Download as
Browse Code »

Commit 3241d6a86cf8fcd7db73f0d3b9755d2ce02e61c9

Authored by Ábner Silva de Oliveira
Committed by Rodrigo Souto
1 parent 53f73ac3
Exists in master and in 12 other branches add_member_task_reject_details, admin_visible_profile, community_notifications, fix_sign_up_form, forum_topic_creation, new_security, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes, send_email_to_admins, stable-spb-1.5, web_steps_improvements

Add captcha checking to forgot_password action

Showing 3 changed files with 18 additions and 0 deletions   Show diff stats
app/controllers/public/account_controller.rb
  Diff comments   View file @3241d6a
@@ -189,6 +189,11 @@ class AccountController < ApplicationController @@ -189,6 +189,11 @@ class AccountController < ApplicationController
189 189
190 if request.post? 190 if request.post?
191 begin 191 begin
  192 + unless verify_recaptcha
  193 + @change_password.errors.add(:base, _('Please type the captcha text correctly'))
  194 + return false
  195 + end
  196 +
192 requestors = fetch_requestors(params[:value]) 197 requestors = fetch_requestors(params[:value])
193 raise ActiveRecord::RecordNotFound if requestors.blank? || params[:value].blank? 198 raise ActiveRecord::RecordNotFound if requestors.blank? || params[:value].blank?
194 199
app/views/account/forgot_password.html.erb
  Diff comments   View file @3241d6a
@@ -5,6 +5,9 @@ @@ -5,6 +5,9 @@
5 <%= form_tag do %> 5 <%= form_tag do %>
6 <%= labelled_form_field fields_label, text_field_tag(:value) %> 6 <%= labelled_form_field fields_label, text_field_tag(:value) %>
7 7
  8 + <h3><%= _('Please type the captcha text below') %></h3>
  9 + <%= recaptcha_tags(:display => { :theme => 'clean' }, :ajax => true) %>
  10 +
8 <div> 11 <div>
9 <% button_bar do %> 12 <% button_bar do %>
10 <%= submit_button('send', _('Send instructions')) %> 13 <%= submit_button('send', _('Send instructions')) %>
test/functional/account_controller_test.rb
  Diff comments   View file @3241d6a
@@ -236,6 +236,16 @@ class AccountControllerTest &lt; ActionController::TestCase @@ -236,6 +236,16 @@ class AccountControllerTest &lt; ActionController::TestCase
236 assert_template 'password_recovery_sent' 236 assert_template 'password_recovery_sent'
237 end 237 end
238 238
  239 + should 'not respond to forgotten password change if captcha verification fails' do
  240 + create_user('test')
  241 + @controller.stubs(:verify_recaptcha).returns(false)
  242 + post :forgot_password, :value => 'test'
  243 + change = assigns(:change_password)
  244 + assert change.errors.has_key?(:base)
  245 + assert_response :success
  246 + assert_tag :tag => 'div', :attributes => { :id => 'errorExplanation', :class => 'errorExplanation' }
  247 + end
  248 +
239 should 'respond to forgotten password change request with email' do 249 should 'respond to forgotten password change request with email' do
240 change = ChangePassword.new 250 change = ChangePassword.new
241 create_user('test', :email => 'test@localhost.localdomain') 251 create_user('test', :email => 'test@localhost.localdomain')