catstodon/app/views/auth
ThibG 49eb4d4ddf
Add honeypot fields and minimum fill-out time for sign-up form (#15276)
* Add honeypot fields to limit non-specialized spam

Add two honeypot fields: a fake website input and a fake password confirmation
one. The label/placeholder/aria-label tells not to fill them, and they are
hidden in CSS, so legitimate users should not fall into these.

This should cut down on some non-Mastodon-specific spambots.

* Require a 3 seconds delay before submitting the registration form

* Fix tests

* Move registration form time check to model validation

* Give people a chance to clear the honeypot fields

* Refactor honeypot translation strings

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-10 06:27:26 +01:00
..
challenges Add password challenge to 2FA settings, e-mail notifications (#11878) 2019-09-18 16:37:27 +02:00
confirmations Change unconfirmed user login behaviour (#11375) 2019-07-22 10:48:50 +02:00
passwords Add client-side validation in password change forms (#14564) 2020-08-12 12:11:15 +02:00
registrations Add honeypot fields and minimum fill-out time for sign-up form (#15276) 2020-12-10 06:27:26 +01:00
sessions Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228) 2020-11-28 05:17:53 +01:00
setup Change account deletion page to have better explanations (#11753) 2019-09-04 04:13:54 +02:00
shared Add password challenge to 2FA settings, e-mail notifications (#11878) 2019-09-18 16:37:27 +02:00