diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb index a854471..d374449 100644 --- a/app/controllers/public/account_controller.rb +++ b/app/controllers/public/account_controller.rb @@ -4,6 +4,7 @@ class AccountController < ApplicationController before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise] before_filter :redirect_if_logged_in, :only => [:login, :signup] + before_filter :protect_from_bots, :only => :signup # say something nice, you goof! something sweet. def index diff --git a/app/views/account/_signup_form.rhtml b/app/views/account/_signup_form.rhtml index 560be5b..a1ac649 100644 --- a/app/views/account/_signup_form.rhtml +++ b/app/views/account/_signup_form.rhtml @@ -2,7 +2,7 @@ <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %> -<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form' } do |f| %> +<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %> <%= hidden_field_tag :invitation_code, @invitation_code %> diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 62959cf..3ba1770 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -880,6 +880,18 @@ class AccountControllerTest < ActionController::TestCase assert_tag :tag => 'strong', :content => 'Plugin2 text' end + should 'include honeypot in the signup form' do + get :signup + assert_tag :tag => /input|textarea/, :attributes => {:id => 'honeypot'} + end + + should 'not sign in if the honeypot field is filled' do + Person.any_instance.stubs(:required_fields).returns(['organization']) + assert_no_difference User, :count do + post :signup, :user => { :login => 'testuser', :password => '123456', :password_confirmation => '123456', :email => 'testuser@example.com' }, :profile_data => { :organization => 'example.com' }, :honeypot => 'something' + end + assert @response.body.blank? + end protected def new_user(options = {}, extra_options ={}) -- libgit2 0.21.2