Commit 2b242886 authored by azul's avatar azul

feat: add invisible_captcha on signup form

log signup attempts that fill in the honeypot
without their IP address.
parent d1eaf4d5
......@@ -113,6 +113,10 @@ gem 'acts_as_list', '~> 0.4'
# locking in to latest major to fix API
gem 'validates_email_format_of', '~> 1.6'
# Used to keep spammers from creating accounts
# locking in to latest major to fix API
gem 'invisible_captcha', '~>1.0'
##
## GEMS required, and compilation is required to install
##
......
......@@ -131,6 +131,8 @@ GEM
i18n (0.9.5)
concurrent-ruby (~> 1.0)
innertube (1.1.0)
invisible_captcha (1.0.1)
rails (>= 4.2)
joiner (0.4.2)
activerecord (>= 5.2.beta1)
json (2.3.0)
......@@ -306,6 +308,7 @@ DEPENDENCIES
haml-rails (~> 1.0)
http_accept_language (~> 2.0)
i18n (~> 0.7)
invisible_captcha (~> 1.0)
json (~> 2.3)
mail-gpg (~> 0.3.3)
mime-types
......
......@@ -8,6 +8,9 @@
class AccountsController < ApplicationController
layout 'notice'
invisible_captcha only: [:create],
honeypot: :email_confirmation,
scope: :user
##
## SIGNUP
......
......@@ -16,6 +16,8 @@
- r.input user.text_field(:email, class: 'form-control')
- unless Conf.require_user_email
- r.info :signup_email_info.t
- f.row do |r|
- r.input user.invisible_captcha :email_confirmation
- f.button submit_tag(:signup_button.t, class: 'btn btn-primary')
- if params[:redirect]
......
InvisibleCaptcha.setup do |config|
config.timestamp_enabled = !Rails.env.test?
end
ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
Rails.logger.warn 'Potential spam detected. Signup refused.'
end
......@@ -36,6 +36,13 @@ class AccountsControllerTest < ActionController::TestCase
end
end
def test_should_refuse_signup_with_honeypot
assert_no_difference 'User.count' do
post_signup_form(user: { email_confirmation: 'I filled this out' })
assert_response :success
end
end
def test_should_not_allow_duplicate_username_or_groupname
[users(:quentin).login, groups(:rainbow).name].each do |login|
assert_no_difference 'User.count', "number of users should not increase when creating #{login}" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment