From 4dfaa51dab30d07efa0d357ce226e761e6345988 Mon Sep 17 00:00:00 2001 From: Ábner Silva de Oliveira Date: Tue, 25 Aug 2015 10:16:54 -0300 Subject: [PATCH] Add captcha checking to forgot_password action --- app/controllers/public/account_controller.rb | 5 +++++ app/views/account/forgot_password.html.erb | 3 +++ test/functional/account_controller_test.rb | 10 ++++++++++ 3 files changed, 18 insertions(+), 0 deletions(-) diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb index 5775657..5658e95 100644 --- a/app/controllers/public/account_controller.rb +++ b/app/controllers/public/account_controller.rb @@ -189,6 +189,11 @@ class AccountController < ApplicationController if request.post? begin + unless verify_recaptcha + @change_password.errors.add(:base, _('Please type the words correctly')) + return false + end + requestors = fetch_requestors(params[:value]) raise ActiveRecord::RecordNotFound if requestors.blank? || params[:value].blank? diff --git a/app/views/account/forgot_password.html.erb b/app/views/account/forgot_password.html.erb index 3975daf..549a889 100644 --- a/app/views/account/forgot_password.html.erb +++ b/app/views/account/forgot_password.html.erb @@ -5,6 +5,9 @@ <%= form_tag do %> <%= labelled_form_field fields_label, text_field_tag(:value) %> +

<%= _('Please type the two words below') %>

+ <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %> +
<% button_bar do %> <%= submit_button('send', _('Send instructions')) %> diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index e5b5696..bf344fb 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -232,6 +232,16 @@ class AccountControllerTest < ActionController::TestCase assert_template 'password_recovery_sent' end + should 'not respond to forgotten password change if captcha verification fails' do + create_user('test') + @controller.stubs(:verify_recaptcha).returns(false) + post :forgot_password, :value => 'test' + change = assigns(:change_password) + assert change.errors.has_key?(:base) + assert_response :success + assert_tag :tag => 'div', :attributes => { :id => 'errorExplanation', :class => 'errorExplanation' } + end + should 'respond to forgotten password change request with email' do change = ChangePassword.new create_user('test', :email => 'test@localhost.localdomain') -- libgit2 0.21.2