Add honeypot fields and minimum fill-out time for sign-up form (#15276)

* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00 · 2020-12-10 06:27:26 +01:00 · 49eb4d4ddf
commit 49eb4d4ddf
parent 9669167aae
13 changed files with 70 additions and 5 deletions
--- a/spec/controllers/auth/registrations_controller_spec.rb
+++ b/spec/controllers/auth/registrations_controller_spec.rb
@ -82,6 +82,10 @@ RSpec.describe Auth::RegistrationsController, type: :controller do
  describe 'POST #create' do
    let(:accept_language) { Rails.application.config.i18n.available_locales.sample.to_s }

+    before do
+      session[:registration_form_time] = 5.seconds.ago
+    end
+
    around do |example|
      current_locale = I18n.locale
      example.run