Mercurial > p > roundup > code
diff roundup/cgi/actions.py @ 5973:fe334430ca07
issue2550919 - Anti-bot signup using 4 second delay
Took the code by erik forsberg and massaged it into the core.
So this is no longer needed in the tracker.
Updated devel and responsive trackers to remove timestamp.py and
update input field name.
Docs, changes and tests complete. Hopefully these tracker changes
won't cause an issue for other tests.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 09 Nov 2019 00:30:37 -0500 |
| parents | 5d0873a4de4a |
| children | 71c68961d9f4 |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Thu Nov 07 21:09:02 2019 -0500 +++ b/roundup/cgi/actions.py Sat Nov 09 00:30:37 2019 -0500 @@ -6,6 +6,7 @@ from roundup.cgi import exceptions, templating from roundup.mailgw import uidFromAddress from roundup.rate_limit import Gcra, RateLimit +from roundup.cgi.timestamp import Timestamped from roundup.exceptions import Reject, RejectRaw from roundup.anypy import urllib_ from roundup.anypy.strings import StringIO @@ -1036,7 +1037,7 @@ return return self.finishRego() -class RegisterAction(RegoCommon, EditCommon): +class RegisterAction(RegoCommon, EditCommon, Timestamped): name = 'register' permissionType = 'Register' @@ -1050,6 +1051,15 @@ if self.client.env['REQUEST_METHOD'] != 'POST': raise Reject(self._('Invalid request')) + # try to make sure user is not a bot by checking the + # hidden field opaqueregister to make sure it's at least + # WEB_REGISTRATION_DELAY seconds. If set to 0, + # disable the check. + delaytime = self.db.config['WEB_REGISTRATION_DELAY'] + + if delaytime > 0: + self.timecheck('opaqueregister', delaytime) + # parse the props from the form try: props, links = self.client.parsePropsFromForm(create=1)