Add captcha checking to forgot_password action

Ábner Silva de Oliveira · Rodrigo Souto
1 parent 53f73ac3
Showing 3 changed files with 18 additions and 0 deletions Show diff stats
app/controllers/public/account_controller.rb
app/views/account/forgot_password.html.erb
test/functional/account_controller_test.rb
@@ -189,6 +189,11 @@ class AccountController &lt; ApplicationController
  
     if request.post?
       begin
+        unless verify_recaptcha
+          @change_password.errors.add(:base, _('Please type the captcha text correctly'))
+          return false
+        end
+
         requestors = fetch_requestors(params[:value])
         raise ActiveRecord::RecordNotFound if requestors.blank? || params[:value].blank?
  
@@ -5,6 +5,9 @@
 <%= form_tag do %>
   <%= labelled_form_field fields_label, text_field_tag(:value) %>
  
+  <h3><%= _('Please type the captcha text below') %></h3>
+  <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
+
   <div>
     <% button_bar do %>
       <%= submit_button('send', _('Send instructions')) %>
@@ -236,6 +236,16 @@ class AccountControllerTest &lt; ActionController::TestCase
     assert_template 'password_recovery_sent'
   end
  
+  should 'not respond to forgotten password change if captcha verification fails' do
+    create_user('test')
+    @controller.stubs(:verify_recaptcha).returns(false)
+    post :forgot_password, :value => 'test'
+    change = assigns(:change_password)
+    assert change.errors.has_key?(:base)
+    assert_response :success
+    assert_tag :tag => 'div', :attributes => { :id => 'errorExplanation', :class => 'errorExplanation' }
+  end
+
   should 'respond to forgotten password change request with email' do
     change = ChangePassword.new
     create_user('test', :email => 'test@localhost.localdomain')
...	...	@@ -189,6 +189,11 @@ class AccountController < ApplicationController
189	189
190	190	if request.post?
191	191	begin
	192	+ unless verify_recaptcha
	193	+ @change_password.errors.add(:base, _('Please type the captcha text correctly'))
	194	+ return false
	195	+ end
	196	+
192	197	requestors = fetch_requestors(params[:value])
193	198	raise ActiveRecord::RecordNotFound if requestors.blank? \|\| params[:value].blank?
194	199
...	...
...	...	@@ -5,6 +5,9 @@
5	5	<%= form_tag do %>
6	6	<%= labelled_form_field fields_label, text_field_tag(:value) %>
7	7
	8	+ <h3><%= _('Please type the captcha text below') %></h3>
	9	+ <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
	10	+
8	11	<div>
9	12	<% button_bar do %>
10	13	<%= submit_button('send', _('Send instructions')) %>
...	...
...	...	@@ -236,6 +236,16 @@ class AccountControllerTest < ActionController::TestCase
236	236	assert_template 'password_recovery_sent'
237	237	end
238	238
	239	+ should 'not respond to forgotten password change if captcha verification fails' do
	240	+ create_user('test')
	241	+ @controller.stubs(:verify_recaptcha).returns(false)
	242	+ post :forgot_password, :value => 'test'
	243	+ change = assigns(:change_password)
	244	+ assert change.errors.has_key?(:base)
	245	+ assert_response :success
	246	+ assert_tag :tag => 'div', :attributes => { :id => 'errorExplanation', :class => 'errorExplanation' }
	247	+ end
	248	+
239	249	should 'respond to forgotten password change request with email' do
240	250	change = ChangePassword.new
241	251	create_user('test', :email => 'test@localhost.localdomain')
...	...