Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Registration: Reviewed added simple honeypot, added testing

Browse Source 
Also cleaned up old RegistrationController syntax.
Review of #4970
This commit is contained in:
Dan Brown 2024-05-04 13:59:41 +01:00
parent 0d2a268be0
commit 5c28bcf865
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
3 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
app/Access/Controllers/RegisterController.php
View File

@ -15,24 +15,13 @@ use Illuminate\Validation\Rules\Password;
class RegisterController extends Controller class RegisterController extends Controller
{ {
protected SocialDriverManager $socialDriverManager;
protected RegistrationService $registrationService;
protected LoginService $loginService;
/**
* Create a new controller instance.
*/
public function __construct( public function __construct(
SocialDriverManager $socialDriverManager, protected SocialDriverManager $socialDriverManager,
RegistrationService $registrationService, protected RegistrationService $registrationService,
LoginService $loginService protected LoginService $loginService
) { ) {
$this->middleware('guest'); $this->middleware('guest');
$this->middleware('guard:standard'); $this->middleware('guard:standard');
$this->socialDriverManager = $socialDriverManager;
$this->registrationService = $registrationService;
$this->loginService = $loginService;
} }
/** /**
@ -87,7 +76,8 @@ class RegisterController extends Controller
'name' => ['required', 'min:2', 'max:100'], 'name' => ['required', 'min:2', 'max:100'],
'email' => ['required', 'email', 'max:255', 'unique:users'], 'email' => ['required', 'email', 'max:255', 'unique:users'],
'password' => ['required', Password::default()], 'password' => ['required', Password::default()],
'username' => ['prohibited'], // this is a honeypot for bots that must not be filled in // Basic honey for bots that must not be filled in
'username' => ['prohibited'],
]); ]);
} }
} }

3
resources/views/auth/register.blade.php
View File

@ -13,8 +13,9 @@
<form action="{{ url("/register") }}" method="POST" class="mt-l stretch-inputs"> <form action="{{ url("/register") }}" method="POST" class="mt-l stretch-inputs">
{!! csrf_field() !!} {!! csrf_field() !!}
{{-- Simple honeypot field --}}
<div class="form-group ambrosia-container" aria-hidden="true"> <div class="form-group ambrosia-container" aria-hidden="true">
<label for="name">{{ trans('auth.name') }}</label> <label for="username">{{ trans('auth.name') }}</label>
@include('form.text', ['name' => 'username']) @include('form.text', ['name' => 'username'])
</div> </div>

19
tests/Auth/RegistrationTest.php
View File

@ -184,4 +184,23 @@ class RegistrationTest extends TestCase
$resp->assertSee('The email must be a valid email address.'); $resp->assertSee('The email must be a valid email address.');
$resp->assertSee('The password must be at least 8 characters.'); $resp->assertSee('The password must be at least 8 characters.');
} }
public function test_registration_simple_honeypot_active()
{
$this->setSettings(['registration-enabled' => 'true']);
$resp = $this->get('/register');
$this->withHtml($resp)->assertElementExists('form input[name="username"]');
$resp = $this->post('/register', [
'name' => 'Barry',
'email' => 'barrybot@example.com',
'password' => 'barryIsTheBestBot',
'username' => 'MyUsername'
]);
$resp->assertRedirect('/register');
$resp = $this->followRedirects($resp);
$this->withHtml($resp)->assertElementExists('form input[name="username"].text-neg');
}
} }