From 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee Mon Sep 17 00:00:00 2001 From: Evandro Junior Date: Mon, 29 Jun 2015 16:42:24 -0300 Subject: [PATCH] API can be disabled by config/noosfero.yml api_captcha_enabled: false --- config/noosfero.yml.dist | 21 +++++++++++++++++++-- lib/noosfero/api/helpers.rb | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------ lib/noosfero/api/session.rb | 22 ++++++---------------- 3 files changed, 89 insertions(+), 36 deletions(-) diff --git a/config/noosfero.yml.dist b/config/noosfero.yml.dist index 4afea9f..6dc2ee0 100644 --- a/config/noosfero.yml.dist +++ b/config/noosfero.yml.dist @@ -11,21 +11,38 @@ development: max_upload_size: 5MB hours_until_user_activation_check: 72 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? + +#Google Recaptcha setup + api_captcha_enabled: true #noosfero.com api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' #noosfero.com api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' +# version 1 or 2 + api_captcha_version: 1 test: +#Google Recaptcha setup + api_captcha_enabled: false +#noosfero.com + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' +#noosfero.com + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' +# version 1 or 2 + api_captcha_version: 1 production: +#Google Recaptcha setup + api_captcha_enabled: true #dialoga api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' #dialoga api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' - - \ No newline at end of file + # version 1 or 2 + api_captcha_version: 1 diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 74cee5d..37b7dbf 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -1,6 +1,6 @@ -module Noosfero - module API - module APIHelpers + module Noosfero + module API + module APIHelpers PRIVATE_TOKEN_PARAM = :private_token ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] @@ -113,20 +113,6 @@ module Noosfero attrs end - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) - verify_hash = { - "secret" => private_key, - "remoteip" => remote_ip, - "response" => g_recaptcha_response - } - uri = URI(api_recaptcha_verify_uri) - https = Net::HTTP.new(uri.host, uri.port) - https.use_ssl = true - request = Net::HTTP::Post.new(uri.path) - request.set_form_data(verify_hash) - captcha_result = JSON.parse(https.request(request).body) - captcha_result["success"] ? true : captcha_result - end ########################################## # error helpers # @@ -217,7 +203,47 @@ module Noosfero begin_period..end_period end - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) + ########################################## + # captcha_helpers # + ########################################## + + def test_captcha(remote_ip, params) + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true + + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] + if private_key == nil + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" + end + + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] + unless api_captcha_version == 1 || api_captcha_version == 2 + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" + end + + if api_captcha_version == 1 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] + if api_recaptcha_verify_uri == nil + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" + end + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) + end + + if api_captcha_version == 2 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] + if api_recaptcha_verify_uri == nil + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" + end + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) + end + + end + + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) + + if recaptcha_challenge_field == nil || recaptcha_response_field == nil + return _('Missing captcha data') + end + verify_hash = { "privatekey" => private_key, "remoteip" => remote_ip, @@ -233,6 +259,26 @@ module Noosfero body == "true\nsuccess" ? true : body end + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) + + if g_recaptcha_response == nil + return _('Missing captcha data') + end + + verify_hash = { + "secret" => private_key, + "remoteip" => remote_ip, + "response" => g_recaptcha_response + } + uri = URI(api_recaptcha_verify_uri) + https = Net::HTTP.new(uri.host, uri.port) + https.use_ssl = true + request = Net::HTTP::Post.new(uri.path) + request.set_form_data(verify_hash) + captcha_result = JSON.parse(https.request(request).body) + captcha_result["success"] ? true : captcha_result + end + end end end diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb index 55d970e..7f99f9d 100644 --- a/lib/noosfero/api/session.rb +++ b/lib/noosfero/api/session.rb @@ -34,28 +34,18 @@ module Noosfero requires :email, type: String, desc: _("Email") requires :login, type: String, desc: _("Login") requires :password, type: String, desc: _("Password") + requires :password_confirmation, type: String, desc: _("Password confirmation") end post "/register" do unique_attributes! User, [:email, :login] - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields - attrs[:password_confirmation] = attrs[:password] + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] - # TODO: FIX THAT - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers - # Leave with the full namespace otherwise the stub for the test will fail - begin - # This will run from test - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) - rescue NoMethodError - # Normal execution - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) - end - unless captcha_result === true - render_api_error!(_('Please solve the test in order to register.'), 400) + + unless test_captcha(remote_ip, params) === true + render_api_error!(_('Please solve the test in order to register.'), 401) return end + user = User.new(attrs) if user.save user.activate -- libgit2 0.21.2