From 49eb4d4ddf61e25c5aaab89aa630ddd3c7f3c23d Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Thu, 10 Dec 2020 06:27:26 +0100
Subject: Add honeypot fields and minimum fill-out time for sign-up form
 (#15276)

* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
---
 app/controllers/concerns/registration_spam_concern.rb | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 app/controllers/concerns/registration_spam_concern.rb

(limited to 'app/controllers/concerns/registration_spam_concern.rb')

diff --git a/app/controllers/concerns/registration_spam_concern.rb b/app/controllers/concerns/registration_spam_concern.rb
new file mode 100644
index 000000000..af434c985
--- /dev/null
+++ b/app/controllers/concerns/registration_spam_concern.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module RegistrationSpamConcern
+  extend ActiveSupport::Concern
+
+  def set_registration_form_time
+    session[:registration_form_time] = Time.now.utc
+  end
+end
-- 
cgit