Added check to RegistrationsController for checking if form was submitted too quickly

• Added:
- check to RegistrationsController for checking if form was submitted too quickly

app/controllers/auth/registrations_controller.rb

@@ -9,6 +9,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  before_action :set_instance_presenter, only: [:new, :create, :update]
  before_action :set_body_classes, only: [:new, :create, :edit, :update]
  before_action :set_cache_headers, only: [:edit, :update]
+ prepend_before_action :check_form_submission_speed, only: [:create]
  prepend_before_action :check_if_password_email_identical, only: [:create]
  if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
  # captcha disabled if key not defined
@@ -67,6 +68,15 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
  private
 
+ def check_form_submission_speed
+ if session[:registration_form_time] > 10.seconds.ago
+ flash[:alert] = I18n.t('auth.too_fast')
+ respond_with_navigational(resource) {
+ redirect_to new_user_registration_path
+ }
+ end
+ end
+
  def check_if_password_email_identical
  if params[:user][:email] == params[:user][:password]
  flash[:alert] = "Your email cannot be your password. Please enter a new password."
@@ -98,6 +108,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
  def set_challenge_buster
  @challenge_buster = SecureRandom.hex
+ session[:registration_form_time] = Time.now.utc
  end
 
  def passed_challenge?(serverToken, userParams)

config/locales/en.yml

@@ -572,6 +572,7 @@ en:
  reset_password: Reset password
  security: Security
  set_new_password: Set new password
+ too_fast: Form submitted too fast, try again.
  trouble_logging_in: Trouble logging in?
  authorize_follow:
  already_following: You are already following this account