Download as
Browse Code »

Commit 84d30c711b104da4c8de47b2b06611b5e03ac5db

Authored by Rodrigo Souto
1 parent fb699ea1
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Adding honeypot to signup page

Showing 3 changed files with 14 additions and 1 deletions   Show diff stats
app/controllers/public/account_controller.rb
  Diff comments   View file @84d30c7
@@ -4,6 +4,7 @@ class AccountController < ApplicationController @@ -4,6 +4,7 @@ class AccountController < ApplicationController
4 4
5 before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise] 5 before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise]
6 before_filter :redirect_if_logged_in, :only => [:login, :signup] 6 before_filter :redirect_if_logged_in, :only => [:login, :signup]
  7 + before_filter :protect_from_bots, :only => :signup
7 8
8 # say something nice, you goof! something sweet. 9 # say something nice, you goof! something sweet.
9 def index 10 def index
app/views/account/_signup_form.rhtml
  Diff comments   View file @84d30c7
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
2 2
3 <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %> 3 <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %>
4 4
5 -<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form' } do |f| %> 5 +<% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %>
6 6
7 <%= hidden_field_tag :invitation_code, @invitation_code %> 7 <%= hidden_field_tag :invitation_code, @invitation_code %>
8 8
test/functional/account_controller_test.rb
  Diff comments   View file @84d30c7
@@ -880,6 +880,18 @@ class AccountControllerTest &lt; ActionController::TestCase @@ -880,6 +880,18 @@ class AccountControllerTest &lt; ActionController::TestCase
880 assert_tag :tag => 'strong', :content => 'Plugin2 text' 880 assert_tag :tag => 'strong', :content => 'Plugin2 text'
881 end 881 end
882 882
  883 + should 'include honeypot in the signup form' do
  884 + get :signup
  885 + assert_tag :tag => /input|textarea/, :attributes => {:id => 'honeypot'}
  886 + end
  887 +
  888 + should 'not sign in if the honeypot field is filled' do
  889 + Person.any_instance.stubs(:required_fields).returns(['organization'])
  890 + assert_no_difference User, :count do
  891 + post :signup, :user => { :login => 'testuser', :password => '123456', :password_confirmation => '123456', :email => 'testuser@example.com' }, :profile_data => { :organization => 'example.com' }, :honeypot => 'something'
  892 + end
  893 + assert @response.body.blank?
  894 + end
883 895
884 protected 896 protected
885 def new_user(options = {}, extra_options ={}) 897 def new_user(options = {}, extra_options ={})