diff options
| author | Alex Buijs <abuijs@gitlab.com> | 2019-08-14 14:05:24 +0200 |
|---|---|---|
| committer | Alex Buijs <abuijs@gitlab.com> | 2019-08-14 14:05:24 +0200 |
| commit | cdbe66490fe9d4d664562ee21e4b1be28298b411 (patch) | |
| tree | 9387e19df35bcb8f15f3ecc33c31f511c66f3e0f /app | |
| parent | a8da0de528f3a522c6d77b92ca5621c63ae9a69a (diff) | |
| download | gitlab-ce-cdbe66490fe9d4d664562ee21e4b1be28298b411.tar.gz | |
Add logging and counter for invisible captcha46548-open-source-alternative-to-recaptcha-for-gitlab-com-registration
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/concerns/invisible_captcha.rb | 51 | ||||
| -rw-r--r-- | app/controllers/registrations_controller.rb | 8 |
2 files changed, 52 insertions, 7 deletions
diff --git a/app/controllers/concerns/invisible_captcha.rb b/app/controllers/concerns/invisible_captcha.rb new file mode 100644 index 00000000000..c9f66e5c194 --- /dev/null +++ b/app/controllers/concerns/invisible_captcha.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +module InvisibleCaptcha + extend ActiveSupport::Concern + + included do + invisible_captcha only: :create, on_spam: :on_honeypot_spam_callback, on_timestamp_spam: :on_timestamp_spam_callback + end + + def on_honeypot_spam_callback + return unless Feature.enabled?(:invisible_captcha) + + invisible_captcha_honeypot_counter.increment + log_request('Invisible_Captcha_Honeypot_Request') + + head(200) + end + + def on_timestamp_spam_callback + return unless Feature.enabled?(:invisible_captcha) + + invisible_captcha_timestamp_counter.increment + log_request('Invisible_Captcha_Timestamp_Request') + + redirect_to new_user_session_path, alert: InvisibleCaptcha.timestamp_error_message + end + + def invisible_captcha_honeypot_counter + @invisible_captcha_honeypot_counter ||= + Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_honeypot, + 'Counter of blocked sign up attempts with filled honeypot') + end + + def invisible_captcha_timestamp_counter + @invisible_captcha_timestamp_counter ||= + Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_timestamp, + 'Counter of blocked sign up attempts with invalid timestamp') + end + + def log_request(message) + request_information = { + message: message, + env: :invisible_captcha_signup_bot_detected, + ip: request.ip, + request_method: request.request_method, + fullpath: request.fullpath + } + + Gitlab::AuthLogger.error(request_information) + end +end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 33e7ca061d3..db10515c0b4 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -4,9 +4,9 @@ class RegistrationsController < Devise::RegistrationsController include Recaptcha::Verify include AcceptsPendingInvitations include RecaptchaExperimentHelper + include InvisibleCaptcha prepend_before_action :check_captcha, only: :create - invisible_captcha only: :create, on_timestamp_spam: :on_timestamp_spam_callback before_action :whitelist_query_limiting, only: [:destroy] before_action :ensure_terms_accepted, if: -> { action_name == 'create' && Gitlab::CurrentSettings.current_application_settings.enforce_terms? } @@ -135,10 +135,4 @@ class RegistrationsController < Devise::RegistrationsController def terms_accepted? Gitlab::Utils.to_boolean(params[:terms_opt_in]) end - - def on_timestamp_spam_callback - return unless Feature.enabled?(:invisible_captcha) - - redirect_to new_user_session_path, alert: InvisibleCaptcha.timestamp_error_message - end end |