From f00e3b823030920738245eb763a33338c9153350 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 31 Oct 2024 11:18:21 -0300
Subject: [PATCH] =?UTF-8?q?feat:=20bloquear=20spambots=20despu=C3=A9s=20de?=
 =?UTF-8?q?=20un=20minuto=20#17722?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/registrations_controller.rb | 22 +++++++++++++++++++++
 app/jobs/lock_usuarie_job.rb                | 19 ++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 app/jobs/lock_usuarie_job.rb

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index c9f21b53..4ba0b7c7 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -7,6 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
   class SpambotError < StandardError; end
 
   prepend_before_action :anti_spambot_traps, only: %i[create]
+  prepend_after_action :lock_spambots, only: %i[create]
 
   private
 
@@ -18,6 +19,15 @@ class RegistrationsController < Devise::RegistrationsController
     @spambot ||= params.dig(:usuarie, :name).present?
   end
 
+  # Bloquea las cuentas de spam dentro de un minuto, para hacerles creer
+  # que la cuenta se creó correctamente.
+  def lock_spambots
+    return unless spambot?
+    return unless current_usuarie
+
+    LockUsuarieJob.set(wait: 1.minute).perform_later(usuarie: current_usuarie)
+  end
+
   # Detecta e informa spambots muy simples
   #
   # @return [nil]
@@ -38,4 +48,16 @@ class RegistrationsController < Devise::RegistrationsController
       p['usuarie'].delete 'password_confirmation'
     end
   end
+
+  # Si le usuarie es considerade spambot, no enviamos el correo de
+  # confirmación al crear la cuenta.
+  def sign_up_params
+    if spambot?
+      params[:usuarie][:confirmed_at] = Time.now.utc
+
+      devise_parameter_sanitizer.permit(:sign_up, keys: %i[confirmed_at])
+    end
+
+    super
+  end
 end
diff --git a/app/jobs/lock_usuarie_job.rb b/app/jobs/lock_usuarie_job.rb
new file mode 100644
index 00000000..94640857
--- /dev/null
+++ b/app/jobs/lock_usuarie_job.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Bloquea el acceso a une usuarie
+class LockUsuarieJob < ApplicationJob
+  # Cambiamos la contraseña, aplicamos un bloqueo y cerramos la sesión
+  # para que no pueda volver a entrar hasta que siga las instrucciones
+  # de desbloqueo.
+  #
+  # @param :usuarie [Usuarie]
+  # @return [nil]
+  def perform(usuarie:)
+    password = SecureRandom.base36
+
+    usuarie.skip_password_change_notification!
+    usuarie.update(password: password, password_confirmation: password, remember_created_at: nil, locked_at: Time.utc.now)
+
+    nil
+  end
+end