Browse Source

ReCaptcha v3 - almost working

master
Jonathan Rosenbaum 1 year ago
parent
commit
32b3904c39
  1. 13
      app/controllers/application_controller.rb
  2. 24
      app/helpers/application_helper.rb
  3. 8
      app/views/layouts/application.html.haml
  4. 2
      config/app_config.yml
  5. 2
      docker-compose.yml

13
app/controllers/application_controller.rb

@ -1,3 +1,5 @@
require 'net/https'
class ApplicationController < BaseController class ApplicationController < BaseController
protect_from_forgery with: :exception, except: [:do_confirm, :js_error, :admin_update] protect_from_forgery with: :exception, except: [:do_confirm, :js_error, :admin_update]
@ -6,6 +8,17 @@ class ApplicationController < BaseController
helper_method :protect, :policies helper_method :protect, :policies
RECAPTCHA_MINIMUM_SCORE = 0.5
def verify_recaptcha?(token, recaptcha_action)
recaptcha_secret_key = config.app_config['recaptcha_secret_key']
uri = URI.parse("https://www.google.com/recaptcha/api/siteverify?secret=#{recaptcha_secret_key}&response=#{token}")
response = Net::HTTP.get_response(uri)
json = JSON.parse(response.body)
json['success'] && json['score'] > RECAPTCHA_MINIMUM_SCORE && json['action'] == recaptcha_action
end
def default_url_options def default_url_options
{ host: "#{request.protocol}#{request.host_with_port}", trailing_slash: true } { host: "#{request.protocol}#{request.host_with_port}", trailing_slash: true }
end end

24
app/helpers/application_helper.rb

@ -10,6 +10,8 @@ module ApplicationHelper
include TableHelper include TableHelper
include AdminHelper include AdminHelper
RECAPTCHA_SITE_KEY = ENV['RECAPTCH_SITE_KEY']
def is_production? def is_production?
Rails.env == 'production' || Rails.env == 'preview' Rails.env == 'production' || Rails.env == 'preview'
end end
@ -21,4 +23,26 @@ module ApplicationHelper
def generate_confirmation(user, url, expiry = nil) def generate_confirmation(user, url, expiry = nil)
ApplicationController::generate_confirmation(user, url, expiry) ApplicationController::generate_confirmation(user, url, expiry)
end end
def include_recaptcha_js
raw %Q{
<script src="https://www.google.com/recaptcha/api.js?render=#{RECAPTCHA_SITE_KEY}"></script>
}
end
def recaptcha_execute(action)
id = "recaptcha_token_#{SecureRandom.hex(10)}"
raw %Q{
<input name="recaptcha_token" type="hidden" id="#{id}"/>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('#{RECAPTCHA_SITE_KEY}', {action: '#{action}'}).then(function(token) {
document.getElementById("#{id}").value = token;
});
});
</script>
}
end
end end

8
app/views/layouts/application.html.haml

@ -20,6 +20,7 @@
%meta{property: 'og:type', content: 'website'} %meta{property: 'og:type', content: 'website'}
%meta{property: 'og:image', content: og_image} %meta{property: 'og:image', content: og_image}
%meta{name: "theme-color", content: @theme_colour} %meta{name: "theme-color", content: @theme_colour}
%script{src: "https://www.google.com/recaptcha/api.js?render=6LcWZFAnAAAAANKko--rHWo2iAkfGdcbkHKtF1-A}" }
= yield :head = yield :head
%body{ class: page_style } %body{ class: page_style }
@ -53,7 +54,7 @@
.dlg-inner .dlg-inner
%p.message='' %p.message=''
%a.button.confirm=_'modals.yes_button' %a.button.confirm=_'modals.yes_button'
%button.delete.close=_'modals.no_button' %button.delete.close=_'modals.no_button'
- if @info_dlg.present? - if @info_dlg.present?
.dlg#info-dlg .dlg#info-dlg
.dlg-content .dlg-content
@ -69,6 +70,8 @@
.message='' .message=''
%button.close=_'modals.done_button' %button.close=_'modals.done_button'
- if @login_dlg.present? - if @login_dlg.present?
= content_for :recaptcha_js do
= include_recaptcha_js
.dlg#login-dlg .dlg#login-dlg
.dlg-content .dlg-content
%h2.title=_'forms.actions.generic.login' %h2.title=_'forms.actions.generic.login'
@ -77,10 +80,11 @@
= hidden_field_tag :dest, settings_path = hidden_field_tag :dest, settings_path
= emailfield :email, nil, big: true = emailfield :email, nil, big: true
= button :continue, value: :confirm_email = button :continue, value: :confirm_email
= recaptcha_execute('sign_in')
.flex-form .flex-form
= link_to (_'forms.actions.generic.facebook_sign_in','Facebook Sign In'), auth_at_provider_path(provider: :facebook, dest: settings_path), class: [:button, :facebook] = link_to (_'forms.actions.generic.facebook_sign_in','Facebook Sign In'), auth_at_provider_path(provider: :facebook, dest: settings_path), class: [:button, :facebook]
%button.close.subdued=_'forms.actions.generic.cancel' %button.close.subdued=_'forms.actions.generic.cancel'
- if @event_dlg.present? - if @event_dlg.present?
.event-dlg#event-dlg{ data: { type: :event } } .event-dlg#event-dlg{ data: { type: :event } }
.event-details .event-details

2
config/app_config.yml

@ -6,6 +6,8 @@ default: &default
smtp_password: <%= ENV['SMTP_PASSWORD'] %> smtp_password: <%= ENV['SMTP_PASSWORD'] %>
smtp_ssl: <%= ENV['SMTP_SSL'] %> smtp_ssl: <%= ENV['SMTP_SSL'] %>
default_url: <%= ENV['DEFAULT_URL'] %> default_url: <%= ENV['DEFAULT_URL'] %>
recaptcha_secret_key: <%= ENV['RECAPTCHA_SECRET_KEY'] %>
recaptcha_site_key: 'hello'
development: development:
<<: *default <<: *default

2
docker-compose.yml

@ -104,6 +104,8 @@ services:
- ADMIN_EMAIL=${ADMIN_EMAIL:-info@bikebike.org} - ADMIN_EMAIL=${ADMIN_EMAIL:-info@bikebike.org}
- DEFAULT_URL=${DEFAULT_URL:-bikebike.org} - DEFAULT_URL=${DEFAULT_URL:-bikebike.org}
- REDIS_URL=redis://redis:6379 - REDIS_URL=redis://redis:6379
- RECAPTCHA_SECRET_KEY=${RECAPTCHA_SECRET_KEY:-123456789}
- RECAPTCHA_SITE_KEY=${RECAPTCHA_SITE_KEY:-123456789}
volumes: volumes:
- bikebikebike:/app/BikeBike - bikebikebike:/app/BikeBike
- bikebikebike_bundle:/usr/local/bundle - bikebikebike_bundle:/usr/local/bundle

Loading…
Cancel
Save