Add honeypot fields and minimum fill-out time for sign-up form (#15276)

* Add honeypot fields to limit non-specialized spam Add two honeypot fields: a fake website input and a fake password confirmation one. The label/placeholder/aria-label tells not to fill them, and they are hidden in CSS, so legitimate users should not fall into these. This should cut down on some non-Mastodon-specific spambots. * Require a 3 seconds delay before submitting the registration form * Fix tests * Move registration form time check to model validation * Give people a chance to clear the honeypot fields * Refactor honeypot translation strings Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
parent 9669167aae
commit 49eb4d4ddf
13 changed files with 70 additions and 5 deletions
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -751,6 +751,7 @@ en:
      functional: Your account is fully operational.
      pending: Your application is pending review by our staff. This may take some time. You will receive an e-mail if your application is approved.
      redirecting_to: Your account is inactive because it is currently redirecting to %{acct}.
+    too_fast: Form submitted too fast, try again.
    trouble_logging_in: Trouble logging in?
    use_security_key: Use security key
  authorize_follow:
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@ -126,6 +126,7 @@ en:
        expires_in: Expire after
        fields: Profile metadata
        header: Header
+        honeypot: "%{label} (do not fill in)"
        inbox_url: URL of the relay inbox
        irreversible: Drop instead of hide
        locale: Interface language