Added check to RegistrationsController for checking if form was submitted too quickly

• Added:
- check to RegistrationsController for checking if form was submitted too quickly
This commit is contained in:
Developer 2021-02-18 21:35:09 -05:00
parent 5149c613f2
commit c18bcf2b21
2 changed files with 12 additions and 0 deletions

View File

@ -9,6 +9,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
before_action :set_instance_presenter, only: [:new, :create, :update]
before_action :set_body_classes, only: [:new, :create, :edit, :update]
before_action :set_cache_headers, only: [:edit, :update]
prepend_before_action :check_form_submission_speed, only: [:create]
prepend_before_action :check_if_password_email_identical, only: [:create]
if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
# captcha disabled if key not defined
@ -67,6 +68,15 @@ class Auth::RegistrationsController < Devise::RegistrationsController
private
def check_form_submission_speed
if session[:registration_form_time] > 10.seconds.ago
flash[:alert] = I18n.t('auth.too_fast')
respond_with_navigational(resource) {
redirect_to new_user_registration_path
}
end
end
def check_if_password_email_identical
if params[:user][:email] == params[:user][:password]
flash[:alert] = "Your email cannot be your password. Please enter a new password."
@ -98,6 +108,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
def set_challenge_buster
@challenge_buster = SecureRandom.hex
session[:registration_form_time] = Time.now.utc
end
def passed_challenge?(serverToken, userParams)

View File

@ -572,6 +572,7 @@ en:
reset_password: Reset password
security: Security
set_new_password: Set new password
too_fast: Form submitted too fast, try again.
trouble_logging_in: Trouble logging in?
authorize_follow:
already_following: You are already following this account