Commit 13a3feca6954939223fdda4ef5b06c7f1bac8e44
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Merge branch 'api' into 'production'
Adds captcha for api Adds captcha for api See merge request !8
Showing
4 changed files
with
37 additions
and
26 deletions
Show diff stats
config/noosfero.yml.dist
| ... | ... | @@ -11,14 +11,21 @@ development: |
| 11 | 11 | max_upload_size: 5MB |
| 12 | 12 | hours_until_user_activation_check: 72 |
| 13 | 13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? |
| 14 | - api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 15 | - api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 16 | - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 14 | +#noosfero.com | |
| 15 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 16 | +#noosfero.com | |
| 17 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 18 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 19 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 17 | 20 | |
| 18 | 21 | test: |
| 19 | 22 | |
| 20 | 23 | production: |
| 21 | - api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' | |
| 22 | - api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' | |
| 23 | - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 24 | +#dialoga | |
| 25 | + api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' | |
| 26 | +#dialoga | |
| 27 | + api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' | |
| 28 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 29 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 30 | + | |
| 24 | 31 | |
| 25 | 32 | \ No newline at end of file | ... | ... |
lib/noosfero/api/helpers.rb
| ... | ... | @@ -114,7 +114,6 @@ module Noosfero |
| 114 | 114 | end |
| 115 | 115 | |
| 116 | 116 | def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) |
| 117 | - binding.pry | |
| 118 | 117 | verify_hash = { |
| 119 | 118 | "secret" => private_key, |
| 120 | 119 | "remoteip" => remote_ip, |
| ... | ... | @@ -125,7 +124,8 @@ module Noosfero |
| 125 | 124 | https.use_ssl = true |
| 126 | 125 | request = Net::HTTP::Post.new(uri.path) |
| 127 | 126 | request.set_form_data(verify_hash) |
| 128 | - JSON.parse(https.request(request).body) | |
| 127 | + captcha_result = JSON.parse(https.request(request).body) | |
| 128 | + captcha_result["success"] ? true : captcha_result | |
| 129 | 129 | end |
| 130 | 130 | |
| 131 | 131 | ########################################## |
| ... | ... | @@ -218,7 +218,6 @@ module Noosfero |
| 218 | 218 | end |
| 219 | 219 | |
| 220 | 220 | def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) |
| 221 | - binding.pry | |
| 222 | 221 | verify_hash = { |
| 223 | 222 | "privatekey" => private_key, |
| 224 | 223 | "remoteip" => remote_ip, |
| ... | ... | @@ -230,11 +229,8 @@ module Noosfero |
| 230 | 229 | https.use_ssl = true |
| 231 | 230 | request = Net::HTTP::Post.new(uri.path) |
| 232 | 231 | request.set_form_data(verify_hash) |
| 233 | - if https.request(request).body == "true\nsuccess" | |
| 234 | - captcha_result["success"]=true | |
| 235 | - else | |
| 236 | - captcha_result["success"]=false | |
| 237 | - end | |
| 232 | + body = https.request(request).body | |
| 233 | + body == "true\nsuccess" ? true : body | |
| 238 | 234 | end |
| 239 | 235 | |
| 240 | 236 | end | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -36,23 +36,28 @@ module Noosfero |
| 36 | 36 | requires :password, type: String, desc: _("Password") |
| 37 | 37 | end |
| 38 | 38 | post "/register" do |
| 39 | - binding.pry | |
| 40 | 39 | unique_attributes! User, [:email, :login] |
| 41 | 40 | attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields |
| 42 | 41 | attrs[:password_confirmation] = attrs[:password] |
| 43 | - | |
| 44 | 42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) |
| 45 | 43 | private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] |
| 46 | - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_verify_uri'] | |
| 47 | - | |
| 48 | -# "recaptcha_challenge_field" => "03AHJ_VutRW6eOgTKZyK-77J96k121W0fUHIEvThyCPtqG2FUPBWzidBOqptzk0poh_UkMNPxAd_m0CqUz1Dip-6uV_zlwlviaXXvymwCFXPaWuvvyUfZ3LvZy6M1CoPfbhOQZjTkf_VNjlVnCRuuJXmGy4MhhuJ8om1J_R2C_oIAfP3KbpmlqLXU5nLlE7WpW-h-OhRTQzupTo9UL-4-ZDRk1bMkCSEJnwYUomOboqFBEpJBv0iaOCaSnu9_UKObmWmpbQZSHxYK7", | |
| 49 | -# "recaptcha_response_field" => "1221" | |
| 50 | - | |
| 51 | - #captcha_result = verify_recaptcha_v2(remote_ip, params['g-recaptcha-response'], private_key, api_recaptcha_verify_uri) | |
| 52 | - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 53 | - binding.pry | |
| 54 | - user = User.new(attrs) | |
| 55 | - if captcha_result["success"] and user.save | |
| 44 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
| 45 | + # TODO: FIX THAT | |
| 46 | + # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers | |
| 47 | + # Leave with the full namespace otherwise the stub for the test will fail | |
| 48 | + begin | |
| 49 | + # This will run from test | |
| 50 | + captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 51 | + rescue NoMethodError | |
| 52 | + # Normal execution | |
| 53 | + captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 54 | + end | |
| 55 | + unless captcha_result === true | |
| 56 | + render_api_error!(_('Please solve the test in order to register.'), 400) | |
| 57 | + return | |
| 58 | + end | |
| 59 | + user = User.new(attrs) | |
| 60 | + if user.save | |
| 56 | 61 | user.activate |
| 57 | 62 | user.generate_private_token! |
| 58 | 63 | present user, :with => Entities::UserLogin | ... | ... |
test/unit/api/session_test.rb
| 1 | 1 | require File.dirname(__FILE__) + '/test_helper' |
| 2 | +require "#{Rails.root}/lib/noosfero/api/helpers.rb" | |
| 3 | +include Noosfero::API::APIHelpers | |
| 2 | 4 | |
| 3 | 5 | class SessionTest < ActiveSupport::TestCase |
| 4 | 6 | |
| 5 | 7 | def setup |
| 6 | 8 | login_api |
| 9 | + Noosfero::API::APIHelpers.stubs(:verify_recaptcha_v1).returns(true) | |
| 7 | 10 | end |
| 8 | 11 | |
| 9 | 12 | should 'generate private token when login' do | ... | ... |