diff --git a/app/controllers/organizations/registrations_controller.rb b/app/controllers/organizations/registrations_controller.rb index b0b177f09..29d45a108 100644 --- a/app/controllers/organizations/registrations_controller.rb +++ b/app/controllers/organizations/registrations_controller.rb @@ -1,5 +1,7 @@ class Organizations::RegistrationsController < Devise::RegistrationsController + invisible_captcha only: [:create], honeypot: :address, scope: :user, on_timestamp_spam: :redirect_timestamp_spam + def new super do |user| user.build_organization diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb index da9fc1372..0c1e067fb 100644 --- a/app/controllers/users/registrations_controller.rb +++ b/app/controllers/users/registrations_controller.rb @@ -1,6 +1,8 @@ class Users::RegistrationsController < Devise::RegistrationsController prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy, :finish_signup, :do_finish_signup] + invisible_captcha only: [:create], honeypot: :family_name, scope: :user, on_timestamp_spam: :redirect_timestamp_spam + def new super do |user| user.use_redeemable_code = true if params[:use_redeemable_code].present? diff --git a/app/views/organizations/registrations/new.html.erb b/app/views/organizations/registrations/new.html.erb index 01483fda5..3b1763e83 100644 --- a/app/views/organizations/registrations/new.html.erb +++ b/app/views/organizations/registrations/new.html.erb @@ -17,6 +17,8 @@ <%= f.text_field :phone_number, placeholder: t("devise_views.organizations.registrations.new.phone_number_label") %> + <%= f.invisible_captcha :address %> + <%= f.password_field :password, autocomplete: "off", placeholder: t("devise_views.organizations.registrations.new.password_label") %> diff --git a/app/views/users/registrations/new.html.erb b/app/views/users/registrations/new.html.erb index fa9d71118..f2f1827ba 100644 --- a/app/views/users/registrations/new.html.erb +++ b/app/views/users/registrations/new.html.erb @@ -21,6 +21,8 @@

<%= t("devise_views.users.registrations.new.username_note") %>

<%= f.text_field :username, maxlength: User.username_max_length, placeholder: t("devise_views.users.registrations.new.username_label"), label: false %> + <%= f.invisible_captcha :family_name %> + <%= f.email_field :email, placeholder: t("devise_views.users.registrations.new.email_label") %> diff --git a/spec/features/organizations_spec.rb b/spec/features/organizations_spec.rb index 343f31228..3a84d7adf 100644 --- a/spec/features/organizations_spec.rb +++ b/spec/features/organizations_spec.rb @@ -23,6 +23,41 @@ feature 'Organizations' do expect(user.organization).to_not be_verified end + scenario 'Create with invisible_captcha honeypot field' do + visit new_organization_registration_path + + fill_in 'user_organization_attributes_name', with: 'robot' + fill_in 'user_address', with: 'This is the honeypot field' + fill_in 'user_organization_attributes_responsible_name', with: 'Robots are more responsible than humans' + fill_in 'user_email', with: 'robot@robot.com' + fill_in 'user_password', with: 'destroyallhumans' + fill_in 'user_password_confirmation', with: 'destroyallhumans' + + check 'user_terms_of_service' + + click_button 'Register' + + expect(page.status_code).to eq(200) + expect(page.html).to be_empty + expect(current_path).to eq(organization_registration_path) + end + + scenario 'Create organization too fast' do + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY) + visit new_organization_registration_path + fill_in 'user_organization_attributes_name', with: 'robot' + fill_in 'user_organization_attributes_responsible_name', with: 'Robots are more responsible than humans' + fill_in 'user_email', with: 'robot@robot.com' + fill_in 'user_password', with: 'destroyallhumans' + fill_in 'user_password_confirmation', with: 'destroyallhumans' + + click_button 'Register' + + expect(page).to have_content 'Sorry, that was too quick! Please resubmit' + + expect(current_path).to eq(root_path) + end + scenario 'Errors on create' do visit new_organization_registration_path diff --git a/spec/features/registration_form_spec.rb b/spec/features/registration_form_spec.rb index b14b200a0..42a5645dc 100644 --- a/spec/features/registration_form_spec.rb +++ b/spec/features/registration_form_spec.rb @@ -43,4 +43,40 @@ feature 'Registration form' do expect(new_user.redeemable_code).to be_nil end + scenario 'Create with invisible_captcha honeypot field' do + visit new_user_registration_path + + fill_in 'user_username', with: "robot" + fill_in 'user_family_name', with: 'This is the honeypot field' + fill_in 'user_email', with: 'robot@robot.com' + fill_in 'user_password', with: 'destroyallhumans' + fill_in 'user_password_confirmation', with: 'destroyallhumans' + check 'user_terms_of_service' + + click_button 'Register' + + expect(page.status_code).to eq(200) + expect(page.html).to be_empty + expect(current_path).to eq(user_registration_path) + end + + scenario 'Create organization too fast' do + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY) + visit new_user_registration_path + + fill_in 'user_username', with: "robot" + fill_in 'user_family_name', with: 'This is the honeypot field' + fill_in 'user_email', with: 'robot@robot.com' + fill_in 'user_password', with: 'destroyallhumans' + fill_in 'user_password_confirmation', with: 'destroyallhumans' + check 'user_terms_of_service' + + click_button 'Register' + + expect(page).to have_content 'Sorry, that was too quick! Please resubmit' + + expect(current_path).to eq(root_path) + end + + end