Adding honeypot to signup page

Rodrigo Souto
1 parent fb699ea1
Showing 3 changed files with 14 additions and 1 deletions Show diff stats
app/controllers/public/account_controller.rb
app/views/account/_signup_form.rhtml
test/functional/account_controller_test.rb
@@ -4,6 +4,7 @@ class AccountController &lt; ApplicationController
  
   before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
   before_filter :redirect_if_logged_in, :only => [:login, :signup]
+  before_filter :protect_from_bots, :only => :signup
  
   # say something nice, you goof!  something sweet.
   def index
@@ -2,7 +2,7 @@
  
 <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %>
  
-<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form' } do |f| %>
+<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %>
  
 <%= hidden_field_tag :invitation_code, @invitation_code %>
  
@@ -880,6 +880,18 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'strong', :content => 'Plugin2 text'
   end
  
+  should 'include honeypot in the signup form' do
+    get :signup
+    assert_tag :tag => /input|textarea/, :attributes => {:id => 'honeypot'}
+  end
+
+  should 'not sign in if the honeypot field is filled' do
+    Person.any_instance.stubs(:required_fields).returns(['organization'])
+    assert_no_difference User, :count do
+      post :signup, :user => { :login => 'testuser', :password => '123456', :password_confirmation => '123456', :email => 'testuser@example.com' }, :profile_data => { :organization => 'example.com' }, :honeypot => 'something'
+    end
+    assert @response.body.blank?
+  end
  
   protected
     def new_user(options = {}, extra_options ={})
...	...	@@ -4,6 +4,7 @@ class AccountController < ApplicationController
4	4
5	5	before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
6	6	before_filter :redirect_if_logged_in, :only => [:login, :signup]
	7	+ before_filter :protect_from_bots, :only => :signup
7	8
8	9	# say something nice, you goof! something sweet.
9	10	def index
...	...
...	...	@@ -2,7 +2,7 @@
2	2
3	3	<%= error_messages_for :user, :person, :header_message => _('The account could not be created') %>
4	4
5		-<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form' } do \|f\| %>
	5	+<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do \|f\| %>
6	6
7	7	<%= hidden_field_tag :invitation_code, @invitation_code %>
8	8
...	...
...	...	@@ -880,6 +880,18 @@ class AccountControllerTest < ActionController::TestCase
880	880	assert_tag :tag => 'strong', :content => 'Plugin2 text'
881	881	end
882	882
	883	+ should 'include honeypot in the signup form' do
	884	+ get :signup
	885	+ assert_tag :tag => /input\|textarea/, :attributes => {:id => 'honeypot'}
	886	+ end
	887	+
	888	+ should 'not sign in if the honeypot field is filled' do
	889	+ Person.any_instance.stubs(:required_fields).returns(['organization'])
	890	+ assert_no_difference User, :count do
	891	+ post :signup, :user => { :login => 'testuser', :password => '123456', :password_confirmation => '123456', :email => 'testuser@example.com' }, :profile_data => { :organization => 'example.com' }, :honeypot => 'something'
	892	+ end
	893	+ assert @response.body.blank?
	894	+ end
883	895
884	896	protected
885	897	def new_user(options = {}, extra_options ={})
...	...