Registration: Reviewed added simple honeypot, added testing

Also cleaned up old RegistrationController syntax. Review of #4970
2024-09-19 15:56:22 +00:00 · 2024-05-04 13:59:41 +01:00 · 2024-05-04 13:59:41 +01:00 · 5c28bcf865
commit 5c28bcf865
parent 0d2a268be0
3 changed files with 26 additions and 16 deletions
--- a/app/Access/Controllers/RegisterController.php
+++ b/app/Access/Controllers/RegisterController.php
@ -15,24 +15,13 @@ use Illuminate\Validation\Rules\Password;

 class RegisterController extends Controller
 {
-    protected SocialDriverManager $socialDriverManager;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
-
-    /**
-     * Create a new controller instance.
-     */
    public function __construct(
-        SocialDriverManager $socialDriverManager,
-        RegistrationService $registrationService,
-        LoginService $loginService
+        protected SocialDriverManager $socialDriverManager,
+        protected RegistrationService $registrationService,
+        protected LoginService $loginService
    ) {
        $this->middleware('guest');
        $this->middleware('guard:standard');
-
-        $this->socialDriverManager = $socialDriverManager;
-        $this->registrationService = $registrationService;
-        $this->loginService = $loginService;
    }

    /**
@ -87,7 +76,8 @@ class RegisterController extends Controller
            'name'     => ['required', 'min:2', 'max:100'],
            'email'    => ['required', 'email', 'max:255', 'unique:users'],
            'password' => ['required', Password::default()],
-            'username' => ['prohibited'], // this is a honeypot for bots that must not be filled in
+            // Basic honey for bots that must not be filled in
+            'username' => ['prohibited'],
        ]);
    }
 }
--- a/resources/views/auth/register.blade.php
+++ b/resources/views/auth/register.blade.php
@ -13,8 +13,9 @@
            <form action="{{ url("/register") }}" method="POST" class="mt-l stretch-inputs">
                {!! csrf_field() !!}

+                {{-- Simple honeypot field --}}
                <div class="form-group ambrosia-container" aria-hidden="true">
-                    <label for="name">{{ trans('auth.name') }}</label>
+                    <label for="username">{{ trans('auth.name') }}</label>
                    @include('form.text', ['name' => 'username'])
                </div>

--- a/tests/Auth/RegistrationTest.php
+++ b/tests/Auth/RegistrationTest.php
@ -184,4 +184,23 @@ class RegistrationTest extends TestCase
        $resp->assertSee('The email must be a valid email address.');
        $resp->assertSee('The password must be at least 8 characters.');
    }
+
+    public function test_registration_simple_honeypot_active()
+    {
+        $this->setSettings(['registration-enabled' => 'true']);
+
+        $resp = $this->get('/register');
+        $this->withHtml($resp)->assertElementExists('form input[name="username"]');
+
+        $resp = $this->post('/register', [
+            'name' => 'Barry',
+            'email' => 'barrybot@example.com',
+            'password' => 'barryIsTheBestBot',
+            'username' => 'MyUsername'
+        ]);
+        $resp->assertRedirect('/register');
+
+        $resp = $this->followRedirects($resp);
+        $this->withHtml($resp)->assertElementExists('form input[name="username"].text-neg');
+    }
 }