From 49eb4d4ddf61e25c5aaab89aa630ddd3c7f3c23d Mon Sep 17 00:00:00 2001 From: ThibG Date: Thu, 10 Dec 2020 06:27:26 +0100 Subject: Add honeypot fields and minimum fill-out time for sign-up form (#15276) * Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire --- app/validators/registration_form_time_validator.rb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 app/validators/registration_form_time_validator.rb (limited to 'app/validators') diff --git a/app/validators/registration_form_time_validator.rb b/app/validators/registration_form_time_validator.rb new file mode 100644 index 000000000..ba7c7e6c6 --- /dev/null +++ b/app/validators/registration_form_time_validator.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class RegistrationFormTimeValidator < ActiveModel::Validator + REGISTRATION_FORM_MIN_TIME = 3.seconds.freeze + + def validate(user) + user.errors.add(:base, I18n.t('auth.too_fast')) if user.registration_form_time.present? && user.registration_form_time > REGISTRATION_FORM_MIN_TIME.ago + end +end -- cgit