From 93ad72f86d27aa55f26251304a07424dea89a117 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 31 Oct 2024 11:17:21 -0300
Subject: [PATCH] =?UTF-8?q?fix:=20detecci=C3=B3n=20de=20spambots=20y=20rep?=
 =?UTF-8?q?orte=20an=C3=B3nimo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/registrations_controller.rb | 27 ++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 353d0c17..c9f21b53 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -10,11 +10,32 @@ class RegistrationsController < Devise::RegistrationsController
 
   private
 
-  # Detecta spambots simples
+  # Condiciones bajo las que consideramos que un registro viene de unx
+  # spambot
+  #
+  # @return [Bool]
+  def spambot?
+    @spambot ||= params.dig(:usuarie, :name).present?
+  end
+
+  # Detecta e informa spambots muy simples
+  #
+  # @return [nil]
   def anti_spambot_traps
-    raise SpambotError if params.dig(:usuarie, :name).blank?
+    raise SpambotError if spambot?
   rescue SpambotError => e
-    ExceptionNotifier.notify_exception(e, data: { params: params })
+    ExceptionNotifier.notify_exception(e, data: { params: anonymized_params })
     nil
   end
+
+  # Devuelve parámetros anonimizados para prevenir filtrar la contraseña
+  # de falsos positivos.
+  #
+  # @return [Hash]
+  def anonymized_params
+    params.except(:authenticity_token).permit!.to_h.tap do |p|
+      p['usuarie'].delete 'password'
+      p['usuarie'].delete 'password_confirmation'
+    end
+  end
 end