mirror of
https://github.com/discourse/discourse.git
synced 2024-11-24 13:38:49 +08:00
d5d8db7fa8
This feature amends it so instead of using one challenge and honeypot statically per site we have a rotating honeypot and challenge value which changes every hour. This means you must grab a fresh copy of honeypot and challenge value once an hour or account registration will be rejected. We also now cycle the value of the challenge when after successful account registration forcing an extra call to hp.json between account registrations Client has been made aware of these changes. Additionally this contains a JavaScript workaround for: https://bugs.chromium.org/p/chromium/issues/detail?id=987293 This is client side code that is specific to Chrome user agent and swaps a PASSWORD type honeypot with a TEXT type honeypot.
42 lines
747 B
Ruby
42 lines
747 B
Ruby
# frozen_string_literal: true
|
|
|
|
# session that is not stored in cookie, expires after 1.hour unconditionally
|
|
class SecureSession
|
|
def initialize(prefix)
|
|
@prefix = prefix
|
|
end
|
|
|
|
def self.expiry
|
|
@expiry ||= 1.hour.to_i
|
|
end
|
|
|
|
def self.expiry=(val)
|
|
@expiry = val
|
|
end
|
|
|
|
def set(key, val, expires: nil)
|
|
expires ||= SecureSession.expiry
|
|
$redis.setex(prefixed_key(key), SecureSession.expiry.to_i, val.to_s)
|
|
true
|
|
end
|
|
|
|
def [](key)
|
|
$redis.get(prefixed_key(key))
|
|
end
|
|
|
|
def []=(key, val)
|
|
if val == nil
|
|
$redis.del(prefixed_key(key))
|
|
else
|
|
$redis.setex(prefixed_key(key), SecureSession.expiry.to_i, val.to_s)
|
|
end
|
|
val
|
|
end
|
|
|
|
private
|
|
|
|
def prefixed_key(key)
|
|
"#{@prefix}#{key}"
|
|
end
|
|
end
|