From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 24 Dec 2019 11:53:36 +0000 (+0100)
Subject: accounts: Drop username check from StopForumSpam
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a5343559e5d2a5484863b3130a9bc4da6af90a8e;p=ipfire.org.git

accounts: Drop username check from StopForumSpam

This caused many false positives and I am not aware that
this has actually stopped any spammers from registering.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index cc849bc2..ee7fca08 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -373,8 +373,8 @@ class Accounts(Object):
 
 		return res.c or 0
 
-	async def check_spam(self, uid, email, address):
-		sfs = StopForumSpam(self.backend, uid, email, address)
+	async def check_spam(self, email, address):
+		sfs = StopForumSpam(self.backend, email, address)
 
 		# Get spam score
 		score = await sfs.check()
@@ -1168,8 +1168,8 @@ class Account(LDAPObject):
 
 
 class StopForumSpam(Object):
-	def init(self, uid, email, address):
-		self.uid, self.email, self.address = uid, email, address
+	def init(self, email, address):
+		self.email, self.address = email, address
 
 	async def send_request(self, **kwargs):
 		arguments = {
@@ -1201,18 +1201,6 @@ class StopForumSpam(Object):
 
 		return confidence
 
-	async def check_username(self):
-		response = await self.send_request(username=self.uid)
-
-		try:
-			confidence = response["username"]["confidence"]
-		except KeyError:
-			confidence = 100
-
-		logging.debug("Confidence for %s: %s" % (self.uid, confidence))
-
-		return confidence
-
 	async def check_email(self):
 		response = await self.send_request(email=self.email)
 
@@ -1233,10 +1221,7 @@ class StopForumSpam(Object):
 			address and username and if those are on the database, we
 			will send the email address as well.
 		"""
-		confidences = [await self.check_address(), await self.check_username()]
-
-		if any((c < threshold for c in confidences)):
-			confidences.append(await self.check_email())
+		confidences = [await self.check_address(), await self.check_email()]
 
 		# Build a score based on the lowest confidence
 		return 100 - min(confidences)
diff --git a/src/web/auth.py b/src/web/auth.py
index 2bb232c9..5594a6dd 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -99,7 +99,7 @@ class RegisterHandler(CacheMixin, base.BaseHandler):
 		last_name  = self.get_argument("last_name")
 
 		# Check if this is a spam account
-		is_spam = await self.backend.accounts.check_spam(uid, email,
+		is_spam = await self.backend.accounts.check_spam(email,
 			address=self.get_remote_ip())
 
 		if is_spam: