]> git.ipfire.org Git - ipfire.org.git/commitdiff
projects / ipfire.org.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c663d17)
auth: Add a honeypot to stop all those spam registrations
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 12 Mar 2025 16:48:32 +0000 (16:48 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 12 Mar 2025 16:48:32 +0000 (16:48 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/templates/auth/join.html patch | blob | blame | history
src/web/auth.py patch | blob | blame | history

diff --git a/src/templates/auth/join.html b/src/templates/auth/join.html
index 2ff60be835844a88dbdf57b9997ed92644fdd459..08ac9257785ea7459d7b5b14dd9cee8e5f30181f 100644 (file)
--- a/src/templates/auth/join.html
+++ b/src/templates/auth/join.html
@@ -98,6 +98,16 @@
                                                        </div>
                                                </div>
 
+                                               {# Honeypot Field #}
+                                               <div class="block">
+                                                       <div class="field">
+                                                               <p class="control">
+                                                                       <input class="input is-hidden" type="text" name="honey"
+                                                                               placeholder="{{ _("Give me honey") }}">
+                                                               </p>
+                                                       </div>
+                                               </div>
+
                                                <div class="field">
                                                        <div class="control">
                                                                <button class="button is-primary is-medium is-fullwidth">
diff --git a/src/web/auth.py b/src/web/auth.py
index 126673b7fdbb4048b22d3b906b68706c740f3231..76cc91294aa7815b450895616421b113e2edd364 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -91,6 +91,11 @@ class JoinHandler(base.AnalyticsMixin, base.BaseHandler):
                first_name = self.get_argument("first_name")
                last_name  = self.get_argument("last_name")
 
+               # If the honey field has been set, we probably have a bot
+               honey = self.get_argument("honey", None)
+               if honey:
+                       raise tornado.web.HTTPError(503)
+
                # Register account
                try:
                        with self.db.transaction():
The website of ipfire.org.