From c18bcf2b21b94990c55f001aadb6fc74cf756291 Mon Sep 17 00:00:00 2001
From: Developer <>
Date: Thu, 18 Feb 2021 21:35:09 -0500
Subject: [PATCH] Added check to RegistrationsController for checking if form
 was submitted too quickly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Added:
- check to RegistrationsController for checking if form was submitted too quickly
---
 app/controllers/auth/registrations_controller.rb | 11 +++++++++++
 config/locales/en.yml                            |  1 +
 2 files changed, 12 insertions(+)

diff --git a/app/controllers/auth/registrations_controller.rb b/app/controllers/auth/registrations_controller.rb
index ac749c57..91ed35a8 100644
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -9,6 +9,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   before_action :set_instance_presenter, only: [:new, :create, :update]
   before_action :set_body_classes, only: [:new, :create, :edit, :update]
   before_action :set_cache_headers, only: [:edit, :update]
+  prepend_before_action :check_form_submission_speed, only: [:create]
   prepend_before_action :check_if_password_email_identical, only: [:create]
   if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
     # captcha disabled if key not defined
@@ -67,6 +68,15 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
   private
 
+  def check_form_submission_speed
+    if session[:registration_form_time] > 10.seconds.ago
+      flash[:alert] = I18n.t('auth.too_fast')
+      respond_with_navigational(resource) {
+        redirect_to new_user_registration_path
+      }
+    end
+  end
+
   def check_if_password_email_identical
     if params[:user][:email] == params[:user][:password]
       flash[:alert] = "Your email cannot be your password. Please enter a new password."
@@ -98,6 +108,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
 
   def set_challenge_buster
     @challenge_buster = SecureRandom.hex
+    session[:registration_form_time] = Time.now.utc
   end
 
   def passed_challenge?(serverToken, userParams)
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6419638d..e710a9c3 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -572,6 +572,7 @@ en:
     reset_password: Reset password
     security: Security
     set_new_password: Set new password
+    too_fast: Form submitted too fast, try again.
     trouble_logging_in: Trouble logging in?
   authorize_follow:
     already_following: You are already following this account