-
- Downloads
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam
Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.
This should cut down on some non-Mastodon-specific spambots.
* Require a 3 seconds delay before submitting the registration form
* Fix tests
* Move registration form time check to model validation
* Give people a chance to clear the honeypot fields
* Refactor honeypot translation strings
Co-authored-by: 
Claire <claire.github-309c@sitedethib.com>
Showing
- app/controllers/about_controller.rb 4 additions, 1 deletionapp/controllers/about_controller.rb
- app/controllers/auth/registrations_controller.rb 7 additions, 4 deletionsapp/controllers/auth/registrations_controller.rb
- app/controllers/concerns/registration_spam_concern.rb 9 additions, 0 deletionsapp/controllers/concerns/registration_spam_concern.rb
- app/javascript/packs/public.js 11 additions, 0 deletionsapp/javascript/packs/public.js
- app/javascript/styles/mastodon/forms.scss 8 additions, 0 deletionsapp/javascript/styles/mastodon/forms.scss
- app/models/user.rb 7 additions, 0 deletionsapp/models/user.rb
- app/validators/registration_form_time_validator.rb 9 additions, 0 deletionsapp/validators/registration_form_time_validator.rb
- app/views/about/_registration.html.haml 3 additions, 0 deletionsapp/views/about/_registration.html.haml
- app/views/auth/registrations/new.html.haml 3 additions, 0 deletionsapp/views/auth/registrations/new.html.haml
- app/views/shared/_error_messages.html.haml 3 additions, 0 deletionsapp/views/shared/_error_messages.html.haml
- config/locales/en.yml 1 addition, 0 deletionsconfig/locales/en.yml
- config/locales/simple_form.en.yml 1 addition, 0 deletionsconfig/locales/simple_form.en.yml
- spec/controllers/auth/registrations_controller_spec.rb 4 additions, 0 deletionsspec/controllers/auth/registrations_controller_spec.rb
Loading
Please register or sign in to comment