mirror of
https://0xacab.org/sutty/sutty
synced 2024-11-25 23:06:22 +00:00
feat: bloquear spambots después de un minuto #17722
This commit is contained in:
parent
93ad72f86d
commit
f00e3b8230
2 changed files with 41 additions and 0 deletions
|
@ -7,6 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
|
|||
class SpambotError < StandardError; end
|
||||
|
||||
prepend_before_action :anti_spambot_traps, only: %i[create]
|
||||
prepend_after_action :lock_spambots, only: %i[create]
|
||||
|
||||
private
|
||||
|
||||
|
@ -18,6 +19,15 @@ class RegistrationsController < Devise::RegistrationsController
|
|||
@spambot ||= params.dig(:usuarie, :name).present?
|
||||
end
|
||||
|
||||
# Bloquea las cuentas de spam dentro de un minuto, para hacerles creer
|
||||
# que la cuenta se creó correctamente.
|
||||
def lock_spambots
|
||||
return unless spambot?
|
||||
return unless current_usuarie
|
||||
|
||||
LockUsuarieJob.set(wait: 1.minute).perform_later(usuarie: current_usuarie)
|
||||
end
|
||||
|
||||
# Detecta e informa spambots muy simples
|
||||
#
|
||||
# @return [nil]
|
||||
|
@ -38,4 +48,16 @@ class RegistrationsController < Devise::RegistrationsController
|
|||
p['usuarie'].delete 'password_confirmation'
|
||||
end
|
||||
end
|
||||
|
||||
# Si le usuarie es considerade spambot, no enviamos el correo de
|
||||
# confirmación al crear la cuenta.
|
||||
def sign_up_params
|
||||
if spambot?
|
||||
params[:usuarie][:confirmed_at] = Time.now.utc
|
||||
|
||||
devise_parameter_sanitizer.permit(:sign_up, keys: %i[confirmed_at])
|
||||
end
|
||||
|
||||
super
|
||||
end
|
||||
end
|
||||
|
|
19
app/jobs/lock_usuarie_job.rb
Normal file
19
app/jobs/lock_usuarie_job.rb
Normal file
|
@ -0,0 +1,19 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
# Bloquea el acceso a une usuarie
|
||||
class LockUsuarieJob < ApplicationJob
|
||||
# Cambiamos la contraseña, aplicamos un bloqueo y cerramos la sesión
|
||||
# para que no pueda volver a entrar hasta que siga las instrucciones
|
||||
# de desbloqueo.
|
||||
#
|
||||
# @param :usuarie [Usuarie]
|
||||
# @return [nil]
|
||||
def perform(usuarie:)
|
||||
password = SecureRandom.base36
|
||||
|
||||
usuarie.skip_password_change_notification!
|
||||
usuarie.update(password: password, password_confirmation: password, remember_created_at: nil, locked_at: Time.utc.now)
|
||||
|
||||
nil
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue