From a590ddfeaec31b81f788429b3aebb702bf7deaa2 Mon Sep 17 00:00:00 2001
From: Carlos Purificacao <carloseugenio@gmail.com>
Date: Fri, 18 Sep 2015 16:23:05 -0300
Subject: [PATCH] Login captcha intial implementation

---
 lib/noosfero/api/helpers.rb | 13 +++++++++++++
 lib/noosfero/api/session.rb | 20 ++++++++++++++++++++
 2 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb
index 9f9da69..c48bc13 100644
--- a/lib/noosfero/api/helpers.rb
+++ b/lib/noosfero/api/helpers.rb
@@ -21,6 +21,17 @@ require 'grape'
         plugins
       end
 
+      def current_tmp_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+        @current_tmp_user ||= User.find_by_private_token(private_token)
+        @current_tmp_user = nil if !@current_tmp_user.nil? && @current_tmp_user.private_token_expired?
+        @current_tmp_user
+      end
+
+      def logout_tmp_user
+        @current_tmp_user = nil
+      end      
+
       def current_user
         private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
         @current_user ||= User.find_by_private_token(private_token)
@@ -307,6 +318,8 @@ require 'grape'
 
       def set_session_cookie
         cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+        # Set also the private_token for the current_tmp_user
+        cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
       end
 
       def setup_multitenancy
diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb
index 7d8aef8..ba56997 100644
--- a/lib/noosfero/api/session.rb
+++ b/lib/noosfero/api/session.rb
@@ -4,6 +4,26 @@ module Noosfero
   module API
     class Session < Grape::API
 
+      ################################
+      # => Login with captcha only
+      # This method will attempt to login the user using only the captcha.
+      # To do this, we generate a temporary in-memory user and generate a private
+      # token to it.
+      ################################
+      post "/login-captcha" do
+        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
+        # test_captcha will render_api_error! and exit in case of any problem
+        # this return is just to improve the clarity of the execution path
+        return unless test_captcha(remote_ip, params, environment)
+
+        name = "tmp_user_#{remote_ip}"
+        user = User.new(:name => name)
+        user.generate_private_token!
+
+        @current_tmp_user = user
+        {:private_token => user.private_token}
+      end
+
       # Login to get token
       #
       # Parameters:
--
libgit2 0.21.2