store honeypot challenge in redis for extra security

2025-05-31 00:17:17 +08:00 · 2013-08-23 16:19:23 +10:00
parent 011d3cf779
commit 90dddb4395
1 changed files with 7 additions and 1 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -415,7 +415,13 @@ class UsersController < ApplicationController
    end

    def challenge_value
-      '3019774c067cc2b'
+      challenge = $redis.get('SECRET_CHALLENGE')
+      unless challenge && challenge.length == 16*2
+        challenge = SecureRandom.hex(16)
+        $redis.set('SECRET_CHALLENGE',challenge)
+      end
+
+      challenge
    end

    def suspicious?(params)