Commit 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee
1 parent
26873359
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
API can be disabled by config/noosfero.yml api_captcha_enabled: false
Showing
3 changed files
with
89 additions
and
36 deletions
Show diff stats
config/noosfero.yml.dist
| ... | ... | @@ -11,21 +11,38 @@ development: |
| 11 | 11 | max_upload_size: 5MB |
| 12 | 12 | hours_until_user_activation_check: 72 |
| 13 | 13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? |
| 14 | + | |
| 15 | +#Google Recaptcha setup | |
| 16 | + api_captcha_enabled: true | |
| 14 | 17 | #noosfero.com |
| 15 | 18 | api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' |
| 16 | 19 | #noosfero.com |
| 17 | 20 | api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' |
| 18 | 21 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
| 19 | 22 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
| 23 | +# version 1 or 2 | |
| 24 | + api_captcha_version: 1 | |
| 20 | 25 | |
| 21 | 26 | test: |
| 27 | +#Google Recaptcha setup | |
| 28 | + api_captcha_enabled: false | |
| 29 | +#noosfero.com | |
| 30 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 31 | +#noosfero.com | |
| 32 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 33 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 34 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 35 | +# version 1 or 2 | |
| 36 | + api_captcha_version: 1 | |
| 22 | 37 | |
| 23 | 38 | production: |
| 39 | +#Google Recaptcha setup | |
| 40 | + api_captcha_enabled: true | |
| 24 | 41 | #dialoga |
| 25 | 42 | api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' |
| 26 | 43 | #dialoga |
| 27 | 44 | api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' |
| 28 | 45 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
| 29 | 46 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
| 30 | - | |
| 31 | - | |
| 32 | 47 | \ No newline at end of file |
| 48 | + # version 1 or 2 | |
| 49 | + api_captcha_version: 1 | ... | ... |
lib/noosfero/api/helpers.rb
| 1 | -module Noosfero | |
| 2 | - module API | |
| 3 | - module APIHelpers | |
| 1 | + module Noosfero | |
| 2 | + module API | |
| 3 | + module APIHelpers | |
| 4 | 4 | PRIVATE_TOKEN_PARAM = :private_token |
| 5 | 5 | ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] |
| 6 | 6 | |
| ... | ... | @@ -113,20 +113,6 @@ module Noosfero |
| 113 | 113 | attrs |
| 114 | 114 | end |
| 115 | 115 | |
| 116 | - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) | |
| 117 | - verify_hash = { | |
| 118 | - "secret" => private_key, | |
| 119 | - "remoteip" => remote_ip, | |
| 120 | - "response" => g_recaptcha_response | |
| 121 | - } | |
| 122 | - uri = URI(api_recaptcha_verify_uri) | |
| 123 | - https = Net::HTTP.new(uri.host, uri.port) | |
| 124 | - https.use_ssl = true | |
| 125 | - request = Net::HTTP::Post.new(uri.path) | |
| 126 | - request.set_form_data(verify_hash) | |
| 127 | - captcha_result = JSON.parse(https.request(request).body) | |
| 128 | - captcha_result["success"] ? true : captcha_result | |
| 129 | - end | |
| 130 | 116 | |
| 131 | 117 | ########################################## |
| 132 | 118 | # error helpers # |
| ... | ... | @@ -217,7 +203,47 @@ module Noosfero |
| 217 | 203 | begin_period..end_period |
| 218 | 204 | end |
| 219 | 205 | |
| 220 | - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) | |
| 206 | + ########################################## | |
| 207 | + # captcha_helpers # | |
| 208 | + ########################################## | |
| 209 | + | |
| 210 | + def test_captcha(remote_ip, params) | |
| 211 | + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true | |
| 212 | + | |
| 213 | + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
| 214 | + if private_key == nil | |
| 215 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" | |
| 216 | + end | |
| 217 | + | |
| 218 | + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] | |
| 219 | + unless api_captcha_version == 1 || api_captcha_version == 2 | |
| 220 | + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" | |
| 221 | + end | |
| 222 | + | |
| 223 | + if api_captcha_version == 1 | |
| 224 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
| 225 | + if api_recaptcha_verify_uri == nil | |
| 226 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" | |
| 227 | + end | |
| 228 | + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) | |
| 229 | + end | |
| 230 | + | |
| 231 | + if api_captcha_version == 2 | |
| 232 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] | |
| 233 | + if api_recaptcha_verify_uri == nil | |
| 234 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" | |
| 235 | + end | |
| 236 | + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) | |
| 237 | + end | |
| 238 | + | |
| 239 | + end | |
| 240 | + | |
| 241 | + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) | |
| 242 | + | |
| 243 | + if recaptcha_challenge_field == nil || recaptcha_response_field == nil | |
| 244 | + return _('Missing captcha data') | |
| 245 | + end | |
| 246 | + | |
| 221 | 247 | verify_hash = { |
| 222 | 248 | "privatekey" => private_key, |
| 223 | 249 | "remoteip" => remote_ip, |
| ... | ... | @@ -233,6 +259,26 @@ module Noosfero |
| 233 | 259 | body == "true\nsuccess" ? true : body |
| 234 | 260 | end |
| 235 | 261 | |
| 262 | + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) | |
| 263 | + | |
| 264 | + if g_recaptcha_response == nil | |
| 265 | + return _('Missing captcha data') | |
| 266 | + end | |
| 267 | + | |
| 268 | + verify_hash = { | |
| 269 | + "secret" => private_key, | |
| 270 | + "remoteip" => remote_ip, | |
| 271 | + "response" => g_recaptcha_response | |
| 272 | + } | |
| 273 | + uri = URI(api_recaptcha_verify_uri) | |
| 274 | + https = Net::HTTP.new(uri.host, uri.port) | |
| 275 | + https.use_ssl = true | |
| 276 | + request = Net::HTTP::Post.new(uri.path) | |
| 277 | + request.set_form_data(verify_hash) | |
| 278 | + captcha_result = JSON.parse(https.request(request).body) | |
| 279 | + captcha_result["success"] ? true : captcha_result | |
| 280 | + end | |
| 281 | + | |
| 236 | 282 | end |
| 237 | 283 | end |
| 238 | 284 | end | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -34,28 +34,18 @@ module Noosfero |
| 34 | 34 | requires :email, type: String, desc: _("Email") |
| 35 | 35 | requires :login, type: String, desc: _("Login") |
| 36 | 36 | requires :password, type: String, desc: _("Password") |
| 37 | + requires :password_confirmation, type: String, desc: _("Password confirmation") | |
| 37 | 38 | end |
| 38 | 39 | post "/register" do |
| 39 | 40 | unique_attributes! User, [:email, :login] |
| 40 | - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields | |
| 41 | - attrs[:password_confirmation] = attrs[:password] | |
| 41 | + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields | |
| 42 | 42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) |
| 43 | - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
| 44 | - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
| 45 | - # TODO: FIX THAT | |
| 46 | - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers | |
| 47 | - # Leave with the full namespace otherwise the stub for the test will fail | |
| 48 | - begin | |
| 49 | - # This will run from test | |
| 50 | - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 51 | - rescue NoMethodError | |
| 52 | - # Normal execution | |
| 53 | - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 54 | - end | |
| 55 | - unless captcha_result === true | |
| 56 | - render_api_error!(_('Please solve the test in order to register.'), 400) | |
| 43 | + | |
| 44 | + unless test_captcha(remote_ip, params) === true | |
| 45 | + render_api_error!(_('Please solve the test in order to register.'), 401) | |
| 57 | 46 | return |
| 58 | 47 | end |
| 48 | + | |
| 59 | 49 | user = User.new(attrs) |
| 60 | 50 | if user.save |
| 61 | 51 | user.activate | ... | ... |