Commit 3241d6a86cf8fcd7db73f0d3b9755d2ce02e61c9
Committed by
Rodrigo Souto
1 parent
53f73ac3
Exists in
master
and in
12 other branches
Add captcha checking to forgot_password action
Showing
3 changed files
with
18 additions
and
0 deletions
Show diff stats
app/controllers/public/account_controller.rb
... | ... | @@ -189,6 +189,11 @@ class AccountController < ApplicationController |
189 | 189 | |
190 | 190 | if request.post? |
191 | 191 | begin |
192 | + unless verify_recaptcha | |
193 | + @change_password.errors.add(:base, _('Please type the captcha text correctly')) | |
194 | + return false | |
195 | + end | |
196 | + | |
192 | 197 | requestors = fetch_requestors(params[:value]) |
193 | 198 | raise ActiveRecord::RecordNotFound if requestors.blank? || params[:value].blank? |
194 | 199 | ... | ... |
app/views/account/forgot_password.html.erb
... | ... | @@ -5,6 +5,9 @@ |
5 | 5 | <%= form_tag do %> |
6 | 6 | <%= labelled_form_field fields_label, text_field_tag(:value) %> |
7 | 7 | |
8 | + <h3><%= _('Please type the captcha text below') %></h3> | |
9 | + <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %> | |
10 | + | |
8 | 11 | <div> |
9 | 12 | <% button_bar do %> |
10 | 13 | <%= submit_button('send', _('Send instructions')) %> | ... | ... |
test/functional/account_controller_test.rb
... | ... | @@ -236,6 +236,16 @@ class AccountControllerTest < ActionController::TestCase |
236 | 236 | assert_template 'password_recovery_sent' |
237 | 237 | end |
238 | 238 | |
239 | + should 'not respond to forgotten password change if captcha verification fails' do | |
240 | + create_user('test') | |
241 | + @controller.stubs(:verify_recaptcha).returns(false) | |
242 | + post :forgot_password, :value => 'test' | |
243 | + change = assigns(:change_password) | |
244 | + assert change.errors.has_key?(:base) | |
245 | + assert_response :success | |
246 | + assert_tag :tag => 'div', :attributes => { :id => 'errorExplanation', :class => 'errorExplanation' } | |
247 | + end | |
248 | + | |
239 | 249 | should 'respond to forgotten password change request with email' do |
240 | 250 | change = ChangePassword.new |
241 | 251 | create_user('test', :email => 'test@localhost.localdomain') | ... | ... |