From d8876c40b899f2cfe259ac3d02146234c3038b31 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Tue, 23 Jan 2024 16:30:12 +1100 Subject: [PATCH] Add invisible_captcha on the user registration page The default action when a user submit the form too quickly is to redirect to :back with flash error message. As we are using CableReady it's not working for us, so I render_alert_timestamp_error_message to show the error message to the user. --- app/controllers/spree/users_controller.rb | 12 ++++++++++++ app/views/layouts/_signup_tab.html.haml | 1 + config/initializers/invisible_captcha.rb | 6 ++++++ spec/system/consumer/authentication_spec.rb | 15 +++++++++++++++ 4 files changed, 34 insertions(+) create mode 100644 config/initializers/invisible_captcha.rb diff --git a/app/controllers/spree/users_controller.rb b/app/controllers/spree/users_controller.rb index 6fdcebe89b..60b7b33e26 100644 --- a/app/controllers/spree/users_controller.rb +++ b/app/controllers/spree/users_controller.rb @@ -8,6 +8,7 @@ module Spree layout 'darkswarm' + invisible_captcha only: [:create], on_timestamp_spam: :render_alert_timestamp_error_message skip_before_action :set_current_order, only: :show prepend_before_action :load_object, only: [:show, :edit, :update] prepend_before_action :authorize_actions, only: :new @@ -101,5 +102,16 @@ module Spree def user_params ::PermittedAttributes::User.new(params).call end + + def render_alert_timestamp_error_message + render cable_ready: cable_car.inner_html( + "#signup-feedback", + partial("layouts/alert", + locals: { + type: "alert", + message: InvisibleCaptcha.timestamp_error_message + }) + ) + end end end diff --git a/app/views/layouts/_signup_tab.html.haml b/app/views/layouts/_signup_tab.html.haml index 5d2af646e5..f25bf2024d 100644 --- a/app/views/layouts/_signup_tab.html.haml +++ b/app/views/layouts/_signup_tab.html.haml @@ -23,3 +23,4 @@ .row .large-12.columns = form.submit t(:action_signup), { class: "button primary", tabindex: 4 } + = form.invisible_captcha diff --git a/config/initializers/invisible_captcha.rb b/config/initializers/invisible_captcha.rb new file mode 100644 index 0000000000..bf00691a0c --- /dev/null +++ b/config/initializers/invisible_captcha.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +InvisibleCaptcha.setup do |config| + # Disable timestamp check for test environment + config.timestamp_enabled = !Rails.env.test? +end diff --git a/spec/system/consumer/authentication_spec.rb b/spec/system/consumer/authentication_spec.rb index 7951704440..9581b4c467 100644 --- a/spec/system/consumer/authentication_spec.rb +++ b/spec/system/consumer/authentication_spec.rb @@ -108,6 +108,21 @@ describe "Authentication" do expect(page).to have_content "doesn't match" end + it "Failing to sign up because the user is too quick" do + InvisibleCaptcha.timestamp_enabled = true + InvisibleCaptcha.timestamp_threshold = 30 + + fill_in "Your email", with: user.email + fill_in "Choose a password", with: "test12345" + fill_in "Confirm password", with: "test12345" + click_signup_button + + expect(page).to have_content "Sorry, that was too quick! Please resubmit." + + InvisibleCaptcha.timestamp_enabled = false + InvisibleCaptcha.timestamp_threshold = 30 + end + it "Signing up successfully" do fill_in "Your email", with: "test@foo.com" fill_in "Choose a password", with: "test12345"