Commit 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee

Authored by Evandro Junior
1 parent 26873359

API can be disabled by config/noosfero.yml api_captcha_enabled: false

config/noosfero.yml.dist
@@ -11,21 +11,38 @@ development: @@ -11,21 +11,38 @@ development:
11 max_upload_size: 5MB 11 max_upload_size: 5MB
12 hours_until_user_activation_check: 72 12 hours_until_user_activation_check: 72
13 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? 13 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)?
  14 +
  15 +#Google Recaptcha setup
  16 + api_captcha_enabled: true
14 #noosfero.com 17 #noosfero.com
15 api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' 18 api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
16 #noosfero.com 19 #noosfero.com
17 api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' 20 api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
18 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' 21 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
19 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' 22 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  23 +# version 1 or 2
  24 + api_captcha_version: 1
20 25
21 test: 26 test:
  27 +#Google Recaptcha setup
  28 + api_captcha_enabled: false
  29 +#noosfero.com
  30 + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
  31 +#noosfero.com
  32 + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
  33 + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
  34 + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  35 +# version 1 or 2
  36 + api_captcha_version: 1
22 37
23 production: 38 production:
  39 +#Google Recaptcha setup
  40 + api_captcha_enabled: true
24 #dialoga 41 #dialoga
25 api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' 42 api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i'
26 #dialoga 43 #dialoga
27 api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' 44 api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-'
28 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' 45 api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
29 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' 46 api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
30 -  
31 -  
32 \ No newline at end of file 47 \ No newline at end of file
  48 + # version 1 or 2
  49 + api_captcha_version: 1
lib/noosfero/api/helpers.rb
1 -module Noosfero  
2 - module API  
3 - module APIHelpers 1 + module Noosfero
  2 + module API
  3 + module APIHelpers
4 PRIVATE_TOKEN_PARAM = :private_token 4 PRIVATE_TOKEN_PARAM = :private_token
5 ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] 5 ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
6 6
@@ -113,20 +113,6 @@ module Noosfero @@ -113,20 +113,6 @@ module Noosfero
113 attrs 113 attrs
114 end 114 end
115 115
116 - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri)  
117 - verify_hash = {  
118 - "secret" => private_key,  
119 - "remoteip" => remote_ip,  
120 - "response" => g_recaptcha_response  
121 - }  
122 - uri = URI(api_recaptcha_verify_uri)  
123 - https = Net::HTTP.new(uri.host, uri.port)  
124 - https.use_ssl = true  
125 - request = Net::HTTP::Post.new(uri.path)  
126 - request.set_form_data(verify_hash)  
127 - captcha_result = JSON.parse(https.request(request).body)  
128 - captcha_result["success"] ? true : captcha_result  
129 - end  
130 116
131 ########################################## 117 ##########################################
132 # error helpers # 118 # error helpers #
@@ -217,7 +203,47 @@ module Noosfero @@ -217,7 +203,47 @@ module Noosfero
217 begin_period..end_period 203 begin_period..end_period
218 end 204 end
219 205
220 - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) 206 + ##########################################
  207 + # captcha_helpers #
  208 + ##########################################
  209 +
  210 + def test_captcha(remote_ip, params)
  211 + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true
  212 +
  213 + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']
  214 + if private_key == nil
  215 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined"
  216 + end
  217 +
  218 + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version']
  219 + unless api_captcha_version == 1 || api_captcha_version == 2
  220 + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined"
  221 + end
  222 +
  223 + if api_captcha_version == 1
  224 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri']
  225 + if api_recaptcha_verify_uri == nil
  226 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined"
  227 + end
  228 + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field])
  229 + end
  230 +
  231 + if api_captcha_version == 2
  232 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri']
  233 + if api_recaptcha_verify_uri == nil
  234 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined"
  235 + end
  236 + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response])
  237 + end
  238 +
  239 + end
  240 +
  241 + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)
  242 +
  243 + if recaptcha_challenge_field == nil || recaptcha_response_field == nil
  244 + return _('Missing captcha data')
  245 + end
  246 +
221 verify_hash = { 247 verify_hash = {
222 "privatekey" => private_key, 248 "privatekey" => private_key,
223 "remoteip" => remote_ip, 249 "remoteip" => remote_ip,
@@ -233,6 +259,26 @@ module Noosfero @@ -233,6 +259,26 @@ module Noosfero
233 body == "true\nsuccess" ? true : body 259 body == "true\nsuccess" ? true : body
234 end 260 end
235 261
  262 + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)
  263 +
  264 + if g_recaptcha_response == nil
  265 + return _('Missing captcha data')
  266 + end
  267 +
  268 + verify_hash = {
  269 + "secret" => private_key,
  270 + "remoteip" => remote_ip,
  271 + "response" => g_recaptcha_response
  272 + }
  273 + uri = URI(api_recaptcha_verify_uri)
  274 + https = Net::HTTP.new(uri.host, uri.port)
  275 + https.use_ssl = true
  276 + request = Net::HTTP::Post.new(uri.path)
  277 + request.set_form_data(verify_hash)
  278 + captcha_result = JSON.parse(https.request(request).body)
  279 + captcha_result["success"] ? true : captcha_result
  280 + end
  281 +
236 end 282 end
237 end 283 end
238 end 284 end
lib/noosfero/api/session.rb
@@ -34,28 +34,18 @@ module Noosfero @@ -34,28 +34,18 @@ module Noosfero
34 requires :email, type: String, desc: _("Email") 34 requires :email, type: String, desc: _("Email")
35 requires :login, type: String, desc: _("Login") 35 requires :login, type: String, desc: _("Login")
36 requires :password, type: String, desc: _("Password") 36 requires :password, type: String, desc: _("Password")
  37 + requires :password_confirmation, type: String, desc: _("Password confirmation")
37 end 38 end
38 post "/register" do 39 post "/register" do
39 unique_attributes! User, [:email, :login] 40 unique_attributes! User, [:email, :login]
40 - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields  
41 - attrs[:password_confirmation] = attrs[:password] 41 + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
42 remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) 42 remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
43 - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']  
44 - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri']  
45 - # TODO: FIX THAT  
46 - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers  
47 - # Leave with the full namespace otherwise the stub for the test will fail  
48 - begin  
49 - # This will run from test  
50 - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri)  
51 - rescue NoMethodError  
52 - # Normal execution  
53 - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri)  
54 - end  
55 - unless captcha_result === true  
56 - render_api_error!(_('Please solve the test in order to register.'), 400) 43 +
  44 + unless test_captcha(remote_ip, params) === true
  45 + render_api_error!(_('Please solve the test in order to register.'), 401)
57 return 46 return
58 end 47 end
  48 +
59 user = User.new(attrs) 49 user = User.new(attrs)
60 if user.save 50 if user.save
61 user.activate 51 user.activate