feat: public form support with anonymous submissions and rate limiting

- Make FormSubmission.submitter and AuditLog.user nullable for anonymous
  submissions (migration 0077)
- Remove @login_required from form_list (shows public forms to anonymous
  users) and form_submit (conditional auth based on requires_login)
- Add IP-based rate limiting for anonymous submissions using Django cache
  (configurable via FORMS_WORKFLOWS_PUBLIC_RATE_LIMIT, default 10/hour)
- Disable auto-save and Save Draft for anonymous users
- Add confirmation page for anonymous submissions and 429 rate-limit page
- Guard all templates, admin, workflow engine, file handlers against
  null submitter
- Update tests for new public form list behavior

Bump to v0.47.0

Author: matteius

CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.47.0] - 2026-03-31
+
+### Added
+- **Public form support** — Forms with `requires_login=False` are now fully accessible to anonymous (unauthenticated) users. Anonymous users can:
+  - Browse the form list (only public forms are shown)
+  - Submit public forms
+  - See a confirmation page after submission
+- **Rate limiting for anonymous submissions** — IP-based rate limiting using Django's cache framework prevents abuse. Configurable via `settings.FORMS_WORKFLOWS_PUBLIC_RATE_LIMIT` (default: `"10/hour"`). Format: `"<count>/<period>"` where period is `minute`, `hour`, or `day`. Returns a 429 page when exceeded.
+- **Anonymous submission handling** — `FormSubmission.submitter` is now nullable. Anonymous submissions store IP address and user agent for audit purposes. Auto-save and draft saving are disabled for anonymous users.
+
+### Changed
+- `FormSubmission.submitter` is now `null=True, blank=True` (migration included)
+- `AuditLog.user` is now `null=True, blank=True` for anonymous submission logging
+- `form_list` view no longer requires login — shows public forms to anonymous users, full list to authenticated users
+- `form_submit` view uses conditional authentication instead of `@login_required`
+- `form_auto_save` returns 403 for unauthenticated requests instead of redirecting to login
+- All templates (submission detail, approve, PDF, email, reassign) handle null submitter gracefully
+- Workflow engine guards `requires_manager_approval` against null submitter
+
 ## [0.46.0] - 2026-03-31
 
 ### Added

README.md

@@ -132,6 +132,7 @@ Move form definitions between environments from the Django Admin:
   - `admin_groups` — full administrative view of all submissions
 - Group-based approval routing via `WorkflowStage.approval_groups`
 - Complete audit logging (`AuditLog` — who, what, when, IP address)
+- **Public / anonymous forms** — mark any form as `requires_login=False` and anonymous users can submit it; IP-based rate limiting prevents abuse
 - `UserProfile` auto-created on first login with LDAP/SSO sync
 
 ## Quick Start

django_forms_workflows/admin.py

@@ -702,9 +702,10 @@ def last_submission(self, obj):
         """Show the most recent submission info."""
         last = obj.submissions.order_by("-created_at").first()
         if last:
+            who = last.submitter.username if last.submitter_id else "Anonymous"
             return format_html(
                 "{}<br><small>{}</small>",
-                last.submitter.username,
+                who,
                 last.created_at.strftime("%Y-%m-%d %H:%M"),
             )
         return "-"

django_forms_workflows/forms.py

@@ -322,7 +322,8 @@ def __init__(self, form_definition, user=None, initial_data=None, *args, **kwarg
 
         # Add submit buttons
         buttons = [Submit("submit", "Submit", css_class="btn btn-primary")]
-        if form_definition.allow_save_draft:
+        # Save Draft is only available for authenticated users
+        if form_definition.allow_save_draft and user is not None:
             buttons.append(
                 Submit(
                     "save_draft",
@@ -946,8 +947,14 @@ def get_enhancements_config(self):
 
         from django.urls import reverse
 
+        # Disable auto-save for anonymous users (no drafts without a user)
+        auto_save_enabled = (
+            getattr(self.form_definition, "enable_auto_save", True)
+            and self.user is not None
+        )
+
         config = {
-            "autoSaveEnabled": getattr(self.form_definition, "enable_auto_save", True),
+            "autoSaveEnabled": auto_save_enabled,
             "autoSaveInterval": getattr(self.form_definition, "auto_save_interval", 30)
             * 1000,  # Convert to ms
             "autoSaveEndpoint": reverse(

django_forms_workflows/handlers/file_handler.py

@@ -312,9 +312,11 @@ def _build_payload(self):
                 "status": submission.status,
             },
             "user": {
-                "id": submission.submitter.id,
-                "username": submission.submitter.username,
-                "email": submission.submitter.email,
+                "id": submission.submitter.id if submission.submitter_id else None,
+                "username": submission.submitter.username
+                if submission.submitter_id
+                else "anonymous",
+                "email": submission.submitter.email if submission.submitter_id else "",
             },
         }
 

django_forms_workflows/migrations/0078_allow_anonymous_submissions.py

@@ -0,0 +1,38 @@
+# Generated by Django 6.0.3 on 2026-03-31 17:58
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("django_forms_workflows", "0077_drop_legacy_notification_models"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="auditlog",
+            name="user",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="formsubmission",
+            name="submitter",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Null for anonymous (public-form) submissions.",
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="form_submissions",
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+    ]

django_forms_workflows/models.py

@@ -1562,6 +1562,9 @@ class FormSubmission(models.Model):
         settings.AUTH_USER_MODEL,
         on_delete=models.PROTECT,
         related_name="form_submissions",
+        null=True,
+        blank=True,
+        help_text="Null for anonymous (public-form) submissions.",
     )
 
     # Submission Data
@@ -1604,7 +1607,8 @@ class Meta:
         verbose_name_plural = "Form Submissions"
 
     def __str__(self):
-        return f"{self.form_definition.name} - {self.submitter.username} - {self.get_status_display()}"
+        who = self.submitter.username if self.submitter_id else "Anonymous"
+        return f"{self.form_definition.name} - {who} - {self.get_status_display()}"
 
 
 class ApprovalTask(models.Model):
@@ -1730,8 +1734,13 @@ class AuditLog(models.Model):
     object_type = models.CharField(max_length=50)
     object_id = models.IntegerField()
 
-    # Who did it
-    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.PROTECT)
+    # Who did it (null for anonymous / public-form submissions)
+    user = models.ForeignKey(
+        settings.AUTH_USER_MODEL,
+        on_delete=models.PROTECT,
+        null=True,
+        blank=True,
+    )
     user_ip = models.GenericIPAddressField(null=True, blank=True)
 
     # Details

django_forms_workflows/templates/django_forms_workflows/approve.html

@@ -142,8 +142,8 @@ <h5 class="mb-0"><i class="bi bi-info-circle"></i> Submission Information</h5>
                 <div class="row">
                     <div class="col-md-6">
                         <p><strong>Form:</strong> {{ submission.form_definition.name }}</p>
-                        <p><strong>Submitter:</strong> {{ submission.submitter.get_full_name|default:submission.submitter.username }}</p>
-                        <p><strong>Email:</strong> {{ submission.submitter.email }}</p>
+                        <p><strong>Submitter:</strong> {% if submission.submitter %}{{ submission.submitter.get_full_name|default:submission.submitter.username }}{% else %}Anonymous{% endif %}</p>
+                        <p><strong>Email:</strong> {% if submission.submitter %}{{ submission.submitter.email }}{% else %}N/A{% endif %}</p>
                     </div>
                     <div class="col-md-6">
                         <p><strong>Submitted:</strong> {{ submission.submitted_at|date:"Y-m-d H:i" }}</p>

django_forms_workflows/templates/django_forms_workflows/form_submit.html

@@ -103,7 +103,7 @@ <h1>{{ form_def.name }}</h1>
             <a href="{% url 'forms_workflows:form_list' %}" class="btn btn-outline-secondary">
                 <i class="bi bi-arrow-left"></i> Back to Forms
             </a>
-            {% if is_draft and draft_id %}
+            {% if not is_anonymous and is_draft and draft_id %}
             <a href="{% url 'forms_workflows:discard_draft' draft_id %}"
                class="btn btn-outline-danger ms-auto">
                 <i class="bi bi-trash3"></i> Discard Draft

django_forms_workflows/templates/django_forms_workflows/public_submission_confirmation.html

@@ -0,0 +1,30 @@
+{% extends "django_forms_workflows/base.html" %}
+
+{% block title %}Submission Received{% endblock %}
+
+{% block content %}
+<div class="container py-5">
+    <div class="row justify-content-center">
+        <div class="col-md-8 col-lg-6 text-center">
+            <div class="card shadow-sm p-5">
+                <div class="mb-4">
+                    <i class="bi bi-check-circle-fill text-success" style="font-size: 4rem;"></i>
+                </div>
+                <h2 class="mb-3">Submission Received</h2>
+                <p class="text-muted mb-4">
+                    Thank you! Your form has been submitted successfully.
+                    {% if form_def.workflow %}
+                        It will be reviewed by the appropriate team.
+                    {% endif %}
+                </p>
+                <div class="d-grid gap-2">
+                    <a href="{% url 'forms_workflows:form_list' %}" class="btn btn-primary">
+                        <i class="bi bi-arrow-left"></i> Back to Forms
+                    </a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+{% endblock %}
+