYMOUS_ID)
+      ->grantPermission('post comments')
+      ->grantPermission('access comments')
+      ->save();
+
+    // Prime the cache.
+    $this->drupalGet('node/' . $this->node->id());
+
+    // Test on cache header with time limit enabled, cache should miss.
+    $this->drupalGet('node/' . $this->node->id());
+    $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), '', 'Page was not cached.');
+
+    // Disable time limit.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 0)->save();
+
+    // Prime the cache.
+    $this->drupalGet('node/' . $this->node->id());
+
+    // Test on cache header with time limit disabled, cache should hit.
+    $this->drupalGet('node/' . $this->node->id());
+    $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', 'Page was cached.');
+
+  }
+
+}

sites/all/modules/contrib/security/honeypot/src/Tests/HoneypotFormProgrammaticSubmissionTest.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Drupal\honeypot\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Test programmatic submission of forms protected by Honeypot.
+ *
+ * @group honeypot
+ */
+class HoneypotFormProgrammaticSubmissionTest extends WebTestBase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['honeypot', 'honeypot_test', 'user'];
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+
+    // Set up required Honeypot configuration.
+    $honeypot_config = \Drupal::configFactory()->getEditable('honeypot.settings');
+    $honeypot_config->set('element_name', 'url');
+    $honeypot_config->set('time_limit', 5);
+    $honeypot_config->set('protect_all_forms', TRUE);
+    $honeypot_config->set('log', FALSE);
+    $honeypot_config->save();
+
+    $this->drupalCreateUser([], 'robo-user');
+  }
+
+  /**
+   * Trigger a programmatic form submission and verify the validation errors.
+   */
+  public function testProgrammaticFormSubmission() {
+    $result = $this->drupalGet('/honeypot_test/submit_form');
+    $form_errors = (array) json_decode($result);
+    $this->assertNoRaw('There was a problem with your form submission. Please wait 6 seconds and try again.');
+    $this->assertFalse($form_errors, 'The were no validation errors when submitting the form.');
+  }
+
+}

sites/all/modules/contrib/security/honeypot/src/Tests/HoneypotFormTest.php

@@ -0,0 +1,254 @@
+<?php
+
+namespace Drupal\honeypot\Tests;
+
+use Drupal\simpletest\WebTestBase;
+use Drupal\comment\Tests\CommentTestTrait;
+use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\contact\Entity\ContactForm;
+
+/**
+ * Test Honeypot spam protection functionality.
+ *
+ * @group honeypot
+ */
+class HoneypotFormTest extends WebTestBase {
+
+  use CommentTestTrait;
+
+  protected $adminUser;
+  protected $webUser;
+  protected $node;
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['honeypot', 'node', 'comment', 'contact'];
+
+  /**
+   * Setup before test.
+   */
+  public function setUp() {
+    // Enable modules required for this test.
+    parent::setUp();
+
+    // Set up required Honeypot configuration.
+    $honeypot_config = \Drupal::configFactory()->getEditable('honeypot.settings');
+    $honeypot_config->set('element_name', 'url');
+    // Disable time_limit protection.
+    $honeypot_config->set('time_limit', 0);
+    // Test protecting all forms.
+    $honeypot_config->set('protect_all_forms', TRUE);
+    $honeypot_config->set('log', FALSE);
+    $honeypot_config->save();
+
+    // Set up other required configuration.
+    $user_config = \Drupal::configFactory()->getEditable('user.settings');
+    $user_config->set('verify_mail', TRUE);
+    $user_config->set('register', USER_REGISTER_VISITORS);
+    $user_config->save();
+
+    // Create an Article node type.
+    if ($this->profile != 'standard') {
+      $this->drupalCreateContentType(['type' => 'article', 'name' => 'Article']);
+      // Create comment field on article.
+      $this->addDefaultCommentField('node', 'article');
+    }
+
+    // Set up admin user.
+    $this->adminUser = $this->drupalCreateUser([
+      'administer honeypot',
+      'bypass honeypot protection',
+      'administer content types',
+      'administer users',
+      'access comments',
+      'post comments',
+      'skip comment approval',
+      'administer comments',
+    ]);
+
+    // Set up web user.
+    $this->webUser = $this->drupalCreateUser([
+      'access comments',
+      'post comments',
+      'create article content',
+      'access site-wide contact form',
+    ]);
+
+    // Set up example node.
+    $this->node = $this->drupalCreateNode([
+      'type' => 'article',
+      'comment' => CommentItemInterface::OPEN,
+    ]);
+  }
+
+  /**
+   * Make sure user login form is not protected.
+   */
+  public function testUserLoginNotProtected() {
+    $this->drupalGet('user');
+    $this->assertNoText('id="edit-url" name="url"', 'Honeypot not enabled on user login form.');
+  }
+
+  /**
+   * Test user registration (anonymous users).
+   */
+  public function testProtectRegisterUserNormal() {
+    // Set up form and submit it.
+    $edit['name'] = $this->randomMachineName();
+    $edit['mail'] = $edit['name'] . '@example.com';
+    $this->drupalPostForm('user/register', $edit, t('Create new account'));
+
+    // Form should have been submitted successfully.
+    $this->assertText(t('A welcome message with further instructions has been sent to your email address.'), 'User registered successfully.');
+  }
+
+  /**
+   * Test for user register honeypot filled.
+   */
+  public function testProtectUserRegisterHoneypotFilled() {
+    // Set up form and submit it.
+    $edit['name'] = $this->randomMachineName();
+    $edit['mail'] = $edit['name'] . '@example.com';
+    $edit['url'] = 'http://www.example.com/';
+    $this->drupalPostForm('user/register', $edit, t('Create new account'));
+
+    // Form should have error message.
+    $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Registration form protected by honeypot.');
+  }
+
+  /**
+   * Test for user register too fast.
+   */
+  public function testProtectRegisterUserTooFast() {
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 1)->save();
+
+    // First attempt a submission that does not trigger honeypot.
+    $edit['name'] = $this->randomMachineName();
+    $edit['mail'] = $edit['name'] . '@example.com';
+    $this->drupalGet('user/register');
+    sleep(2);
+    $this->drupalPostForm(NULL, $edit, t('Create new account'));
+    $this->assertNoText(t('There was a problem with your form submission.'));
+
+    // Set the time limit a bit higher so we can trigger honeypot.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 5)->save();
+
+    // Set up form and submit it.
+    $edit['name'] = $this->randomMachineName();
+    $edit['mail'] = $edit['name'] . '@example.com';
+    $this->drupalPostForm('user/register', $edit, t('Create new account'));
+
+    // Form should have error message.
+    $this->assertText(t('There was a problem with your form submission. Please wait 6 seconds and try again.'), 'Registration form protected by time limit.');
+  }
+
+  /**
+   * Test comment form protection.
+   */
+  public function testProtectCommentFormNormal() {
+    $comment = 'Test comment.';
+
+    // Disable time limit for honeypot.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 0)->save();
+
+    // Log in the web user.
+    $this->drupalLogin($this->webUser);
+
+    // Set up form and submit it.
+    $edit["comment_body[0][value]"] = $comment;
+    $this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit, t('Save'));
+    $this->assertText(t('Your comment has been queued for review'), 'Comment posted successfully.');
+  }
+
+  /**
+   * Test for comment form honeypot filled.
+   */
+  public function testProtectCommentFormHoneypotFilled() {
+    $comment = 'Test comment.';
+
+    // Log in the web user.
+    $this->drupalLogin($this->webUser);
+
+    // Set up form and submit it.
+    $edit["comment_body[0][value]"] = $comment;
+    $edit['url'] = 'http://www.example.com/';
+    $this->drupalPostForm('comment/reply/node/' . $this->node->id() . '/comment', $edit, t('Save'));
+    $this->assertText(t('There was a problem with your form submission. Please refresh the page and try again.'), 'Comment posted successfully.');
+  }
+
+  /**
+   * Test for comment form honeypot bypass.
+   */
+  public function testProtectCommentFormHoneypotBypass() {
+    // Log in the admin user.
+    $this->drupalLogin($this->adminUser);
+
+    // Get the comment reply form and ensure there's no 'url' field.
+    $this->drupalGet('comment/reply/node/' . $this->node->id() . '/comment');
+    $this->assertNoText('id="edit-url" name="url"', 'Honeypot home page field not shown.');
+  }
+
+  /**
+   * Test node form protection.
+   */
+  public function testProtectNodeFormTooFast() {
+    // Log in the admin user.
+    $this->drupalLogin($this->webUser);
+
+    // Reset the time limit to 5 seconds.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('time_limit', 5)->save();
+
+    // Set up the form and submit it.
+    $edit["title[0][value]"] = 'Test Page';
+    $this->drupalPostForm('node/add/article', $edit, t('Save'));
+    $this->assertText(t('There was a problem with your form submission.'), 'Honeypot node form timestamp protection works.');
+  }
+
+  /**
+   * Test node form protection.
+   */
+  public function testProtectNodeFormPreviewPassthru() {
+    // Log in the admin user.
+    $this->drupalLogin($this->webUser);
+
+    // Post a node form using the 'Preview' button and make sure it's allowed.
+    $edit["title[0][value]"] = 'Test Page';
+    $this->drupalPostForm('node/add/article', $edit, t('Preview'));
+    $this->assertNoText(t('There was a problem with your form submission.'), 'Honeypot not blocking node form previews.');
+  }
+
+  /**
+   * Test protection on the Contact form.
+   */
+  public function testProtectContactForm() {
+    $this->drupalLogin($this->adminUser);
+
+    // Disable 'protect_all_forms'.
+    \Drupal::configFactory()->getEditable('honeypot.settings')->set('protect_all_forms', FALSE)->save();
+
+    // Create a Website feedback contact form.
+    $feedback_form = ContactForm::create([
+      'id' => 'feedback',
+      'label' => 'Website feedback',
+      'recipients' => [],
+      'reply' => '',
+      'weight' => 0,
+    ]);
+    $feedback_form->save();
+    $contact_settings = \Drupal::configFactory()->getEditable('contact.settings');
+    $contact_settings->set('default_form', 'feedback')->save();
+
+    // Submit the admin form so we can verify the right forms are displayed.
+    $this->drupalPostForm('admin/config/content/honeypot', [
+      'form_settings[contact_message_feedback_form]' => TRUE,
+    ], t('Save configuration'));
+
+    $this->drupalLogin($this->webUser);
+    $this->drupalGet('contact/feedback');
+    $this->assertField('url', 'Honeypot field is added to Contact form.');
+  }
+
+}

sites/all/modules/contrib/security/honeypot/tests/modules/honeypot_test/honeypot_test.info.yml

@@ -0,0 +1,12 @@
+name: honeypot_test
+type: module
+description: Support module for Honeypot internal testing purposes.
+# core: 8.x
+package: Testing
+hidden: true
+
+# Information added by Drupal.org packaging script on 2017-07-12
+version: '8.x-1.27'
+core: '8.x'
+project: 'honeypot'
+datestamp: 1499867346

sites/all/modules/contrib/security/honeypot/tests/modules/honeypot_test/honeypot_test.routing.yml

@@ -0,0 +1,8 @@
+honeypot_test.submit_form:
+  path: '/honeypot_test/submit_form'
+  defaults:
+    _title: 'Test programmatic form submission'
+    _controller: '\Drupal\honeypot_test\Controller\HoneypotTestController::submitFormPage'
+  requirements:
+    # This is a test form, we don't need to worry about access.
+    _access: 'TRUE'

sites/all/modules/contrib/security/honeypot/tests/modules/honeypot_test/src/Controller/HoneypotTestController.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Drupal\honeypot_test\Controller;
+
+use Drupal\Core\Form\FormState;
+use Symfony\Component\HttpFoundation\JsonResponse;
+
+/**
+ * Controller for honeypot_test routes.
+ */
+class HoneypotTestController {
+
+  /**
+   * Page that triggers a programmatic form submission.
+   *
+   * Returns the validation errors triggered by the form submission as json.
+   */
+  public function submitFormPage() {
+    $form_state = new FormState();
+    $values = [
+      'name' => 'robo-user',
+      'mail' => 'robouser@example.com',
+      'op' => t('Submit'),
+    ];
+    $form_state->setValues($values);
+    \Drupal::formBuilder()->submitForm('\Drupal\user\Form\UserPasswordForm', $form_state);
+
+    return new JsonResponse($form_state->getErrors());
+  }
+
+}

sites/all/modules/contrib/users/email_registration/LICENSE.txt

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

sites/all/modules/contrib/users/email_registration/README.txt

@@ -0,0 +1,44 @@
+Email Registration allows users to register and login with their e-mail address
+instead of using a separate username in addition to the e-mail address. It will
+automatically generate a username based on the e-mail address but that behavior
+can be overridden with a custom hook implementation in a site specific module.
+
+INSTALLATION
+============
+
+Required step:
+
+1. Enable the module as you normally would.
+
+
+Optional steps:
+
+2. You will probably want to change the welcome e-mail
+    (Administer -> User Management -> User Settings) and replace instances of
+    the token !username with !mailto
+
+3. This automatically generated username is still displayed name for posts,
+    comments, etc. You can allow your users to change their username by
+    going to: (Administer -> User Management -> Access Control) and granting
+    the permission to "change own username"
+    This privilege allows a user to change their username in "My Account".
+
+4. If a user enters an invalid email or password they will see a message:
+ "Sorry, unrecognized username or password. Have you forgotten your password?"
+    That message is confusing because it mentions username when all other
+    language on the page mentions entering their E-mail. This can be easily
+    overridden in your settings.php file with an entry like this:
+
+$conf['locale_custom_strings_en'][''] = array(
+  'Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>' => 'Sorry, unrecognized e-mail or password. <a href="@password">Have you forgotten your password?</a>',
+);
+
+
+
+
+BUGS, FEATURES, QUESTIONS
+=========================
+Post any bugs, features or questions to the issue queue:
+
+http://drupal.org/project/issues/email_registration
+

sites/all/modules/contrib/users/email_registration/config/install/email_registration.settings.yml

@@ -0,0 +1 @@
+login_with_username: FALSE

sites/all/modules/contrib/users/email_registration/config/schema/email_registration.schema.yml

@@ -0,0 +1,7 @@
+email_registration.settings:
+  type: config_object
+  label: 'Email registration config'
+  mapping:
+    login_with_username:
+      type: boolean
+      label: 'Allow users to log in with e-mail or username.'

sites/all/modules/contrib/users/email_registration/email_registration.api.php

@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * @file
+ * Documentation for email_registration module API.
+ */
+
+use Drupal\user\UserInterface;
+
+/**
+ * @addtogroup hooks
+ * @{
+ */
+
+/**
+ * Implement this hook to generate a username for email_registration module.
+ *
+ * Other modules may implement hook_email_registration_name($account)
+ * to generate a username (return a string to be used as the username, NULL
+ * to have email_registration generate it).
+ *
+ * @param \Drupal\user\UserInterface $account
+ *   The user object on which the operation is being performed.
+ *
+ * @return string
+ *   A string defining a generated username.
+ */
+function hook_email_registration_name(UserInterface $account) {
+  // Your hook implementation should ensure that the resulting string
+  // works as a username. You can use email_registration_cleanup_username($name)
+  // to clean up the name.
+  return email_registration_cleanup_username('u' . $account->id());
+}
+
+/**
+ * @} End of "addtogroup hooks".
+ */

sites/all/modules/contrib/users/email_registration/email_registration.info.yml

@@ -0,0 +1,12 @@
+name: Email Registration
+type: module
+description: 'Allows users to register with an e-mail address as their username.'
+# core: 8.x
+dependencies:
+  - drupal:user
+
+# Information added by Drupal.org packaging script on 2017-04-04
+version: '8.x-1.0-rc5'
+core: '8.x'
+project: 'email_registration'
+datestamp: 1491318185

sites/all/modules/contrib/users/email_registration/email_registration.install

@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * @file
+ * Update and installation requirement hooks for the Email Registration module.
+ */
+
+/**
+ * Implements hook_requirements().
+ */
+function email_registration_requirements() {
+  $requirements = array();
+
+  // @todo Get rid of variable_get() and check is this conflict still valid.
+  if (\Drupal::moduleHandler()->moduleExists('logintoboggan') && \Drupal::config('logintoboggan.settings')->get('login_with_email')) {
+    $requirements['email_registration'] = array(
+      'title' => t('Email Registration / LoginToboggan Conflict'),
+      'value' => t('Conflict'),
+      'description' => t('There is a conflict between %email_registration and %logintoboggan. You should disable the "Allow users to login using their e-mail address" option from %logintoboggan.', array('%email_registration' => 'Email registration', '%logintoboggan' => 'Login Toboggan')),
+      'severity' => REQUIREMENT_ERROR,
+    );
+  }
+
+  return $requirements;
+}
+
+/**
+ * Add an option to log in with the username as well as the e-mail address.
+ */
+function email_registration_update_8100() {
+  $config_factory = \Drupal::configFactory();
+  $email_registration = $config_factory->getEditable('email_registration.settings');
+  $email_registration->set('login_with_username', FALSE);
+  $email_registration->save();
+}

sites/all/modules/contrib/users/email_registration/email_registration.module

@@ -0,0 +1,207 @@
+<?php
+
+/**
+ * @file
+ * Allows users to register with an e-mail address as their username.
+ */
+
+use Drupal\Component\Utility\Unicode;
+use Drupal\user\UserInterface;
+use Drupal\Core\Render\Element\Email;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Url;
+
+/**
+ * Implements hook_ENTITY_TYPE_insert().
+ *
+ * Alter the user name (after entity being stored).
+ */
+function email_registration_user_insert(UserInterface $account) {
+  // Don't create a new username if one is already set.
+  $name = $account->getAccountName();
+  if (!empty($name) && strpos($name, 'email_registration_') !== 0) {
+    return;
+  }
+
+  // Other modules may implement hook_email_registration_name($edit, $account)
+  // to generate a username (return a string to be used as the username, NULL
+  // to have email_registration generate it).
+  $names = Drupal::moduleHandler()->invokeAll('email_registration_name', array($account));
+  // Remove any empty entries.
+  $names = array_filter($names);
+
+  if (empty($names)) {
+    // Strip off everything after the @ sign.
+    $new_name = preg_replace('/@.*$/', '', $account->getEmail());
+    // Clean up the username.
+    $new_name = email_registration_cleanup_username($new_name);
+  }
+  else {
+    // One would expect a single implementation of the hook, but if there
+    // are multiples out there use the last one.
+    $new_name = array_pop($names);
+  }
+
+  // Ensure whatever name we have is unique.
+  $new_name = email_registration_unique_username($new_name, $account->id());
+
+  $account->setUsername($new_name);
+  if ($account->isValidationRequired() && !$account->validate()) {
+    \Drupal::logger('email_registration')->error('Email registration failed setting the new name on user @id.', ['@id' => $account->id()]);
+    return;
+  }
+  $account->save();
+}
+
+/**
+ * Makes the username unique.
+ *
+ * Given a starting point for a Drupal username (e.g. the name portion of an
+ * email address) return a legal, unique Drupal username. This function is
+ * designed to work on the results of the /user/register or /admin/people/create
+ * forms which have already called user_validate_name, valid_email_address
+ * or a similar function. If your custom code is creating users, you should
+ * ensure that the email/name is already validated using something like that.
+ *
+ * @param string $name
+ *   A name from which to base the final user name.
+ *   May contain illegal characters; these will be stripped.
+ * @param int $uid
+ *   (optional) Uid to ignore when searching for unique user
+ *   (e.g. if we update the username after the {users} row is inserted).
+ *
+ * @return string
+ *   A unique user name based on $name.
+ *
+ * @see user_validate_name()
+ */
+function email_registration_unique_username($name, $uid = 0) {
+  // Iterate until we find a unique name.
+  $i = 0;
+  $database = \Drupal::database();
+  do {
+    $new_name = empty($i) ? $name : $name . '_' . $i;
+    $found = $database->queryRange("SELECT uid from {users_field_data} WHERE uid <> :uid AND name = :name", 0, 1, array(':uid' => $uid, ':name' => $new_name))->fetchAssoc();
+    $i++;
+  } while (!empty($found));
+
+  return $new_name;
+}
+
+/**
+ * Cleans up username.
+ *
+ * Run username sanitation, e.g.:
+ *     Replace two or more spaces with a single underscore
+ *     Strip illegal characters.
+ *
+ * @param string $name
+ *   The username to be cleaned up.
+ *
+ * @return string
+ *   Cleaned up username.
+ */
+function email_registration_cleanup_username($name) {
+  // Strip illegal characters.
+  $name = preg_replace('/[^\x{80}-\x{F7} a-zA-Z0-9@_.\'-]/', '', $name);
+
+  // Strip leading and trailing spaces.
+  $name = trim($name);
+
+  // Convert any other series of spaces to a single underscore.
+  $name = preg_replace('/\s+/', '_', $name);
+
+  // If there's nothing left use a default.
+  $name = ('' === $name) ? t('user') : $name;
+
+  // Truncate to a reasonable size.
+  $name = (Unicode::strlen($name) > (USERNAME_MAX_LENGTH - 10)) ? Unicode::substr($name, 0, USERNAME_MAX_LENGTH - 11) : $name;
+  return $name;
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function email_registration_form_user_register_form_alter(&$form, FormStateInterface $form_state) {
+  $form['account']['name']['#type'] = 'value';
+  $form['account']['name']['#value'] = 'email_registration_' . user_password();
+  $form['account']['mail']['#title'] = t('E-mail');
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function email_registration_form_user_pass_alter(&$form, FormStateInterface $form_state) {
+  $form['name']['#title'] = t('E-mail');
+  // Allow client side validation of input format.
+  $form['name']['#type'] = 'email';
+  $form['name']['#maxlength'] = Email::EMAIL_MAX_LENGTH;
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function email_registration_form_user_login_form_alter(&$form, FormStateInterface $form_state) {
+  $config = \Drupal::config('email_registration.settings');
+  $login_with_username = $config->get('login_with_username');
+  $form['name']['#title'] = $login_with_username ? t('E-mail or username') : t('E-mail');
+  $form['name']['#description'] = $login_with_username ? t('Enter your e-mail address or username.') : t('Enter your e-mail address.');
+  $form['name']['#element_validate'][] = 'email_registration_user_login_validate';
+  $form['pass']['#description'] = t('Enter the password that accompanies your e-mail.');
+  // Allow client side validation of input format.
+  $form['name']['#type'] = $login_with_username ? 'textfield' : 'email';
+  $form['name']['#maxlength'] = Email::EMAIL_MAX_LENGTH;
+  // Make sure the login form cache is invalidated when the setting changes.
+  $form['#cache']['tags'][] = 'config:email_registration.settings';
+}
+
+/**
+ * Form element validation handler for the user login form.
+ *
+ * Allows users to authenticate by email, which is our preferred method.
+ */
+function email_registration_user_login_validate($form, FormStateInterface $form_state) {
+  $mail = $form_state->getValue('name');
+  if (!empty($mail)) {
+    $config = \Drupal::config('email_registration.settings');
+    if ($user = user_load_by_mail($mail)) {
+      $form_state->setValue('name', $user->getAccountName());
+    }
+    elseif (!$config->get('login_with_username')) {
+      $user_input = $form_state->getUserInput();
+      $query = isset($user_input['name']) ? ['name' => $user_input['name']] : [];
+      $form_state->setErrorByName('name', t('Unrecognized e-mail address or password. <a href=":password">Forgot your password?</a>', [':password' => Url::fromRoute('user.pass', [], ['query' => $query])->toString()]));
+    }
+  }
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function email_registration_form_user_form_alter(&$form, FormStateInterface $form_state) {
+  $form['account']['name']['#title'] = t('Display name');
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+function email_registration_form_user_admin_settings_alter(&$form, FormStateInterface $form_state) {
+  $config = \Drupal::config('email_registration.settings');
+  $form['registration_cancellation']['login_with_username'] = [
+    '#type' => 'checkbox',
+    '#title' => t('Allow to log in with e-mail or username.'),
+    '#description' => t('Allow users to log in with either their username or their e-mail address.'),
+    '#default_value' => $config->get('login_with_username'),
+  ];
+  $form['#submit'][] = 'email_registration_form_user_admin_settings_submit';
+}
+
+/**
+ * Submit function for user_admin_settings to save our variable.
+ *
+ * @see email_registration_form_user_admin_settings_alter().
+ */
+function email_registration_form_user_admin_settings_submit(array &$form, FormStateInterface $form_state) {
+  $config = \Drupal::configFactory()->getEditable('email_registration.settings');
+  $config->set('login_with_username', $form_state->getValue('login_with_username'))->save();
+}

sites/all/modules/contrib/users/email_registration/tests/src/Functional/EmailRegistrationTestCase.php

@@ -0,0 +1,111 @@
+<?php
+
+namespace Drupal\Tests\email_registration\Functional;
+
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests the email registration module.
+ *
+ * @group email_registration
+ */
+class EmailRegistrationTestCase extends BrowserTestBase {
+
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = array('email_registration');
+
+  /**
+   * Test various behaviors for anonymous users.
+   */
+  public function testRegistration() {
+    $user_config = $this->container->get('config.factory')->getEditable('user.settings');
+    $email_registration_config = $this->container->get('config.factory')->getEditable('email_registration.settings');
+    $user_config
+      ->set('verify_mail', FALSE)
+      ->set('register', USER_REGISTER_VISITORS)
+      ->save();
+    // Try to register a user.
+    $name = $this->randomMachineName();
+    $pass = $this->randomString(10);
+    $register = array(
+      'mail' => $name . '@example.com',
+      'pass[pass1]' => $pass,
+      'pass[pass2]' => $pass,
+    );
+    $this->drupalPostForm('/user/register', $register, t('Create new account'));
+    $this->drupalLogout();
+
+    $login = array(
+      'name' => $name . '@example.com',
+      'pass' => $pass,
+    );
+    $this->drupalPostForm('user/login', $login, t('Log in'));
+
+    // Really basic confirmation that the user was created and logged in.
+    $this->assertRaw('<title>' . $name . ' | Drupal</title>', t('User properly created, logged in.'));
+
+    // Now try the immediate login.
+    $this->drupalLogout();
+
+    // Try to login with just username, should fail by default.
+    $this->drupalGet('user/login');
+    $this->assertText('Enter your e-mail address.');
+    $this->assertText('E-mail');
+    $this->assertNoText('E-mail or username');
+    $login = array(
+      'name' => $name,
+      'pass' => $pass,
+    );
+    $this->drupalPostForm('user/login', $login, t('Log in'));
+    $error_message = $this->xpath('//div[contains(@class, "error")]');
+    $this->assertTrue(!empty($error_message), t('When login_with_username is false, a user cannot login with just their username.'));
+
+    // Set login_with_username to TRUE and try to login with just username.
+    $email_registration_config->set('login_with_username', TRUE)->save();
+    $this->drupalGet('user/login');
+    $this->assertText('Enter your e-mail address or username.');
+    $this->assertText('E-mail or username');
+    $this->drupalPostForm('user/login', $login, t('Log in'));
+    $this->assertRaw('<title>' . $name . ' | Drupal</title>', t('When login_with_username is true, a user can login with just their username.'));
+    $this->drupalLogout();
+
+    $user_config
+      ->set('verify_mail', FALSE)
+      ->save();
+    $name = $this->randomMachineName();
+    $pass = $this->randomString(10);
+    $register = array(
+      'mail' => $name . '@example.com',
+      'pass[pass1]' => $pass,
+      'pass[pass2]' => $pass,
+    );
+    $this->drupalPostForm('/user/register', $register, t('Create new account'));
+    $this->assertRaw('Registration successful. You are now logged in.', t('User properly created, immediately logged in.'));
+
+    // Test email_registration_unique_username().
+    $this->drupalLogout();
+    $user_config
+      ->set('verify_mail', FALSE)
+      ->set('register', USER_REGISTER_VISITORS)
+      ->save();
+    $name = $this->randomMachineName(32);
+    $pass = $this->randomString(10);
+
+    $this->createUser(array(), $name);
+    $next_unique_name = email_registration_unique_username($name);
+
+    $register = array(
+      'mail' => $name . '@example2.com',
+      'pass[pass1]' => $pass,
+      'pass[pass2]' => $pass,
+    );
+    $this->drupalPostForm('/user/register', $register, t('Create new account'));
+    $account = user_load_by_mail($register['mail']);
+    $this->assertTrue($next_unique_name === $account->getAccountName());
+  }
+
+}

sites/default/config/sync/core.extension.yml

@@ -39,6 +39,7 @@ module:
   edlp_productions: 0
   edlp_search: 0
   edlp_studio: 0
+  email_registration: 0
   entity: 0
   entity_reference: 0
   features: 0
@@ -50,6 +51,7 @@ module:
   filter: 0
   filter_perms: 0
   help: 0
+  honeypot: 0
   image: 0
   kint: 0
   language: 0

sites/default/config/sync/email_registration.settings.yml

@@ -0,0 +1,4 @@
+login_with_username: false
+_core:
+  default_config_hash: 6cFmNHjhs_glkuywBEhzcUQ8aiHXcFe6hZfW7PLN-qg
+langcode: fr

sites/default/config/sync/honeypot.settings.yml

@@ -0,0 +1,23 @@
+unprotected_forms:
+  - user_login_form
+  - search_form
+  - search_block_form
+  - views_exposed_form
+  - honeypot_settings_form
+protect_all_forms: false
+log: true
+element_name: url
+time_limit: 5
+expire: 300
+form_settings:
+  user_register_form: true
+  user_pass: true
+  node_autre_son_form: false
+  node_enregistrement_form: false
+  node_evenement_form: false
+  node_fil_form: false
+  node_page_form: false
+  node_static_form: false
+_core:
+  default_config_hash: 9bVDfWSa_In6VzTXmy04jJ_3ZQobihKjO9isuuUCPaw
+langcode: fr

sites/default/config/sync/system.date.yml

@@ -4,7 +4,7 @@ first_day: 0
 timezone:
   default: Europe/Paris
   user:
-    configurable: true
+    configurable: false
     warn: false
     default: 0
 _core:

sites/default/config/sync/system.site.yml

@@ -12,3 +12,4 @@ langcode: fr
 default_langcode: fr
 _core:
   default_config_hash: yXadRE77Va-G6dxhd2kPYapAvbnSvTF6hO4oXiOEynI
+mail_notification: ''

sites/default/config/sync/user.role.root.yml

@@ -5,7 +5,7 @@ dependencies: {  }
 id: root
 label: Root
 weight: -6
-is_admin: null
+is_admin: true
 permissions:
   - 'access administration pages'
   - 'access any corpus_documents workflow_transion overview'

sites/default/config/sync/user.settings.yml

@@ -1,5 +1,5 @@
 anonymous: Anonyme
-verify_mail: true
+verify_mail: false
 notify:
   cancel_confirm: true
   password_reset: true
@@ -9,7 +9,7 @@ notify:
   register_admin_created: true
   register_no_approval_required: true
   register_pending_approval: true
-register: visitors_admin_approval
+register: visitors
 cancel_method: user_cancel_block
 password_reset_timeout: 86400
 password_strength: true

sites/default/config/sync/views.view.content.yml

@@ -990,7 +990,7 @@ display:
       path: admin/content/production
       menu:
         type: tab
-        title: Productions
+        title: Content
         description: ''
         expanded: false
         parent: 'menu_link_content:8b5fed48-c008-4041-9bda-06f997582175'