From 49eb4d4ddf61e25c5aaab89aa630ddd3c7f3c23d Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Thu, 10 Dec 2020 06:27:26 +0100
Subject: Add honeypot fields and minimum fill-out time for sign-up form
 (#15276)

* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
---
 app/javascript/packs/public.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'app/javascript/packs')

diff --git a/app/javascript/packs/public.js b/app/javascript/packs/public.js
index 39defa7ae..8c5c15b8f 100644
--- a/app/javascript/packs/public.js
+++ b/app/javascript/packs/public.js
@@ -280,6 +280,17 @@ function main() {
       target.style.display = 'block';
     }
   });
+
+  // Empty the honeypot fields in JS in case something like an extension
+  // automatically filled them.
+  delegate(document, '#registration_new_user,#new_user', 'submit', () => {
+    ['user_website', 'user_confirm_password', 'registration_user_website', 'registration_user_confirm_password'].forEach(id => {
+      const field = document.getElementById(id);
+      if (field) {
+        field.value = '';
+      }
+    });
+  });
 }
 
 loadPolyfills()
-- 
cgit