users: move sockpuppet detection from model to controller.

app/models/user.rb

@@ -78,7 +78,6 @@ class User < ApplicationRecord
   validates_inclusion_of :per_page, in: (1..PostSets::Post::MAX_PER_PAGE)
   validates_confirmation_of :password
   validates_presence_of :comment_threshold
-  validate :validate_sock_puppets, :on => :create, :if => -> { Danbooru.config.enable_sock_puppet_validation? }
   before_validation :normalize_blacklisted_tags
   before_create :promote_to_admin_if_first_user
   before_create :customize_new_user
@@ -623,14 +622,6 @@ class User < ApplicationRecord
     end
   end
 
-  concerning :SockPuppetMethods do
-    def validate_sock_puppets
-      if User.where(last_ip_addr: CurrentUser.ip_addr).where("created_at > ?", 1.day.ago).exists?
-        errors.add(:last_ip_addr, "was used recently for another account and cannot be reused for another day")
-      end
-    end
-  end
-
   include BanMethods
   include PasswordMethods
   include AuthenticationMethods

app/policies/user_policy.rb

@@ -1,6 +1,6 @@
 class UserPolicy < ApplicationPolicy
   def create?
-    true
+    !sockpuppet?
   end
 
   def update?
@@ -27,6 +27,10 @@ class UserPolicy < ApplicationPolicy
     user.is_admin? || record.id == user.id || !record.enable_private_favorites?
   end
 
+  def sockpuppet?
+    User.where(last_ip_addr: request.remote_ip).where("created_at > ?", 1.day.ago).exists?
+  end
+
   def permitted_attributes_for_create
     [:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
   end