users: move sockpuppet detection from model to controller.

2020-03-24 18:41:27 -05:00
parent 50b0b79891
commit cbd713dea8
6 changed files with 7 additions and 37 deletions
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -1,6 +1,6 @@
 class UserPolicy < ApplicationPolicy
  def create?
-    true
+    !sockpuppet?
  end

  def update?
@@ -27,6 +27,10 @@ class UserPolicy < ApplicationPolicy
    user.is_admin? || record.id == user.id || !record.enable_private_favorites?
  end

+  def sockpuppet?
+    User.where(last_ip_addr: request.remote_ip).where("created_at > ?", 1.day.ago).exists?
+  end
+
  def permitted_attributes_for_create
    [:name, :password, :password_confirmation, { email_address_attributes: [:address] }]
  end