Commit 4bd932b152c3f8c75e4aae02c8d97e34dadfb7ee
1 parent
26873359
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
API can be disabled by config/noosfero.yml api_captcha_enabled: false
Showing
3 changed files
with
89 additions
and
36 deletions
Show diff stats
config/noosfero.yml.dist
@@ -11,21 +11,38 @@ development: | @@ -11,21 +11,38 @@ development: | ||
11 | max_upload_size: 5MB | 11 | max_upload_size: 5MB |
12 | hours_until_user_activation_check: 72 | 12 | hours_until_user_activation_check: 72 |
13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? | 13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? |
14 | + | ||
15 | +#Google Recaptcha setup | ||
16 | + api_captcha_enabled: true | ||
14 | #noosfero.com | 17 | #noosfero.com |
15 | api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | 18 | api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' |
16 | #noosfero.com | 19 | #noosfero.com |
17 | api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | 20 | api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' |
18 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | 21 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
19 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | 22 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
23 | +# version 1 or 2 | ||
24 | + api_captcha_version: 1 | ||
20 | 25 | ||
21 | test: | 26 | test: |
27 | +#Google Recaptcha setup | ||
28 | + api_captcha_enabled: false | ||
29 | +#noosfero.com | ||
30 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | ||
31 | +#noosfero.com | ||
32 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | ||
33 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | ||
34 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | ||
35 | +# version 1 or 2 | ||
36 | + api_captcha_version: 1 | ||
22 | 37 | ||
23 | production: | 38 | production: |
39 | +#Google Recaptcha setup | ||
40 | + api_captcha_enabled: true | ||
24 | #dialoga | 41 | #dialoga |
25 | api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' | 42 | api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' |
26 | #dialoga | 43 | #dialoga |
27 | api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' | 44 | api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' |
28 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | 45 | api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' |
29 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | 46 | api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' |
30 | - | ||
31 | - | ||
32 | \ No newline at end of file | 47 | \ No newline at end of file |
48 | + # version 1 or 2 | ||
49 | + api_captcha_version: 1 |
lib/noosfero/api/helpers.rb
1 | -module Noosfero | ||
2 | - module API | ||
3 | - module APIHelpers | 1 | + module Noosfero |
2 | + module API | ||
3 | + module APIHelpers | ||
4 | PRIVATE_TOKEN_PARAM = :private_token | 4 | PRIVATE_TOKEN_PARAM = :private_token |
5 | ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] | 5 | ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] |
6 | 6 | ||
@@ -113,20 +113,6 @@ module Noosfero | @@ -113,20 +113,6 @@ module Noosfero | ||
113 | attrs | 113 | attrs |
114 | end | 114 | end |
115 | 115 | ||
116 | - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) | ||
117 | - verify_hash = { | ||
118 | - "secret" => private_key, | ||
119 | - "remoteip" => remote_ip, | ||
120 | - "response" => g_recaptcha_response | ||
121 | - } | ||
122 | - uri = URI(api_recaptcha_verify_uri) | ||
123 | - https = Net::HTTP.new(uri.host, uri.port) | ||
124 | - https.use_ssl = true | ||
125 | - request = Net::HTTP::Post.new(uri.path) | ||
126 | - request.set_form_data(verify_hash) | ||
127 | - captcha_result = JSON.parse(https.request(request).body) | ||
128 | - captcha_result["success"] ? true : captcha_result | ||
129 | - end | ||
130 | 116 | ||
131 | ########################################## | 117 | ########################################## |
132 | # error helpers # | 118 | # error helpers # |
@@ -217,7 +203,47 @@ module Noosfero | @@ -217,7 +203,47 @@ module Noosfero | ||
217 | begin_period..end_period | 203 | begin_period..end_period |
218 | end | 204 | end |
219 | 205 | ||
220 | - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) | 206 | + ########################################## |
207 | + # captcha_helpers # | ||
208 | + ########################################## | ||
209 | + | ||
210 | + def test_captcha(remote_ip, params) | ||
211 | + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true | ||
212 | + | ||
213 | + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | ||
214 | + if private_key == nil | ||
215 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" | ||
216 | + end | ||
217 | + | ||
218 | + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] | ||
219 | + unless api_captcha_version == 1 || api_captcha_version == 2 | ||
220 | + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" | ||
221 | + end | ||
222 | + | ||
223 | + if api_captcha_version == 1 | ||
224 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | ||
225 | + if api_recaptcha_verify_uri == nil | ||
226 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" | ||
227 | + end | ||
228 | + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) | ||
229 | + end | ||
230 | + | ||
231 | + if api_captcha_version == 2 | ||
232 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] | ||
233 | + if api_recaptcha_verify_uri == nil | ||
234 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" | ||
235 | + end | ||
236 | + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) | ||
237 | + end | ||
238 | + | ||
239 | + end | ||
240 | + | ||
241 | + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) | ||
242 | + | ||
243 | + if recaptcha_challenge_field == nil || recaptcha_response_field == nil | ||
244 | + return _('Missing captcha data') | ||
245 | + end | ||
246 | + | ||
221 | verify_hash = { | 247 | verify_hash = { |
222 | "privatekey" => private_key, | 248 | "privatekey" => private_key, |
223 | "remoteip" => remote_ip, | 249 | "remoteip" => remote_ip, |
@@ -233,6 +259,26 @@ module Noosfero | @@ -233,6 +259,26 @@ module Noosfero | ||
233 | body == "true\nsuccess" ? true : body | 259 | body == "true\nsuccess" ? true : body |
234 | end | 260 | end |
235 | 261 | ||
262 | + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) | ||
263 | + | ||
264 | + if g_recaptcha_response == nil | ||
265 | + return _('Missing captcha data') | ||
266 | + end | ||
267 | + | ||
268 | + verify_hash = { | ||
269 | + "secret" => private_key, | ||
270 | + "remoteip" => remote_ip, | ||
271 | + "response" => g_recaptcha_response | ||
272 | + } | ||
273 | + uri = URI(api_recaptcha_verify_uri) | ||
274 | + https = Net::HTTP.new(uri.host, uri.port) | ||
275 | + https.use_ssl = true | ||
276 | + request = Net::HTTP::Post.new(uri.path) | ||
277 | + request.set_form_data(verify_hash) | ||
278 | + captcha_result = JSON.parse(https.request(request).body) | ||
279 | + captcha_result["success"] ? true : captcha_result | ||
280 | + end | ||
281 | + | ||
236 | end | 282 | end |
237 | end | 283 | end |
238 | end | 284 | end |
lib/noosfero/api/session.rb
@@ -34,28 +34,18 @@ module Noosfero | @@ -34,28 +34,18 @@ module Noosfero | ||
34 | requires :email, type: String, desc: _("Email") | 34 | requires :email, type: String, desc: _("Email") |
35 | requires :login, type: String, desc: _("Login") | 35 | requires :login, type: String, desc: _("Login") |
36 | requires :password, type: String, desc: _("Password") | 36 | requires :password, type: String, desc: _("Password") |
37 | + requires :password_confirmation, type: String, desc: _("Password confirmation") | ||
37 | end | 38 | end |
38 | post "/register" do | 39 | post "/register" do |
39 | unique_attributes! User, [:email, :login] | 40 | unique_attributes! User, [:email, :login] |
40 | - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields | ||
41 | - attrs[:password_confirmation] = attrs[:password] | 41 | + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields |
42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) | 42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) |
43 | - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | ||
44 | - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | ||
45 | - # TODO: FIX THAT | ||
46 | - # TEST WILL NOT STUB WITHOUT Noosfero::API::APIHelpers | ||
47 | - # Leave with the full namespace otherwise the stub for the test will fail | ||
48 | - begin | ||
49 | - # This will run from test | ||
50 | - captcha_result = Noosfero::API::APIHelpers.verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | ||
51 | - rescue NoMethodError | ||
52 | - # Normal execution | ||
53 | - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | ||
54 | - end | ||
55 | - unless captcha_result === true | ||
56 | - render_api_error!(_('Please solve the test in order to register.'), 400) | 43 | + |
44 | + unless test_captcha(remote_ip, params) === true | ||
45 | + render_api_error!(_('Please solve the test in order to register.'), 401) | ||
57 | return | 46 | return |
58 | end | 47 | end |
48 | + | ||
59 | user = User.new(attrs) | 49 | user = User.new(attrs) |
60 | if user.save | 50 | if user.save |
61 | user.activate | 51 | user.activate |