diff --git a/app/models/environment.rb b/app/models/environment.rb index 3d8f050..3ab5bef 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -310,7 +310,7 @@ class Environment < ActiveRecord::Base settings_items :signup_welcome_screen_body, :type => String - #Captcha setings + #Captcha settings settings_items :api_captcha_settings, :type => ActiveSupport::HashWithIndifferentAccess, :default => {} def has_custom_welcome_screen? diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 00936d2..3176076 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -202,7 +202,6 @@ def period(from_date, until_date) begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date end_period = until_date.nil? ? DateTime.now : until_date - begin_period..end_period end @@ -211,7 +210,6 @@ ########################################## def test_captcha(remote_ip, params, _environment = nil) - binding.pry environment ||= _environment d = environment.api_captcha_settings return true unless d[:enabled] == true @@ -219,19 +217,20 @@ if d[:provider] == 'google' raise ArgumentError, "Environment api_captcha_settings private_key not defined" if d[:private_key].nil? raise ArgumentError, "Environment api_captcha_settings version not defined" unless d[:version] == 1 || d[:version] == 2 - raise ArgumentError, "Environment api_captcha_settings verify_uri not defined" if d[:verify_uri].nil? if d[:version] == 1 + d[:verify_uri] ||= 'https://www.google.com/recaptcha/api/verify' return verify_recaptcha_v1(remote_ip, d[:private_key], d[:verify_uri], params[:recaptcha_challenge_field], params[:recaptcha_response_field]) end if d[:version] == 2 + d[:verify_uri] ||= 'https://www.google.com/recaptcha/api/siteverify' return verify_recaptcha_v2(remote_ip, d[:private_key], d[:verify_uri], params[:g_recaptcha_response]) end end if d[:provider] == 'serpro' - return verify_serpro_captcha(d[:serpro_client_id], params[:txtToken_captcha_serpro_gov_br], params[:captcha_text]) + d[:verify_uri] ||= 'http://captcha.servicoscorporativos.serpro.gov.br' + return verify_serpro_captcha(d[:serpro_client_id], params[:txtToken_captcha_serpro_gov_br], params[:captcha_text], d[:verify_uri]) end - raise ArgumentError, "Environment api_captcha_settings provider not defined" end @@ -256,7 +255,6 @@ end def verify_recaptcha_v2(remote_ip, private_key, api_recaptcha_verify_uri, g_recaptcha_response) - if g_recaptcha_response == nil return _('Missing captcha data') end @@ -275,8 +273,7 @@ captcha_result["success"] ? true : captcha_result end - def verify_serpro_captcha(client_id, token, captcha_text) - verify_uri = 'http://homcaptcha.servicoscorporativos.serpro.gov.br/captchavalidar/1.0.0/validar' + def verify_serpro_captcha(client_id, token, captcha_text, verify_uri) if token == nil || captcha_text == nil return _('Missing captcha data') end diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb index f3adc32..56a0a54 100644 --- a/lib/noosfero/api/session.rb +++ b/lib/noosfero/api/session.rb @@ -41,7 +41,7 @@ module Noosfero attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR']) - unless test_captcha(remote_ip, params) === true + if test_captcha(remote_ip, params, environment) != true render_api_error!(_('Please solve the test in order to register.'), 401) return end diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 1217741..f9815af 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -163,7 +163,8 @@ class APIHelpersTest < ActiveSupport::TestCase should 'do not test captcha when there are no settings' do environment = Environment.new - assert test_captcha("127.0.0.1", {}, environment) + stubs(:environment).returns(environment) + assert test_captcha("127.0.0.1", {}) end should 'do not test captcha when captcha is disabled on settings' do @@ -171,10 +172,10 @@ class APIHelpersTest < ActiveSupport::TestCase environment.api_captcha_settings = { enabled: false, } - assert test_captcha("127.0.0.1", {}, environment) + stubs(:environment).returns(environment) + assert test_captcha("127.0.0.1", {}) end - should 'fail display recaptcha v1' do environment = Environment.new environment.api_captcha_settings = { @@ -185,7 +186,8 @@ class APIHelpersTest < ActiveSupport::TestCase public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', verify_uri: 'https://www.google.com/recaptcha/api/verify', } - assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" + stubs(:environment).returns(environment) + assert_equal test_captcha("127.0.0.1", {}), "Missing captcha data" end should 'fail display recaptcha v2' do @@ -198,7 +200,19 @@ class APIHelpersTest < ActiveSupport::TestCase public_key: '6LdsWAcTAAAAAChTUUD6yu9fCDhdIZzNd7F53zf-', verify_uri: 'https://www.google.com/recaptcha/api/siteverify', } - assert_equal test_captcha("127.0.0.1", {}, environment), "Missing captcha data" + stubs(:environment).returns(environment) + assert_equal test_captcha("127.0.0.1", {}), "Missing captcha data" + end + + should 'fail display Serpro captcha' do + environment = Environment.new + environment.api_captcha_settings = { + enabled: true, + provider: 'serpro', + serpro_client_id: '0000000000000000', + } + stubs(:environment).returns(environment) + assert_equal test_captcha("127.0.0.1", {}), "Missing captcha data" end protected -- libgit2 0.21.2