Add honeypot fields and minimum fill-out time for sign-up form (#15276)

* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
author: ThibG <thib@sitedethib.com> 2020-12-10 06:27:26 +0100
committer: GitHub <noreply@github.com> 2020-12-10 06:27:26 +0100
commit: 49eb4d4ddf61e25c5aaab89aa630ddd3c7f3c23d (patch)
tree: 3ed700750271b0ac8892f2282325d9838b915446 /app/javascript/styles
parent: 9669167aaeaa834dcc99fa7df961c4f9b8118850 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/javascript/styles/mastodon/forms.scss b/app/javascript/styles/mastodon/forms.scss
index a54a5fded..92d89e6f2 100644
--- a/app/javascript/styles/mastodon/forms.scss
+++ b/app/javascript/styles/mastodon/forms.scss
@@ -354,6 +354,7 @@ code {
   input[type=number],
   input[type=email],
   input[type=password],
+  input[type=url],
   textarea {
     box-sizing: border-box;
     font-size: 16px;
@@ -994,3 +995,10 @@ code {
     flex-direction: row;
   }
 }
+
+.input.user_confirm_password,
+.input.user_website {
+  &:not(.field_with_errors) {
+    display: none;
+  }
+}
author	ThibG <thib@sitedethib.com>	2020-12-10 06:27:26 +0100
committer	GitHub <noreply@github.com>	2020-12-10 06:27:26 +0100
commit	49eb4d4ddf61e25c5aaab89aa630ddd3c7f3c23d (patch)
tree	3ed700750271b0ac8892f2282325d9838b915446 /app/javascript/styles
parent	9669167aaeaa834dcc99fa7df961c4f9b8118850 (diff)