Roundup Tracker - Issues

Issue 2550919

Title: Anti-bot signup using 4 second delay
Type: rfe Severity: normal
Components: Web interface Versions:
Status: fixed Resolution: fixed
Dependencies: Superseder:
Assigned To: rouilj Nosy List: rouilj
Priority: normal Keywords: Effort-Medium, patch, python2, python3

Created on 2016-07-06 01:27 by rouilj, last changed 2019-11-09 05:44 by rouilj.

msg5764 Author: [hidden] (rouilj) Date: 2016-07-06 01:27

there is a patch for registration that requires a delay of at least 4
seconds between the time the form was generated and the time
the form was returned.

This is designed to catch fill-in attempts by bots.

Do we want to adopt this patch? Perhaps setting the delay time as a
config file parameter?

This seems to have worked well for them based on:
(old comments but...)
msg6806 Author: [hidden] (rouilj) Date: 2019-11-09 05:36
Took the patch and adapted it to core. Both python 2 and 3 tests pass.
The original code wasn't catching exceptions that can come from 
somebody hacking the opaque token. I think I am catching them all now.

Make the hidden field name different from Erik's code so in theory
both can live together.

Added registration_delay option in [web] section of config.ini. If set
to 0 delay check is disabled. If set > 0 it is the number of seconds of 
delay. Default 4 seconds.

rev5973:fe334430ca07 for most of it with rev5974:98a8509ce45c
msg6807 Author: [hidden] (rouilj) Date: 2019-11-09 05:44
and rev5975:59842a3e8108 for the last component I hope.
Date User Action Args
2019-11-09 05:44:29rouiljsetmessages: + msg6807
2019-11-09 05:36:56rouiljsetkeywords: + Effort-Medium, python3, python2, - Effort-Low
assignee: rouilj
messages: + msg6806
status: new -> fixed
resolution: fixed
2016-07-06 01:27:37rouiljcreate