[Git][noosfero/noosfero][master] 2 commits: adding captcha for users registration

Thu Oct 18 11:47:05 BRT 2018

Rodrigo Souto pushed to branch master at Noosfero / noosfero


Commits:
f9d161ea by Leandro Nunes dos Santos at 2018-10-18T13:36:14Z
adding captcha for users registration

- - - - -
65214e3f by Rodrigo Souto at 2018-10-18T14:46:59Z
Merge branch 'require-captcha-on-users-registration' into 'master'

adding captcha for users registration

See merge request noosfero/noosfero!1630
- - - - -


5 changed files:

- app/api/entities.rb
- app/api/helpers.rb
- app/api/v1/session.rb
- app/models/user.rb
- test/api/environment_test.rb


Changes:

=====================================
app/api/entities.rb
=====================================
@@ -111,7 +111,7 @@ module Api
       expose :blocks, :using => Block do |box, options|
         box.blocks.select {|block| block.visible_to_user?(options[:current_person]) || block.allow_edit?(options[:current_person]) }
       end
-   end
+    end
 
     class Profile < Entity
       expose :identifier, :name, :id
@@ -315,6 +315,12 @@ module Api
       expose :layout_template
       expose :signup_intro
       expose :terms_of_use
+      expose :captcha_site_key do |environment, options|
+        Recaptcha.configuration.site_key
+      end
+      expose :captcha_signup_enable do |environment, options|
+        environment.require_captcha?(:signup, nil, environment)
+      end
       expose :top_url, as: :host, :if => lambda {|instance, options| Entities.expose_optional_field?(:host, options)}
       expose :type do |environment, options|
         "Environment"


=====================================
app/api/helpers.rb
=====================================
@@ -13,6 +13,7 @@ module Api
     include Noosfero::Plugin::HotSpot
     include ForgotPasswordHelper
     include SearchTermHelper
+    include Recaptcha::Verify
 
     def set_locale
       I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')


=====================================
app/api/v1/session.rb
=====================================
@@ -67,16 +67,23 @@ module Api
       end
 
       post "/register" do
-        attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
+        attrs = attributes_for_keys [:email, :login, :password, :password_confirmation, :captcha] + environment.signup_person_fields
         name = params[:name].present? ? params[:name] : attrs[:email]
         attrs[:password_confirmation] = attrs[:password] if !attrs.has_key?(:password_confirmation)
         user = User.new(attrs.merge(:name => name))
 
         begin
+          if !verify_recaptcha(model: user, attribute: :captcha, secret_key: Recaptcha.configuration.secret_key, response: user.captcha)
+            raise ArgumentError.new("Invalid Captcha")
+          end
+
           user.signup!
           user.generate_private_token! if user.activated?
+          
           present user, :with => Entities::UserLogin, :current_person => user.person
-        rescue ActiveRecord::RecordInvalid
+        rescue ActiveRecord::RecordInvalid 
+          render_model_errors!(user.errors)
+        rescue ArgumentError
           render_model_errors!(user.errors)
         end
       end


=====================================
app/models/user.rb
=====================================
@@ -12,7 +12,7 @@ class User < ApplicationRecord
   SHORT_ACTIVATION_CODE_SIZE = 6
 
   attr_accessible :login, :email, :password, :password_confirmation, :activated_at
-
+  attr_accessor :captcha
   store_accessor :metadata
   metadata_items :short_activation_code
 


=====================================
test/api/environment_test.rb
=====================================
@@ -6,6 +6,18 @@ class EnvironmentTest < ActiveSupport::TestCase
     create_and_activate_user
   end
 
+  ENVIRONMENT_ATTRIBUTES = %w(name id description layout_template signup_intro terms_of_use captcha_site_key captcha_signup_enable)
+  ENVIRONMENT_ATTRIBUTES.map do |attribute|
+    define_method "test_should_expose_#{attribute}_attribute_in_environment_enpoint" do
+      login_api
+      environment = Environment.default
+      get "/api/v1/environments/default?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert json.key?(attribute)
+    end
+  end
+
+
   should 'display host if optional_fields is passed as parameter' do
     environment = Environment.default
 



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/cdf2e6e3240f3dd78577298b663868a8583086df...65214e3fbab952ffac01c0ba86264b1e3ad3d1d2

-- 
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/cdf2e6e3240f3dd78577298b663868a8583086df...65214e3fbab952ffac01c0ba86264b1e3ad3d1d2
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20181018/f6a27517/attachment-0001.html>
