Add invisible_captcha on the user registration page

The default action when a user submit the form too quickly is to redirect to :back with flash error message. As we are using CableReady it's not working for us, so I render_alert_timestamp_error_message to show the error message to the user.
2026-03-01 02:03:22 +00:00 · 2024-01-23 16:30:12 +11:00
parent c68b03c0dd
commit d8876c40b8
4 changed files with 34 additions and 0 deletions
--- a/app/controllers/spree/users_controller.rb
+++ b/app/controllers/spree/users_controller.rb
@@ -8,6 +8,7 @@ module Spree

    layout 'darkswarm'

+    invisible_captcha only: [:create], on_timestamp_spam: :render_alert_timestamp_error_message
    skip_before_action :set_current_order, only: :show
    prepend_before_action :load_object, only: [:show, :edit, :update]
    prepend_before_action :authorize_actions, only: :new
@@ -101,5 +102,16 @@ module Spree
    def user_params
      ::PermittedAttributes::User.new(params).call
    end
+
+    def render_alert_timestamp_error_message
+      render cable_ready: cable_car.inner_html(
+        "#signup-feedback",
+        partial("layouts/alert",
+                locals: {
+                  type: "alert",
+                  message: InvisibleCaptcha.timestamp_error_message
+                })
+      )
+    end
  end
 end
--- a/app/views/layouts/_signup_tab.html.haml
+++ b/app/views/layouts/_signup_tab.html.haml
@@ -23,3 +23,4 @@
    .row
      .large-12.columns
        = form.submit t(:action_signup), { class: "button primary", tabindex: 4 }
+        = form.invisible_captcha 
--- a/config/initializers/invisible_captcha.rb
+++ b/config/initializers/invisible_captcha.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+InvisibleCaptcha.setup do |config|
+  # Disable timestamp check for test environment
+  config.timestamp_enabled = !Rails.env.test?
+end
--- a/spec/system/consumer/authentication_spec.rb
+++ b/spec/system/consumer/authentication_spec.rb
@@ -108,6 +108,21 @@ describe "Authentication" do
            expect(page).to have_content "doesn't match"
          end

+          it "Failing to sign up because the user is too quick" do
+            InvisibleCaptcha.timestamp_enabled = true
+            InvisibleCaptcha.timestamp_threshold = 30
+
+            fill_in "Your email", with: user.email
+            fill_in "Choose a password", with: "test12345"
+            fill_in "Confirm password", with: "test12345"
+            click_signup_button
+
+            expect(page).to have_content "Sorry, that was too quick! Please resubmit."
+
+            InvisibleCaptcha.timestamp_enabled = false
+            InvisibleCaptcha.timestamp_threshold = 30
+          end
+
          it "Signing up successfully" do
            fill_in "Your email", with: "test@foo.com"
            fill_in "Choose a password", with: "test12345"