feat: add invisible_captcha on signup form
log signup attempts that fill in the honeypot without their IP address.
This commit is contained in:
parent
d1eaf4d58a
commit
2b242886b9
4
Gemfile
4
Gemfile
|
@ -113,6 +113,10 @@ gem 'acts_as_list', '~> 0.4'
|
|||
# locking in to latest major to fix API
|
||||
gem 'validates_email_format_of', '~> 1.6'
|
||||
|
||||
# Used to keep spammers from creating accounts
|
||||
# locking in to latest major to fix API
|
||||
gem 'invisible_captcha', '~>1.0'
|
||||
|
||||
##
|
||||
## GEMS required, and compilation is required to install
|
||||
##
|
||||
|
|
|
@ -131,6 +131,8 @@ GEM
|
|||
i18n (0.9.5)
|
||||
concurrent-ruby (~> 1.0)
|
||||
innertube (1.1.0)
|
||||
invisible_captcha (1.0.1)
|
||||
rails (>= 4.2)
|
||||
joiner (0.4.2)
|
||||
activerecord (>= 5.2.beta1)
|
||||
json (2.3.0)
|
||||
|
@ -306,6 +308,7 @@ DEPENDENCIES
|
|||
haml-rails (~> 1.0)
|
||||
http_accept_language (~> 2.0)
|
||||
i18n (~> 0.7)
|
||||
invisible_captcha (~> 1.0)
|
||||
json (~> 2.3)
|
||||
mail-gpg (~> 0.3.3)
|
||||
mime-types
|
||||
|
|
|
@ -8,6 +8,9 @@
|
|||
|
||||
class AccountsController < ApplicationController
|
||||
layout 'notice'
|
||||
invisible_captcha only: [:create],
|
||||
honeypot: :email_confirmation,
|
||||
scope: :user
|
||||
|
||||
##
|
||||
## SIGNUP
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
- r.input user.text_field(:email, class: 'form-control')
|
||||
- unless Conf.require_user_email
|
||||
- r.info :signup_email_info.t
|
||||
- f.row do |r|
|
||||
- r.input user.invisible_captcha :email_confirmation
|
||||
- f.button submit_tag(:signup_button.t, class: 'btn btn-primary')
|
||||
|
||||
- if params[:redirect]
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
InvisibleCaptcha.setup do |config|
|
||||
config.timestamp_enabled = !Rails.env.test?
|
||||
end
|
||||
|
||||
ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
|
||||
Rails.logger.warn 'Potential spam detected. Signup refused.'
|
||||
end
|
|
@ -36,6 +36,13 @@ class AccountsControllerTest < ActionController::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
def test_should_refuse_signup_with_honeypot
|
||||
assert_no_difference 'User.count' do
|
||||
post_signup_form(user: { email_confirmation: 'I filled this out' })
|
||||
assert_response :success
|
||||
end
|
||||
end
|
||||
|
||||
def test_should_not_allow_duplicate_username_or_groupname
|
||||
[users(:quentin).login, groups(:rainbow).name].each do |login|
|
||||
assert_no_difference 'User.count', "number of users should not increase when creating #{login}" do
|
||||
|
|
Loading…
Reference in New Issue