diff --git a/app/Access/Controllers/RegisterController.php b/app/Access/Controllers/RegisterController.php index 13b97f03c..e9812aa5d 100644 --- a/app/Access/Controllers/RegisterController.php +++ b/app/Access/Controllers/RegisterController.php @@ -15,24 +15,13 @@ use Illuminate\Validation\Rules\Password; class RegisterController extends Controller { - protected SocialDriverManager $socialDriverManager; - protected RegistrationService $registrationService; - protected LoginService $loginService; - - /** - * Create a new controller instance. - */ public function __construct( - SocialDriverManager $socialDriverManager, - RegistrationService $registrationService, - LoginService $loginService + protected SocialDriverManager $socialDriverManager, + protected RegistrationService $registrationService, + protected LoginService $loginService ) { $this->middleware('guest'); $this->middleware('guard:standard'); - - $this->socialDriverManager = $socialDriverManager; - $this->registrationService = $registrationService; - $this->loginService = $loginService; } /** @@ -87,6 +76,8 @@ class RegisterController extends Controller 'name' => ['required', 'min:2', 'max:100'], 'email' => ['required', 'email', 'max:255', 'unique:users'], 'password' => ['required', Password::default()], + // Basic honey for bots that must not be filled in + 'username' => ['prohibited'], ]); } } diff --git a/resources/sass/_forms.scss b/resources/sass/_forms.scss index e480531fc..e6d062ce8 100644 --- a/resources/sass/_forms.scss +++ b/resources/sass/_forms.scss @@ -389,6 +389,20 @@ input[type=color] { } } +.form-group.ambrosia-container, .form-group.ambrosia-container * { + position:absolute !important; + height:1px !important; + width:1px !important; + margin:-1px !important; + padding:0 !important; + background:transparent !important; + color:transparent !important; + border:none !important; + overflow: hidden !important; + clip: rect(0,0,0,0) !important; + white-space: nowrap !important; +} + .title-input input[type="text"] { display: block; width: 100%; @@ -538,4 +552,4 @@ input.shortcut-input { width: auto; max-width: 120px; height: auto; -} \ No newline at end of file +} diff --git a/resources/views/auth/register.blade.php b/resources/views/auth/register.blade.php index d345b037a..1ea712e1d 100644 --- a/resources/views/auth/register.blade.php +++ b/resources/views/auth/register.blade.php @@ -13,8 +13,14 @@
{!! csrf_field() !!} + {{-- Simple honeypot field --}} + +
- + @include('form.text', ['name' => 'name'])
diff --git a/tests/Auth/RegistrationTest.php b/tests/Auth/RegistrationTest.php index ff1a9d66b..60ae17573 100644 --- a/tests/Auth/RegistrationTest.php +++ b/tests/Auth/RegistrationTest.php @@ -184,4 +184,23 @@ class RegistrationTest extends TestCase $resp->assertSee('The email must be a valid email address.'); $resp->assertSee('The password must be at least 8 characters.'); } + + public function test_registration_simple_honeypot_active() + { + $this->setSettings(['registration-enabled' => 'true']); + + $resp = $this->get('/register'); + $this->withHtml($resp)->assertElementExists('form input[name="username"]'); + + $resp = $this->post('/register', [ + 'name' => 'Barry', + 'email' => 'barrybot@example.com', + 'password' => 'barryIsTheBestBot', + 'username' => 'MyUsername' + ]); + $resp->assertRedirect('/register'); + + $resp = $this->followRedirects($resp); + $this->withHtml($resp)->assertElementExists('form input[name="username"].text-neg'); + } }