Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
This commit is contained in:
ThibG
GitHub
9
app/controllers/concerns/registration_spam_concern.rb
Normal file
9
app/controllers/concerns/registration_spam_concern.rb
Normal file
@ -0,0 +1,9 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module RegistrationSpamConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
def set_registration_form_time
|
||||
session[:registration_form_time] = Time.now.utc
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user