Commit 2b2b4a9e4a8407a89eb9f460ae9c778f7bc5eca0
Exists in
staging
and in
4 other branches
Merge branch 'api' into production
Showing
3 changed files
with
104 additions
and
43 deletions
Show diff stats
config/noosfero.yml.dist
| ... | ... | @@ -11,14 +11,38 @@ development: |
| 11 | 11 | max_upload_size: 5MB |
| 12 | 12 | hours_until_user_activation_check: 72 |
| 13 | 13 | exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? |
| 14 | - api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 15 | - api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 16 | - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 14 | + | |
| 15 | +#Google Recaptcha setup | |
| 16 | + api_captcha_enabled: true | |
| 17 | +#noosfero.com | |
| 18 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 19 | +#noosfero.com | |
| 20 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 21 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 22 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 23 | +# version 1 or 2 | |
| 24 | + api_captcha_version: 1 | |
| 17 | 25 | |
| 18 | 26 | test: |
| 27 | +#Google Recaptcha setup | |
| 28 | + api_captcha_enabled: false | |
| 29 | +#noosfero.com | |
| 30 | + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-' | |
| 31 | +#noosfero.com | |
| 32 | + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY' | |
| 33 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 34 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 35 | +# version 1 or 2 | |
| 36 | + api_captcha_version: 1 | |
| 19 | 37 | |
| 20 | 38 | production: |
| 21 | - api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' | |
| 22 | - api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' | |
| 23 | - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 24 | - | |
| 25 | 39 | \ No newline at end of file |
| 40 | +#Google Recaptcha setup | |
| 41 | + api_captcha_enabled: true | |
| 42 | +#dialoga | |
| 43 | + api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i' | |
| 44 | +#dialoga | |
| 45 | + api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-' | |
| 46 | + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify' | |
| 47 | + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' | |
| 48 | + # version 1 or 2 | |
| 49 | + api_captcha_version: 1 | ... | ... |
lib/noosfero/api/helpers.rb
| 1 | -module Noosfero | |
| 2 | - module API | |
| 3 | - module APIHelpers | |
| 1 | + module Noosfero | |
| 2 | + module API | |
| 3 | + module APIHelpers | |
| 4 | 4 | PRIVATE_TOKEN_PARAM = :private_token |
| 5 | 5 | ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] |
| 6 | 6 | |
| ... | ... | @@ -113,20 +113,6 @@ module Noosfero |
| 113 | 113 | attrs |
| 114 | 114 | end |
| 115 | 115 | |
| 116 | - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri) | |
| 117 | - binding.pry | |
| 118 | - verify_hash = { | |
| 119 | - "secret" => private_key, | |
| 120 | - "remoteip" => remote_ip, | |
| 121 | - "response" => g_recaptcha_response | |
| 122 | - } | |
| 123 | - uri = URI(api_recaptcha_verify_uri) | |
| 124 | - https = Net::HTTP.new(uri.host, uri.port) | |
| 125 | - https.use_ssl = true | |
| 126 | - request = Net::HTTP::Post.new(uri.path) | |
| 127 | - request.set_form_data(verify_hash) | |
| 128 | - JSON.parse(https.request(request).body) | |
| 129 | - end | |
| 130 | 116 | |
| 131 | 117 | ########################################## |
| 132 | 118 | # error helpers # |
| ... | ... | @@ -217,8 +203,47 @@ module Noosfero |
| 217 | 203 | begin_period..end_period |
| 218 | 204 | end |
| 219 | 205 | |
| 220 | - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri) | |
| 221 | - binding.pry | |
| 206 | + ########################################## | |
| 207 | + # captcha_helpers # | |
| 208 | + ########################################## | |
| 209 | + | |
| 210 | + def test_captcha(remote_ip, params) | |
| 211 | + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true | |
| 212 | + | |
| 213 | + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
| 214 | + if private_key == nil | |
| 215 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined" | |
| 216 | + end | |
| 217 | + | |
| 218 | + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version'] | |
| 219 | + unless api_captcha_version == 1 || api_captcha_version == 2 | |
| 220 | + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined" | |
| 221 | + end | |
| 222 | + | |
| 223 | + if api_captcha_version == 1 | |
| 224 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] | |
| 225 | + if api_recaptcha_verify_uri == nil | |
| 226 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined" | |
| 227 | + end | |
| 228 | + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field]) | |
| 229 | + end | |
| 230 | + | |
| 231 | + if api_captcha_version == 2 | |
| 232 | + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] | |
| 233 | + if api_recaptcha_verify_uri == nil | |
| 234 | + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined" | |
| 235 | + end | |
| 236 | + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response]) | |
| 237 | + end | |
| 238 | + | |
| 239 | + end | |
| 240 | + | |
| 241 | + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field) | |
| 242 | + | |
| 243 | + if recaptcha_challenge_field == nil || recaptcha_response_field == nil | |
| 244 | + return _('Missing captcha data') | |
| 245 | + end | |
| 246 | + | |
| 222 | 247 | verify_hash = { |
| 223 | 248 | "privatekey" => private_key, |
| 224 | 249 | "remoteip" => remote_ip, |
| ... | ... | @@ -230,11 +255,28 @@ module Noosfero |
| 230 | 255 | https.use_ssl = true |
| 231 | 256 | request = Net::HTTP::Post.new(uri.path) |
| 232 | 257 | request.set_form_data(verify_hash) |
| 233 | - if https.request(request).body == "true\nsuccess" | |
| 234 | - captcha_result["success"]=true | |
| 235 | - else | |
| 236 | - captcha_result["success"]=false | |
| 258 | + body = https.request(request).body | |
| 259 | + body == "true\nsuccess" ? true : body | |
| 260 | + end | |
| 261 | + | |
| 262 | + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) | |
| 263 | + | |
| 264 | + if g_recaptcha_response == nil | |
| 265 | + return _('Missing captcha data') | |
| 237 | 266 | end |
| 267 | + | |
| 268 | + verify_hash = { | |
| 269 | + "secret" => private_key, | |
| 270 | + "remoteip" => remote_ip, | |
| 271 | + "response" => g_recaptcha_response | |
| 272 | + } | |
| 273 | + uri = URI(api_recaptcha_verify_uri) | |
| 274 | + https = Net::HTTP.new(uri.host, uri.port) | |
| 275 | + https.use_ssl = true | |
| 276 | + request = Net::HTTP::Post.new(uri.path) | |
| 277 | + request.set_form_data(verify_hash) | |
| 278 | + captcha_result = JSON.parse(https.request(request).body) | |
| 279 | + captcha_result["success"] ? true : captcha_result | |
| 238 | 280 | end |
| 239 | 281 | |
| 240 | 282 | end | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -34,25 +34,20 @@ module Noosfero |
| 34 | 34 | requires :email, type: String, desc: _("Email") |
| 35 | 35 | requires :login, type: String, desc: _("Login") |
| 36 | 36 | requires :password, type: String, desc: _("Password") |
| 37 | + requires :password_confirmation, type: String, desc: _("Password confirmation") | |
| 37 | 38 | end |
| 38 | 39 | post "/register" do |
| 39 | - binding.pry | |
| 40 | 40 | unique_attributes! User, [:email, :login] |
| 41 | - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields | |
| 42 | - attrs[:password_confirmation] = attrs[:password] | |
| 43 | - | |
| 41 | + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields | |
| 44 | 42 | remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) |
| 45 | - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key'] | |
| 46 | - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_verify_uri'] | |
| 47 | 43 | |
| 48 | -# "recaptcha_challenge_field" => "03AHJ_VutRW6eOgTKZyK-77J96k121W0fUHIEvThyCPtqG2FUPBWzidBOqptzk0poh_UkMNPxAd_m0CqUz1Dip-6uV_zlwlviaXXvymwCFXPaWuvvyUfZ3LvZy6M1CoPfbhOQZjTkf_VNjlVnCRuuJXmGy4MhhuJ8om1J_R2C_oIAfP3KbpmlqLXU5nLlE7WpW-h-OhRTQzupTo9UL-4-ZDRk1bMkCSEJnwYUomOboqFBEpJBv0iaOCaSnu9_UKObmWmpbQZSHxYK7", | |
| 49 | -# "recaptcha_response_field" => "1221" | |
| 44 | + unless test_captcha(remote_ip, params) === true | |
| 45 | + render_api_error!(_('Please solve the test in order to register.'), 401) | |
| 46 | + return | |
| 47 | + end | |
| 50 | 48 | |
| 51 | - #captcha_result = verify_recaptcha_v2(remote_ip, params['g-recaptcha-response'], private_key, api_recaptcha_verify_uri) | |
| 52 | - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri) | |
| 53 | - binding.pry | |
| 54 | - user = User.new(attrs) | |
| 55 | - if captcha_result["success"] and user.save | |
| 49 | + user = User.new(attrs) | |
| 50 | + if user.save | |
| 56 | 51 | user.activate |
| 57 | 52 | user.generate_private_token! |
| 58 | 53 | present user, :with => Entities::UserLogin | ... | ... |