diff --git a/app/models/environment.rb b/app/models/environment.rb index 502d07b..3d8f050 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -310,6 +310,9 @@ class Environment < ActiveRecord::Base settings_items :signup_welcome_screen_body, :type => String + #Captcha setings + settings_items :api_captcha_settings, :type => ActiveSupport::HashWithIndifferentAccess, :default => {} + def has_custom_welcome_screen? settings[:signup_welcome_screen_body].present? end diff --git a/lib/noosfero/api/api.rb b/lib/noosfero/api/api.rb index 5fd8a0a..ab3526d 100644 --- a/lib/noosfero/api/api.rb +++ b/lib/noosfero/api/api.rb @@ -1,11 +1,6 @@ require 'grape' #require 'rack/contrib' - -if Rails.env == "production" - Dir["#{Rails.root}/lib/noosfero/api/*.rb"].each {|file| require file unless file =~ /api\.rb/} -else - Dir["#{Rails.root}/lib/noosfero/api/*.rb"].each {|file| load file unless file =~ /api\.rb/} -end +Dir["#{Rails.root}/lib/noosfero/api/*.rb"].each {|file| require_dependency file unless file =~ /api\.rb/} module Noosfero module API @@ -17,7 +12,7 @@ module Noosfero use GrapeLogging::Middleware::RequestLogger, { logger: logger } rescue_from :all do |e| - # Many brave warriors have fallen in the battle of fixing the API log + # Many brave warriors have fallen in the battle for fixing the API log # Please, don't remove these 2 lines until the API log problem has # been PROPERLY fixed by our savior!!! # Otherwise we will have no clue of what went wrong in the API diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 37b7dbf..6f4ab7a 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -91,6 +91,7 @@ end def authenticate! + unauthorized! unless current_user end @@ -207,39 +208,29 @@ # captcha_helpers # ########################################## - def test_captcha(remote_ip, params) - return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true - - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] - if private_key == nil - raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" - end - - api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] - unless api_captcha_version == 1 || api_captcha_version == 2 - raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" - end - - if api_captcha_version == 1 - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] - if api_recaptcha_verify_uri == nil - raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" + def test_captcha(remote_ip, params, _environment = nil) + environment ||= _environment + d = environment.api_captcha_settings + return true unless d[:enabled] == true + + if d[:provider] == 'google' + raise ArgumentError, "Environment api_captcha_settings private_key not defined" if d[:private_key].nil? + raise ArgumentError, "Environment api_captcha_settings version not defined" unless d[:version] == 1 || d[:version] == 2 + raise ArgumentError, "Environment api_captcha_settings verify_uri not defined" if d[:verify_uri].nil? + if d[:version] == 1 + return verify_recaptcha_v1(remote_ip, d[:private_key], d[:verify_uri], params[:recaptcha_challenge_field], params[:recaptcha_response_field]) end - return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) - end - - if api_captcha_version == 2 - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] - if api_recaptcha_verify_uri == nil - raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" + if d[:version] == 2 + return verify_recaptcha_v2(remote_ip, d[:private_key], d[:verify_uri], params[:g_recaptcha_response]) end - return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) end + if d[:provider] == 'serpro' + #TODO ADD SERPRO's CAPTCHA + end end def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) - if recaptcha_challenge_field == nil || recaptcha_response_field == nil return _('Missing captcha data') end diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb index 7f99f9d..f3adc32 100644 --- a/lib/noosfero/api/session.rb +++ b/lib/noosfero/api/session.rb @@ -29,7 +29,7 @@ module Noosfero # password (required) - Password # login - login # Example Request: - # POST /register?email=some@mail.com&password=pas&login=some + # POST /register?email=some@mail.com&password=pas&password_confirmation=pas&login=some params do requires :email, type: String, desc: _("Email") requires :login, type: String, desc: _("Login") diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 676bf96..b51201a 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -161,6 +161,32 @@ class APIHelpersTest < ActiveSupport::TestCase assert_nil make_conditions_with_parameter[:type] end + should 'fail display recaptcha v1' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'google', + version: 1, + private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', + public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', + verify_uri: 'https://www.google.com/recaptcha/api/verify', + } + assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" + end + + should 'fail display recaptcha v2' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'google', + version: 2, + private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY', + public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', + verify_uri: 'https://www.google.com/recaptcha/api/siteverify', + } + assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" + end + protected def error!(info, status) -- libgit2 0.21.2