github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add honeypot and challenge to signup form

Browse Source
This commit is contained in:
Neil Lalonde
2013-02-06 19:25:21 -05:00
parent f79f0e740a
commit 471c61fd69
7 changed files with 86 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/users_controller.rb
View File

@ -123,6 +123,12 @@ class UsersController < ApplicationController
end
def create
if params[:password_confirmation] != honeypot_value or params[:challenge] != challenge_value.try(:reverse)
# Don't give any indication that we caught you in the honeypot
return render(:json => {success: true, active: false, message: I18n.t("login.activate_email", email: params[:email]) })
end
user = User.new
user.name = params[:name]
user.email = params[:email]
@ -183,6 +189,10 @@ class UsersController < ApplicationController
render json: {errors: [I18n.t("mothership.access_token_problem")]}
end
def get_honeypot_value
render json: {value: honeypot_value, challenge: challenge_value}
end
# all avatars are funneled through here
def avatar
@ -320,6 +330,14 @@ class UsersController < ApplicationController
private
def honeypot_value
Digest::SHA1::hexdigest("#{Discourse.current_hostname}:#{Discourse::Application.config.secret_token}")[0,15]
end
def challenge_value
'3019774c067cc2b'
end
def fetch_user_from_params
username_lower = params[:username].downcase
username_lower.gsub!(/\.json$/, '')