Commit 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee
1 parent
26873359
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
API can be disabled by config/noosfero.yml api_captcha_enabled: false
Showing
3 changed files
with
89 additions
and
36 deletions
Show diff stats
config/noosfero.yml.dist
... | ... | @@ -11,21 +11,38 @@ development: |
11 | 11 | max_upload_size: 5MB |
12 | 12 | hours_until_user_activation_check: 72 |
13 | 13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? |
14 | + | |
15 | +#Google Recaptcha setup | |
16 | + api_captcha_enabled: true | |
14 | 17 | #noosfero.com |
15 | 18 | api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' |
16 | 19 | #noosfero.com |
17 | 20 | api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' |
18 | 21 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
19 | 22 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
23 | +# version 1 or 2 | |
24 | + api_captcha_version: 1 | |
20 | 25 | |
21 | 26 | test: |
27 | +#Google Recaptcha setup | |
28 | + api_captcha_enabled: false | |
29 | +#noosfero.com | |
30 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
31 | +#noosfero.com | |
32 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
33 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
34 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
35 | +# version 1 or 2 | |
36 | + api_captcha_version: 1 | |
22 | 37 | |
23 | 38 | production: |
39 | +#Google Recaptcha setup | |
40 | + api_captcha_enabled: true | |
24 | 41 | #dialoga |
25 | 42 | api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' |
26 | 43 | #dialoga |
27 | 44 | api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' |
28 | 45 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
29 | 46 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
30 | - | |
31 | - | |
32 | 47 | \ No newline at end of file |
48 | + # version 1 or 2 | |
49 | + api_captcha_version: 1 | ... | ... |
lib/noosfero/api/helpers.rb
1 | -module Noosfero | |
2 | - module API | |
3 | - module APIHelpers | |
1 | + module Noosfero | |
2 | + module API | |
3 | + module APIHelpers | |
4 | 4 | PRIVATE_TOKEN_PARAM = :private_token |
5 | 5 | ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] |
6 | 6 | |
... | ... | @@ -113,20 +113,6 @@ module Noosfero |
113 | 113 | attrs |
114 | 114 | end |
115 | 115 | |
116 | - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) | |
117 | - verify_hash = { | |
118 | - "secret" => private_key, | |
119 | - "remoteip" => remote_ip, | |
120 | - "response" => g_recaptcha_response | |
121 | - } | |
122 | - uri = URI(api_recaptcha_verify_uri) | |
123 | - https = Net::HTTP.new(uri.host, uri.port) | |
124 | - https.use_ssl = true | |
125 | - request = Net::HTTP::Post.new(uri.path) | |
126 | - request.set_form_data(verify_hash) | |
127 | - captcha_result = JSON.parse(https.request(request).body) | |
128 | - captcha_result["success"] ? true : captcha_result | |
129 | - end | |
130 | 116 | |
131 | 117 | ########################################## |
132 | 118 | # error helpers # |
... | ... | @@ -217,7 +203,47 @@ module Noosfero |
217 | 203 | begin_period..end_period |
218 | 204 | end |
219 | 205 | |
220 | - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) | |
206 | + ########################################## | |
207 | + # captcha_helpers # | |
208 | + ########################################## | |
209 | + | |
210 | + def test_captcha(remote_ip, params) | |
211 | + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true | |
212 | + | |
213 | + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
214 | + if private_key == nil | |
215 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" | |
216 | + end | |
217 | + | |
218 | + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] | |
219 | + unless api_captcha_version == 1 || api_captcha_version == 2 | |
220 | + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" | |
221 | + end | |
222 | + | |
223 | + if api_captcha_version == 1 | |
224 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
225 | + if api_recaptcha_verify_uri == nil | |
226 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" | |
227 | + end | |
228 | + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) | |
229 | + end | |
230 | + | |
231 | + if api_captcha_version == 2 | |
232 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] | |
233 | + if api_recaptcha_verify_uri == nil | |
234 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" | |
235 | + end | |
236 | + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) | |
237 | + end | |
238 | + | |
239 | + end | |
240 | + | |
241 | + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) | |
242 | + | |
243 | + if recaptcha_challenge_field == nil || recaptcha_response_field == nil | |
244 | + return _('Missing captcha data') | |
245 | + end | |
246 | + | |
221 | 247 | verify_hash = { |
222 | 248 | "privatekey" => private_key, |
223 | 249 | "remoteip" => remote_ip, |
... | ... | @@ -233,6 +259,26 @@ module Noosfero |
233 | 259 | body == "true\nsuccess" ? true : body |
234 | 260 | end |
235 | 261 | |
262 | + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) | |
263 | + | |
264 | + if g_recaptcha_response == nil | |
265 | + return _('Missing captcha data') | |
266 | + end | |
267 | + | |
268 | + verify_hash = { | |
269 | + "secret" => private_key, | |
270 | + "remoteip" => remote_ip, | |
271 | + "response" => g_recaptcha_response | |
272 | + } | |
273 | + uri = URI(api_recaptcha_verify_uri) | |
274 | + https = Net::HTTP.new(uri.host, uri.port) | |
275 | + https.use_ssl = true | |
276 | + request = Net::HTTP::Post.new(uri.path) | |
277 | + request.set_form_data(verify_hash) | |
278 | + captcha_result = JSON.parse(https.request(request).body) | |
279 | + captcha_result["success"] ? true : captcha_result | |
280 | + end | |
281 | + | |
236 | 282 | end |
237 | 283 | end |
238 | 284 | end | ... | ... |
lib/noosfero/api/session.rb
... | ... | @@ -34,28 +34,18 @@ module Noosfero |
34 | 34 | requires :email, type: String, desc: _("Email") |
35 | 35 | requires :login, type: String, desc: _("Login") |
36 | 36 | requires :password, type: String, desc: _("Password") |
37 | + requires :password_confirmation, type: String, desc: _("Password confirmation") | |
37 | 38 | end |
38 | 39 | post "/register" do |
39 | 40 | unique_attributes! User, [:email, :login] |
40 | - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields | |
41 | - attrs[:password_confirmation] = attrs[:password] | |
41 | + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields | |
42 | 42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) |
43 | - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
44 | - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
45 | - # TODO: FIX THAT | |
46 | - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers | |
47 | - # Leave with the full namespace otherwise the stub for the test will fail | |
48 | - begin | |
49 | - # This will run from test | |
50 | - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
51 | - rescue NoMethodError | |
52 | - # Normal execution | |
53 | - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
54 | - end | |
55 | - unless captcha_result === true | |
56 | - render_api_error!(_('Please solve the test in order to register.'), 400) | |
43 | + | |
44 | + unless test_captcha(remote_ip, params) === true | |
45 | + render_api_error!(_('Please solve the test in order to register.'), 401) | |
57 | 46 | return |
58 | 47 | end |
48 | + | |
59 | 49 | user = User.new(attrs) |
60 | 50 | if user.save |
61 | 51 | user.activate | ... | ... |