Commit 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee

Authored by Evandro Junior
1 parent 26873359

API can be disabled by config/noosfero.yml api_captcha_enabled: false

config/noosfero.yml.dist
... ... @@ -11,21 +11,38 @@ development:
11 11 max_upload_size: 5MB
12 12 hours_until_user_activation_check: 72
13 13 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)?
  14 +
  15 +#Google Recaptcha setup
  16 + api_captcha_enabled: true
14 17 #noosfero.com
15 18 api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
16 19 #noosfero.com
17 20 api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
18 21 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
19 22 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  23 +# version 1 or 2
  24 + api_captcha_version: 1
20 25  
21 26 test:
  27 +#Google Recaptcha setup
  28 + api_captcha_enabled: false
  29 +#noosfero.com
  30 + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
  31 +#noosfero.com
  32 + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
  33 + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
  34 + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  35 +# version 1 or 2
  36 + api_captcha_version: 1
22 37  
23 38 production:
  39 +#Google Recaptcha setup
  40 + api_captcha_enabled: true
24 41 #dialoga
25 42 api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i'
26 43 #dialoga
27 44 api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-'
28 45 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
29 46 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
30   -
31   -
32 47 \ No newline at end of file
  48 + # version 1 or 2
  49 + api_captcha_version: 1
... ...
lib/noosfero/api/helpers.rb
1   -module Noosfero
2   - module API
3   - module APIHelpers
  1 + module Noosfero
  2 + module API
  3 + module APIHelpers
4 4 PRIVATE_TOKEN_PARAM = :private_token
5 5 ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
6 6  
... ... @@ -113,20 +113,6 @@ module Noosfero
113 113 attrs
114 114 end
115 115  
116   - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri)
117   - verify_hash = {
118   - "secret" => private_key,
119   - "remoteip" => remote_ip,
120   - "response" => g_recaptcha_response
121   - }
122   - uri = URI(api_recaptcha_verify_uri)
123   - https = Net::HTTP.new(uri.host, uri.port)
124   - https.use_ssl = true
125   - request = Net::HTTP::Post.new(uri.path)
126   - request.set_form_data(verify_hash)
127   - captcha_result = JSON.parse(https.request(request).body)
128   - captcha_result["success"] ? true : captcha_result
129   - end
130 116  
131 117 ##########################################
132 118 # error helpers #
... ... @@ -217,7 +203,47 @@ module Noosfero
217 203 begin_period..end_period
218 204 end
219 205  
220   - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri)
  206 + ##########################################
  207 + # captcha_helpers #
  208 + ##########################################
  209 +
  210 + def test_captcha(remote_ip, params)
  211 + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true
  212 +
  213 + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']
  214 + if private_key == nil
  215 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined"
  216 + end
  217 +
  218 + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version']
  219 + unless api_captcha_version == 1 || api_captcha_version == 2
  220 + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined"
  221 + end
  222 +
  223 + if api_captcha_version == 1
  224 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri']
  225 + if api_recaptcha_verify_uri == nil
  226 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined"
  227 + end
  228 + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field])
  229 + end
  230 +
  231 + if api_captcha_version == 2
  232 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri']
  233 + if api_recaptcha_verify_uri == nil
  234 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined"
  235 + end
  236 + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response])
  237 + end
  238 +
  239 + end
  240 +
  241 + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)
  242 +
  243 + if recaptcha_challenge_field == nil || recaptcha_response_field == nil
  244 + return _('Missing captcha data')
  245 + end
  246 +
221 247 verify_hash = {
222 248 "privatekey" => private_key,
223 249 "remoteip" => remote_ip,
... ... @@ -233,6 +259,26 @@ module Noosfero
233 259 body == "true\nsuccess" ? true : body
234 260 end
235 261  
  262 + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)
  263 +
  264 + if g_recaptcha_response == nil
  265 + return _('Missing captcha data')
  266 + end
  267 +
  268 + verify_hash = {
  269 + "secret" => private_key,
  270 + "remoteip" => remote_ip,
  271 + "response" => g_recaptcha_response
  272 + }
  273 + uri = URI(api_recaptcha_verify_uri)
  274 + https = Net::HTTP.new(uri.host, uri.port)
  275 + https.use_ssl = true
  276 + request = Net::HTTP::Post.new(uri.path)
  277 + request.set_form_data(verify_hash)
  278 + captcha_result = JSON.parse(https.request(request).body)
  279 + captcha_result["success"] ? true : captcha_result
  280 + end
  281 +
236 282 end
237 283 end
238 284 end
... ...
lib/noosfero/api/session.rb
... ... @@ -34,28 +34,18 @@ module Noosfero
34 34 requires :email, type: String, desc: _("Email")
35 35 requires :login, type: String, desc: _("Login")
36 36 requires :password, type: String, desc: _("Password")
  37 + requires :password_confirmation, type: String, desc: _("Password confirmation")
37 38 end
38 39 post "/register" do
39 40 unique_attributes! User, [:email, :login]
40   - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields
41   - attrs[:password_confirmation] = attrs[:password]
  41 + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
42 42 remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
43   - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']
44   - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri']
45   - # TODO: FIX THAT
46   - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers
47   - # Leave with the full namespace otherwise the stub for the test will fail
48   - begin
49   - # This will run from test
50   - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri)
51   - rescue NoMethodError
52   - # Normal execution
53   - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri)
54   - end
55   - unless captcha_result === true
56   - render_api_error!(_('Please solve the test in order to register.'), 400)
  43 +
  44 + unless test_captcha(remote_ip, params) === true
  45 + render_api_error!(_('Please solve the test in order to register.'), 401)
57 46 return
58 47 end
  48 +
59 49 user = User.new(attrs)
60 50 if user.save
61 51 user.activate
... ...