Merge branch 'feature/adding_sign_up_captcha' of https://code.gab.com/gab/social/gab-social into develop
This commit is contained in:
commit
6b6cd76bb2
|
@ -224,3 +224,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
|
|||
# SAML_UID_ATTRIBUTE="urn:oid:0.9.2342.19200300.100.1.1"
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||||
|
||||
# Gab Captcha
|
||||
GAB_CAPTCHA_SECRET_KEY=
|
||||
GAB_CAPTCHA_CLIENT_KEY=
|
|
@ -231,3 +231,7 @@ STREAMING_CLUSTER_NUM=1
|
|||
# http_proxy=http://gateway.local:8118
|
||||
# Access control for hidden service.
|
||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||
|
||||
# Gab Captcha
|
||||
GAB_CAPTCHA_SECRET_KEY=
|
||||
GAB_CAPTCHA_CLIENT_KEY=
|
|
@ -3,26 +3,22 @@
|
|||
class Auth::RegistrationsController < Devise::RegistrationsController
|
||||
layout :determine_layout
|
||||
|
||||
before_action :set_challenge, only: [:new]
|
||||
before_action :check_enabled_registrations, only: [:new, :create]
|
||||
before_action :configure_sign_up_params, only: [:create]
|
||||
before_action :set_sessions, only: [:edit, :update]
|
||||
before_action :set_instance_presenter, only: [:new, :create, :update]
|
||||
before_action :set_body_classes, only: [:new, :create, :edit, :update]
|
||||
before_action :set_cache_headers, only: [:edit, :update]
|
||||
prepend_before_action :check_captcha, only: [:create]
|
||||
|
||||
def new
|
||||
set_challenge_buster
|
||||
super
|
||||
end
|
||||
|
||||
def create
|
||||
if session[:challenge_answer].to_s == params[:user][:challenge].to_s.strip
|
||||
# Reset after, may be errors to return and this ensures its still visible
|
||||
set_challenge
|
||||
super
|
||||
else
|
||||
return false
|
||||
end
|
||||
set_challenge_buster
|
||||
super
|
||||
end
|
||||
|
||||
def destroy
|
||||
|
@ -66,6 +62,18 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
|||
|
||||
private
|
||||
|
||||
def check_captcha
|
||||
unless passed_challenge?(params["gab-captcha-st"], params[:user])
|
||||
self.resource = resource_class.new configure_sign_up_params
|
||||
resource.validate # Look for any other validation errors besides reCAPTCHA
|
||||
flash[:captcha_error] = "Incorrect text. Please try again."
|
||||
set_challenge_buster
|
||||
respond_with_navigational(resource) {
|
||||
redirect_to new_user_registration_path
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
def set_instance_presenter
|
||||
@instance_presenter = InstancePresenter.new
|
||||
end
|
||||
|
@ -74,10 +82,37 @@ class Auth::RegistrationsController < Devise::RegistrationsController
|
|||
@body_classes = %w(edit update).include?(action_name) ? 'admin' : ''
|
||||
end
|
||||
|
||||
def set_challenge
|
||||
@challenge_add_1 = rand(0...9)
|
||||
@challenge_add_2 = rand(0...9)
|
||||
session[:challenge_answer] = @challenge_add_1 + @challenge_add_2
|
||||
def set_challenge_buster
|
||||
@challenge_buster = SecureRandom.hex
|
||||
end
|
||||
|
||||
def passed_challenge?(serverToken, userParams)
|
||||
# Log if captcha keys not present in ENV
|
||||
if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
|
||||
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_CLIENT_KEY is undefined"
|
||||
end
|
||||
|
||||
# Log and return false is captcha key is not present. This will disallow anyone from signing up
|
||||
if ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_SECRET_KEY', '').nil?
|
||||
Rails.logger.debug "RegistrationsController: GAB_CAPTCHA_SECRET_KEY is undefined"
|
||||
return false
|
||||
end
|
||||
|
||||
typedChallenge = userParams[:challenge]
|
||||
username = userParams[:account_attributes][:username]
|
||||
|
||||
return false if serverToken.nil? || serverToken.empty? || typedChallenge.nil? || typedChallenge.empty?
|
||||
|
||||
Request.new(:post, "https://captcha.gab.com/captcha/#{serverToken}/verify", form: {
|
||||
"serverKey" => ENV.fetch('GAB_CAPTCHA_SECRET_KEY', ''),
|
||||
"value" => typedChallenge,
|
||||
"username" => username,
|
||||
"ip" => request.env['REMOTE_ADDR']
|
||||
}).perform do |res|
|
||||
body = JSON.parse(res.body_with_limit)
|
||||
result = !!body["success"]
|
||||
return result
|
||||
end
|
||||
end
|
||||
|
||||
def determine_layout
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
= render partial: 'shared/og'
|
||||
|
||||
= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
|
||||
%h2.form-title Sign up for Gab
|
||||
%div{style: "display:flex;flex-direction:row;height:36px;width:100%;align-items:center;margin-bottom:15px;"}
|
||||
%h2.form-title{style: "padding:0;margin:0 auto;"} Sign up for Gab
|
||||
|
||||
= render 'shared/error_messages', object: resource
|
||||
|
||||
|
@ -22,8 +23,11 @@
|
|||
.fields-group
|
||||
= f.input :password_confirmation, wrapper: :with_label, label: t('simple_form.labels.defaults.confirm_password'), required: true, input_html: { 'aria-label' => t('simple_form.labels.defaults.confirm_password'), :autocomplete => 'off' }
|
||||
|
||||
.fields-group
|
||||
= f.input :challenge, wrapper: :with_label, label: "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2} = ", required: true, input_html: { 'aria-label' => "Are you a human? What is #{@challenge_add_1} + #{@challenge_add_2}", :autocomplete => 'off' }
|
||||
.fields-group{style: "flex-direction:column;"}
|
||||
= f.input :challenge, wrapper: :with_label, label: "Are you a human? Enter the text below.", required: true, input_html: { 'aria-label' => "Are you a human? Enter the text below.", :autocomplete => 'off' }
|
||||
%span{style: "margin-top:5px;font-size:12px;color:red;"}= flash[:captcha_error]
|
||||
%div#gab-captcha{style: "display:block;position:relative;width:240px;height:100px;margin-top:10px;border-radius:6px;overflow:hidden;border:1px solid #ccc;"}
|
||||
%span{style:"display:block;position:absolute;line-height:100px;width:240px;height:100px;top:0;left:0;right:0;bottom:0;text-align:center;color:#ccc;"} • • •
|
||||
|
||||
.fields-group-agreement
|
||||
= f.input :agreement, as: :boolean, wrapper: :with_label, label: t('auth.checkbox_agreement_html', about_tos_path: about_tos_path)
|
||||
|
@ -32,3 +36,6 @@
|
|||
= f.button :button, t('auth.register'), type: :submit
|
||||
|
||||
.form-footer= render 'auth/shared/links'
|
||||
|
||||
|
||||
%script{src: "https://captcha.gab.com/captcha/#{ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '')}/challenge.js?b=#{@challenge_buster}", type: "application/javascript" }
|
||||
|
|
Loading…
Reference in New Issue