BookStackApp
diff --git a/‎app/Access/Controllers/RegisterController.php‎
Lines changed: 5 additions & 15 deletions b/‎app/Access/Controllers/RegisterController.php‎
Lines changed: 5 additions & 15 deletions
diff --git a/‎resources/views/auth/register.blade.php‎
Lines changed: 2 additions & 1 deletion b/‎resources/views/auth/register.blade.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎tests/Auth/RegistrationTest.php‎
Lines changed: 19 additions & 0 deletions b/‎tests/Auth/RegistrationTest.php‎
Lines changed: 19 additions & 0 deletions
@@ -15,24 +15,13 @@
 
 class RegisterController extends Controller
 {
- protected SocialDriverManager $socialDriverManager;
- protected RegistrationService $registrationService;
- protected LoginService $loginService;
-
- /**
- * Create a new controller instance.
- */
  public function __construct(
- SocialDriverManager $socialDriverManager,
- RegistrationService $registrationService,
- LoginService $loginService
+ protected SocialDriverManager $socialDriverManager,
+ protected RegistrationService $registrationService,
+ protected LoginService $loginService
  ) {
  $this->middleware('guest');
  $this->middleware('guard:standard');
-
- $this->socialDriverManager = $socialDriverManager;
- $this->registrationService = $registrationService;
- $this->loginService = $loginService;
  }
 
  /**
@@ -87,7 +76,8 @@ protected function validator(array $data): ValidatorContract
  'name' => ['required', 'min:2', 'max:100'],
  'email' => ['required', 'email', 'max:255', 'unique:users'],
  'password' => ['required', Password::default()],
- 'username' => ['prohibited'], // this is a honeypot for bots that must not be filled in
+ // Basic honey for bots that must not be filled in
+ 'username' => ['prohibited'],
  ]);
  }
 }
@@ -13,8 +13,9 @@
  <form action="{{ url("/register") }}" method="POST" class="mt-l stretch-inputs">
  {!! csrf_field() !!}
 
+ {{-- Simple honeypot field --}}
  <div class="form-group ambrosia-container" aria-hidden="true">
- <label for="name">{{ trans('auth.name') }}</label>
+ <label for="username">{{ trans('auth.name') }}</label>
  @include('form.text', ['name' => 'username'])
  </div>
 
 
@@ -184,4 +184,23 @@ public function test_registration_validation()
  $resp->assertSee('The email must be a valid email address.');
  $resp->assertSee('The password must be at least 8 characters.');
  }
+
+ public function test_registration_simple_honeypot_active()
+ {
+ $this->setSettings(['registration-enabled' => 'true']);
+
+ $resp = $this->get('/register');
+ $this->withHtml($resp)->assertElementExists('form input[name="username"]');
+
+ $resp = $this->post('/register', [
+ 'name' => 'Barry',
+ 'email' => 'barrybot@example.com',
+ 'password' => 'barryIsTheBestBot',
+ 'username' => 'MyUsername'
+ ]);
+ $resp->assertRedirect('/register');
+
+ $resp = $this->followRedirects($resp);
+ $this->withHtml($resp)->assertElementExists('form input[name="username"].text-neg');
+ }
 }