Commit c55f23335a34bd416981b3e0012b0b8649bc9d97
1 parent
920f13a9
Exists in
master
and in
29 other branches
Adjusting signup anti-bot
Showing
6 changed files
with
55 additions
and
57 deletions
Show diff stats
app/controllers/public/account_controller.rb
| @@ -299,7 +299,7 @@ class AccountController < ApplicationController | @@ -299,7 +299,7 @@ class AccountController < ApplicationController | ||
| 299 | end | 299 | end |
| 300 | 300 | ||
| 301 | def clear_signup_start_time | 301 | def clear_signup_start_time |
| 302 | - Rails.cache.delete params[:signup_time_key] | 302 | + Rails.cache.delete params[:signup_time_key] if params[:signup_time_key] |
| 303 | end | 303 | end |
| 304 | 304 | ||
| 305 | def may_be_a_bot | 305 | def may_be_a_bot |
app/models/environment.rb
| @@ -233,7 +233,7 @@ class Environment < ActiveRecord::Base | @@ -233,7 +233,7 @@ class Environment < ActiveRecord::Base | ||
| 233 | settings[:message_for_member_invitation] || InviteMember.mail_template | 233 | settings[:message_for_member_invitation] || InviteMember.mail_template |
| 234 | end | 234 | end |
| 235 | 235 | ||
| 236 | - settings_items :min_signup_delay, :type => Integer, :default => 25 #seconds | 236 | + settings_items :min_signup_delay, :type => Integer, :default => 3 #seconds |
| 237 | settings_items :activation_blocked_text, :type => String | 237 | settings_items :activation_blocked_text, :type => String |
| 238 | settings_items :message_for_disabled_enterprise, :type => String, | 238 | settings_items :message_for_disabled_enterprise, :type => String, |
| 239 | :default => _('This enterprise needs to be enabled.') | 239 | :default => _('This enterprise needs to be enabled.') |
app/views/account/_signup_form.rhtml
| 1 | <% if @block_bot %> | 1 | <% if @block_bot %> |
| 2 | - <div id="bot-notice"> | ||
| 3 | - <strong><%=_('How Fast!')%></strong> | ||
| 4 | - <p><%=_('Looks like you are a robot. Please, prove that you are human.')%></p> | 2 | + <div class="atention" style="font-size: 150%;"> |
| 3 | + <strong><%=_('Are you a robot?')%></strong> <br /> | ||
| 4 | + <%=_('Please, prove that you are human by filling the captcha.')%> | ||
| 5 | </div> | 5 | </div> |
| 6 | <% end %> | 6 | <% end %> |
| 7 | 7 |
public/stylesheets/application.css
| @@ -5636,16 +5636,6 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | @@ -5636,16 +5636,6 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | ||
| 5636 | 5636 | ||
| 5637 | /* Signup interface {{{ */ | 5637 | /* Signup interface {{{ */ |
| 5638 | 5638 | ||
| 5639 | -#bot-notice { | ||
| 5640 | - border: 3px solid #000; | ||
| 5641 | - background: #FE0; | ||
| 5642 | - padding: 5px 10px; | ||
| 5643 | - font-size: 150%; | ||
| 5644 | -} | ||
| 5645 | -#bot-notice p { | ||
| 5646 | - margin: 0px; | ||
| 5647 | -} | ||
| 5648 | - | ||
| 5649 | #url-check { | 5639 | #url-check { |
| 5650 | margin: 0 0 -5px 0; | 5640 | margin: 0 0 -5px 0; |
| 5651 | width: 100%; | 5641 | width: 100%; |
test/functional/account_controller_test.rb
| @@ -19,6 +19,7 @@ class AccountControllerTest < ActionController::TestCase | @@ -19,6 +19,7 @@ class AccountControllerTest < ActionController::TestCase | ||
| 19 | @controller = AccountController.new | 19 | @controller = AccountController.new |
| 20 | @request = ActionController::TestRequest.new | 20 | @request = ActionController::TestRequest.new |
| 21 | @response = ActionController::TestResponse.new | 21 | @response = ActionController::TestResponse.new |
| 22 | + disable_signup_bot_check | ||
| 22 | end | 23 | end |
| 23 | 24 | ||
| 24 | def test_local_files_reference | 25 | def test_local_files_reference |
| @@ -566,6 +567,7 @@ class AccountControllerTest < ActionController::TestCase | @@ -566,6 +567,7 @@ class AccountControllerTest < ActionController::TestCase | ||
| 566 | template.boxes[0].blocks << Block.new | 567 | template.boxes[0].blocks << Block.new |
| 567 | template.save! | 568 | template.save! |
| 568 | env = fast_create(Environment, :name => 'test_env') | 569 | env = fast_create(Environment, :name => 'test_env') |
| 570 | + disable_signup_bot_check(env) | ||
| 569 | env.settings[:person_template_id] = template.id | 571 | env.settings[:person_template_id] = template.id |
| 570 | env.save! | 572 | env.save! |
| 571 | 573 | ||
| @@ -882,26 +884,31 @@ class AccountControllerTest < ActionController::TestCase | @@ -882,26 +884,31 @@ class AccountControllerTest < ActionController::TestCase | ||
| 882 | 884 | ||
| 883 | 885 | ||
| 884 | protected | 886 | protected |
| 885 | - def new_user(options = {}, extra_options ={}) | ||
| 886 | - data = {:profile_data => person_data} | ||
| 887 | - if extra_options[:profile_data] | ||
| 888 | - data[:profile_data].merge! extra_options.delete(:profile_data) | ||
| 889 | - end | ||
| 890 | - data.merge! extra_options | ||
| 891 | - | ||
| 892 | - post :signup, { :user => { :login => 'quire', | ||
| 893 | - :email => 'quire@example.com', | ||
| 894 | - :password => 'quire', | ||
| 895 | - :password_confirmation => 'quire' | ||
| 896 | - }.merge(options) | ||
| 897 | - }.merge(data) | 887 | + def new_user(options = {}, extra_options ={}) |
| 888 | + data = {:profile_data => person_data} | ||
| 889 | + if extra_options[:profile_data] | ||
| 890 | + data[:profile_data].merge! extra_options.delete(:profile_data) | ||
| 898 | end | 891 | end |
| 892 | + data.merge! extra_options | ||
| 899 | 893 | ||
| 900 | - def auth_token(token) | ||
| 901 | - CGI::Cookie.new('name' => 'auth_token', 'value' => token) | ||
| 902 | - end | 894 | + post :signup, { :user => { :login => 'quire', |
| 895 | + :email => 'quire@example.com', | ||
| 896 | + :password => 'quire', | ||
| 897 | + :password_confirmation => 'quire' | ||
| 898 | + }.merge(options) | ||
| 899 | + }.merge(data) | ||
| 900 | + end | ||
| 903 | 901 | ||
| 904 | - def cookie_for(user) | ||
| 905 | - auth_token users(user).remember_token | ||
| 906 | - end | 902 | + def auth_token(token) |
| 903 | + CGI::Cookie.new('name' => 'auth_token', 'value' => token) | ||
| 904 | + end | ||
| 905 | + | ||
| 906 | + def cookie_for(user) | ||
| 907 | + auth_token users(user).remember_token | ||
| 908 | + end | ||
| 909 | + | ||
| 910 | + def disable_signup_bot_check(environment = Environment.default) | ||
| 911 | + environment.min_signup_delay = 0 | ||
| 912 | + environment.save! | ||
| 913 | + end | ||
| 907 | end | 914 | end |
test/integration/signup_test.rb
| @@ -7,33 +7,18 @@ class SignupTest < ActionController::IntegrationTest | @@ -7,33 +7,18 @@ class SignupTest < ActionController::IntegrationTest | ||
| 7 | ActionController::Integration::Session.any_instance.stubs(:https?).returns(true) | 7 | ActionController::Integration::Session.any_instance.stubs(:https?).returns(true) |
| 8 | end | 8 | end |
| 9 | 9 | ||
| 10 | - # helper | ||
| 11 | - def registering_with_bot_test(min_signup_delay, sleep_secs) | ||
| 12 | - env = Environment.default | ||
| 13 | - env.min_signup_delay = min_signup_delay | ||
| 14 | - env.save! | ||
| 15 | - get '/account/signup' | ||
| 16 | - assert_response :success | ||
| 17 | - get '/account/signup_time' | ||
| 18 | - assert_response :success | ||
| 19 | - data = ActiveSupport::JSON.decode response.body | ||
| 20 | - sleep sleep_secs | ||
| 21 | - post '/account/signup', :user => { :login => 'someone', :password => 'test', :password_confirmation => 'test', :email => 'someone@example.com' }, :signup_time_key => data['key'] | ||
| 22 | - assert_response :success | ||
| 23 | - end | ||
| 24 | - | ||
| 25 | - def test_signup_form_submition_must_be_blocked_for_fast_bots | ||
| 26 | - count = User.count | ||
| 27 | - registering_with_bot_test 5, 1 | 10 | + def test_signup_form_submission_must_be_blocked_for_fast_bots |
| 11 | + assert_no_difference User, :count do | ||
| 12 | + registering_with_bot_test 5, 1 | ||
| 13 | + end | ||
| 28 | assert_template 'signup' | 14 | assert_template 'signup' |
| 29 | - assert_equal count, User.count | ||
| 30 | assert_match /you are a robot/, response.body | 15 | assert_match /you are a robot/, response.body |
| 31 | end | 16 | end |
| 32 | 17 | ||
| 33 | - def test_signup_form_submition_must_not_block_after_min_signup_delay | ||
| 34 | - count = User.count | ||
| 35 | - registering_with_bot_test 1, 2 | ||
| 36 | - assert_equal count+1, User.count | 18 | + def test_signup_form_submission_must_not_block_after_min_signup_delay |
| 19 | + assert_difference User, :count, 1 do | ||
| 20 | + registering_with_bot_test 1, 2 | ||
| 21 | + end | ||
| 37 | end | 22 | end |
| 38 | 23 | ||
| 39 | def test_should_require_acceptance_of_terms_for_signup | 24 | def test_should_require_acceptance_of_terms_for_signup |
| @@ -63,4 +48,20 @@ class SignupTest < ActionController::IntegrationTest | @@ -63,4 +48,20 @@ class SignupTest < ActionController::IntegrationTest | ||
| 63 | 48 | ||
| 64 | end | 49 | end |
| 65 | 50 | ||
| 51 | + private | ||
| 52 | + | ||
| 53 | + def registering_with_bot_test(min_signup_delay, sleep_secs) | ||
| 54 | + env = Environment.default | ||
| 55 | + env.min_signup_delay = min_signup_delay | ||
| 56 | + env.save! | ||
| 57 | + get '/account/signup' | ||
| 58 | + assert_response :success | ||
| 59 | + get '/account/signup_time' | ||
| 60 | + assert_response :success | ||
| 61 | + data = ActiveSupport::JSON.decode response.body | ||
| 62 | + sleep sleep_secs | ||
| 63 | + post '/account/signup', :user => { :login => 'someone', :password => 'test', :password_confirmation => 'test', :email => 'someone@example.com' }, :signup_time_key => data['key'] | ||
| 64 | + assert_response :success | ||
| 65 | + end | ||
| 66 | + | ||
| 66 | end | 67 | end |