Download as
Browse Code »

Commit 2b2b4a9e4a8407a89eb9f460ae9c778f7bc5eca0

Authored by Evandro Junior
2 parents 29917cb1 268ebd86
Exists in staging and in 4 other branches captcha_serpro_plugin, login-captcha, production, production-vendorized

Merge branch 'api' into production

Showing 3 changed files with 104 additions and 43 deletions   Show diff stats
config/noosfero.yml.dist
  Diff comments   View file @2b2b4a9
@@ -11,14 +11,38 @@ development: @@ -11,14 +11,38 @@ development:
11 max_upload_size: 5MB 11 max_upload_size: 5MB
12 hours_until_user_activation_check: 72 12 hours_until_user_activation_check: 72
13 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)? 13 exclude_profile_identifier_pattern: index(\..*)?|home(\..*)?
14 - api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'  
15 - api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'  
16 - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify' 14 +
  15 +#Google Recaptcha setup
  16 + api_captcha_enabled: true
  17 +#noosfero.com
  18 + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
  19 +#noosfero.com
  20 + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
  21 + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
  22 + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  23 +# version 1 or 2
  24 + api_captcha_version: 1
17 25
18 test: 26 test:
  27 +#Google Recaptcha setup
  28 + api_captcha_enabled: false
  29 +#noosfero.com
  30 + api_recaptcha_site_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-'
  31 +#noosfero.com
  32 + api_recaptcha_private_key: '6LdsWAcTAAAAAB6maB_HalVyCc4asDAxPxloIMvY'
  33 + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
  34 + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  35 +# version 1 or 2
  36 + api_captcha_version: 1
19 37
20 production: 38 production:
21 - api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i'  
22 - api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-'  
23 - api_recaptcha_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'  
24 -  
25 \ No newline at end of file 39 \ No newline at end of file
  40 +#Google Recaptcha setup
  41 + api_captcha_enabled: true
  42 +#dialoga
  43 + api_recaptcha_site_key: '6LcLPAcTAAAAAKsd0bxY_TArhD_A7OL19SRCW7_i'
  44 +#dialoga
  45 + api_recaptcha_private_key: '6LcLPAcTAAAAAE36SN1M2w1I7Hn8upwXYZ_YQZ5-'
  46 + api_recaptcha_v1_verify_uri: 'https://www.google.com/recaptcha/api/verify'
  47 + api_recaptcha_v2_verify_uri: 'https://www.google.com/recaptcha/api/siteverify'
  48 + # version 1 or 2
  49 + api_captcha_version: 1
lib/noosfero/api/helpers.rb
  Diff comments   View file @2b2b4a9
1 -module Noosfero  
2 - module API  
3 - module APIHelpers 1 + module Noosfero
  2 + module API
  3 + module APIHelpers
4 PRIVATE_TOKEN_PARAM = :private_token 4 PRIVATE_TOKEN_PARAM = :private_token
5 ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] 5 ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type]
6 6
@@ -113,20 +113,6 @@ module Noosfero @@ -113,20 +113,6 @@ module Noosfero
113 attrs 113 attrs
114 end 114 end
115 115
116 - def verify_recaptcha_v2(remote_ip, g_recaptcha_response, private_key, api_recaptcha_verify_uri)  
117 - binding.pry  
118 - verify_hash = {  
119 - "secret" => private_key,  
120 - "remoteip" => remote_ip,  
121 - "response" => g_recaptcha_response  
122 - }  
123 - uri = URI(api_recaptcha_verify_uri)  
124 - https = Net::HTTP.new(uri.host, uri.port)  
125 - https.use_ssl = true  
126 - request = Net::HTTP::Post.new(uri.path)  
127 - request.set_form_data(verify_hash)  
128 - JSON.parse(https.request(request).body)  
129 - end  
130 116
131 ########################################## 117 ##########################################
132 # error helpers # 118 # error helpers #
@@ -217,8 +203,47 @@ module Noosfero @@ -217,8 +203,47 @@ module Noosfero
217 begin_period..end_period 203 begin_period..end_period
218 end 204 end
219 205
220 - def verify_recaptcha_v1(remote_ip, recaptcha_response_field, private_key, recaptcha_challenge_field, api_recaptcha_verify_uri)  
221 - binding.pry 206 + ##########################################
  207 + # captcha_helpers #
  208 + ##########################################
  209 +
  210 + def test_captcha(remote_ip, params)
  211 + return true unless API.NOOSFERO_CONF['api_captcha_enabled'] === true
  212 +
  213 + private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']
  214 + if private_key == nil
  215 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_private_key'] not defined"
  216 + end
  217 +
  218 + api_captcha_version = API.NOOSFERO_CONF['api_captcha_version']
  219 + unless api_captcha_version == 1 || api_captcha_version == 2
  220 + raise ArgumentError, "API.NOOSFERO_CONF['api_captcha_version'] not defined"
  221 + end
  222 +
  223 + if api_captcha_version == 1
  224 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri']
  225 + if api_recaptcha_verify_uri == nil
  226 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v1_verify_uri'] not defined"
  227 + end
  228 + return verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, params[:recaptcha_challenge_field], params[:recaptcha_response_field])
  229 + end
  230 +
  231 + if api_captcha_version == 2
  232 + api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri']
  233 + if api_recaptcha_verify_uri == nil
  234 + raise ArgumentError, "API.NOOSFERO_CONF['api_recaptcha_v2_verify_uri'] not defined"
  235 + end
  236 + return verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, params[:g_recaptcha_response])
  237 + end
  238 +
  239 + end
  240 +
  241 + def verify_recaptcha_v1(remote_ip, private_key, api_recaptcha_verify_uri, recaptcha_challenge_field, recaptcha_response_field)
  242 +
  243 + if recaptcha_challenge_field == nil || recaptcha_response_field == nil
  244 + return _('Missing captcha data')
  245 + end
  246 +
222 verify_hash = { 247 verify_hash = {
223 "privatekey" => private_key, 248 "privatekey" => private_key,
224 "remoteip" => remote_ip, 249 "remoteip" => remote_ip,
@@ -230,11 +255,28 @@ module Noosfero @@ -230,11 +255,28 @@ module Noosfero
230 https.use_ssl = true 255 https.use_ssl = true
231 request = Net::HTTP::Post.new(uri.path) 256 request = Net::HTTP::Post.new(uri.path)
232 request.set_form_data(verify_hash) 257 request.set_form_data(verify_hash)
233 - if https.request(request).body == "true\nsuccess"  
234 - captcha_result["success"]=true  
235 - else  
236 - captcha_result["success"]=false 258 + body = https.request(request).body
  259 + body == "true\nsuccess" ? true : body
  260 + end
  261 +
  262 + def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response)
  263 +
  264 + if g_recaptcha_response == nil
  265 + return _('Missing captcha data')
237 end 266 end
  267 +
  268 + verify_hash = {
  269 + "secret" => private_key,
  270 + "remoteip" => remote_ip,
  271 + "response" => g_recaptcha_response
  272 + }
  273 + uri = URI(api_recaptcha_verify_uri)
  274 + https = Net::HTTP.new(uri.host, uri.port)
  275 + https.use_ssl = true
  276 + request = Net::HTTP::Post.new(uri.path)
  277 + request.set_form_data(verify_hash)
  278 + captcha_result = JSON.parse(https.request(request).body)
  279 + captcha_result["success"] ? true : captcha_result
238 end 280 end
239 281
240 end 282 end
lib/noosfero/api/session.rb
  Diff comments   View file @2b2b4a9
@@ -34,25 +34,20 @@ module Noosfero @@ -34,25 +34,20 @@ module Noosfero
34 requires :email, type: String, desc: _("Email") 34 requires :email, type: String, desc: _("Email")
35 requires :login, type: String, desc: _("Login") 35 requires :login, type: String, desc: _("Login")
36 requires :password, type: String, desc: _("Password") 36 requires :password, type: String, desc: _("Password")
  37 + requires :password_confirmation, type: String, desc: _("Password confirmation")
37 end 38 end
38 post "/register" do 39 post "/register" do
39 - binding.pry  
40 unique_attributes! User, [:email, :login] 40 unique_attributes! User, [:email, :login]
41 - attrs = attributes_for_keys [:email, :login, :password] + environment.signup_person_fields  
42 - attrs[:password_confirmation] = attrs[:password]  
43 - 41 + attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields
44 remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) 42 remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
45 - private_key = API.NOOSFERO_CONF['api_recaptcha_private_key']  
46 - api_recaptcha_verify_uri = API.NOOSFERO_CONF['api_recaptcha_verify_uri']  
47 43
48 -# "recaptcha_challenge_field" => "03AHJ_VutRW6eOgTKZyK-77J96k121W0fUHIEvThyCPtqG2FUPBWzidBOqptzk0poh_UkMNPxAd_m0CqUz1Dip-6uV_zlwlviaXXvymwCFXPaWuvvyUfZ3LvZy6M1CoPfbhOQZjTkf_VNjlVnCRuuJXmGy4MhhuJ8om1J_R2C_oIAfP3KbpmlqLXU5nLlE7WpW-h-OhRTQzupTo9UL-4-ZDRk1bMkCSEJnwYUomOboqFBEpJBv0iaOCaSnu9_UKObmWmpbQZSHxYK7",  
49 -# "recaptcha_response_field" => "1221" 44 + unless test_captcha(remote_ip, params) === true
  45 + render_api_error!(_('Please solve the test in order to register.'), 401)
  46 + return
  47 + end
50 48
51 - #captcha_result = verify_recaptcha_v2(remote_ip, params['g-recaptcha-response'], private_key, api_recaptcha_verify_uri)  
52 - captcha_result = verify_recaptcha_v1(remote_ip, params['recaptcha_response_field'], private_key, params['recaptcha_challenge_field'], api_recaptcha_verify_uri)  
53 - binding.pry  
54 - user = User.new(attrs)  
55 - if captcha_result["success"] and user.save 49 + user = User.new(attrs)
  50 + if user.save
56 user.activate 51 user.activate
57 user.generate_private_token! 52 user.generate_private_token!
58 present user, :with => Entities::UserLogin 53 present user, :with => Entities::UserLogin