hp is a valid username and we should not prevent users from registering it.
Do we still need the stubs here?
Is there a reason we moved the methods to
ApplicationController instead of
Aside from some minor comments, the PR looks good.
Problem is that this is shared between SessionController and UsersController. In UsersController we check value before account is activated:
def honeypot_or_challenge_fails?(params) return false if is_api? params[:password_confirmation] != honeypot_value || params[:challenge] != challenge_value.try(:reverse) end
yes, SessionController is setting honeypot_value and challenge_value, and UsersController is checking that values are correct