ReCaptcha v3 - almost working

app/controllers/application_controller.rb

@@ -1,3 +1,5 @@
+require 'net/https'
+
 class ApplicationController < BaseController
   protect_from_forgery with: :exception, except: [:do_confirm, :js_error, :admin_update]
 
@@ -6,6 +8,17 @@ class ApplicationController < BaseController
 
   helper_method :protect, :policies
 
+  RECAPTCHA_MINIMUM_SCORE = 0.5
+
+  def verify_recaptcha?(token, recaptcha_action)
+    recaptcha_secret_key = config.app_config['recaptcha_secret_key']
+
+    uri = URI.parse("https://www.google.com/recaptcha/api/siteverify?secret=#{recaptcha_secret_key}&response=#{token}")
+    response = Net::HTTP.get_response(uri)
+    json = JSON.parse(response.body)
+    json['success'] && json['score'] > RECAPTCHA_MINIMUM_SCORE && json['action'] == recaptcha_action
+  end
+
   def default_url_options
     { host: "#{request.protocol}#{request.host_with_port}", trailing_slash: true }
   end

app/helpers/application_helper.rb

@@ -10,6 +10,8 @@ module ApplicationHelper
   include TableHelper
   include AdminHelper
 
+  RECAPTCHA_SITE_KEY = ENV['RECAPTCH_SITE_KEY']
+
   def is_production?
     Rails.env == 'production' || Rails.env == 'preview'
   end
@@ -21,4 +23,26 @@ module ApplicationHelper
   def generate_confirmation(user, url, expiry = nil)
     ApplicationController::generate_confirmation(user, url, expiry)
   end
+  
+  def include_recaptcha_js
+    raw %Q{
+      <script src="https://www.google.com/recaptcha/api.js?render=#{RECAPTCHA_SITE_KEY}"></script>
+    }
+  end
+
+  def recaptcha_execute(action)
+    id = "recaptcha_token_#{SecureRandom.hex(10)}"
+
+    raw %Q{
+      <input name="recaptcha_token" type="hidden" id="#{id}"/>
+      <script>
+        grecaptcha.ready(function() {
+          grecaptcha.execute('#{RECAPTCHA_SITE_KEY}', {action: '#{action}'}).then(function(token) {
+            document.getElementById("#{id}").value = token;
+          });
+        });
+      </script>
+    }
+  end
+
 end

app/views/layouts/application.html.haml

@@ -20,6 +20,7 @@
       %meta{property: 'og:type', content: 'website'}
       %meta{property: 'og:image', content: og_image}
     %meta{name: "theme-color", content: @theme_colour}
+    %script{src: "https://www.google.com/recaptcha/api.js?render=6LcWZFAnAAAAANKko--rHWo2iAkfGdcbkHKtF1-A}" }
     = yield :head
 
   %body{ class: page_style }
@@ -69,6 +70,8 @@
               .message=''
               %button.close=_'modals.done_button'
       - if @login_dlg.present?
+        = content_for :recaptcha_js do
+          = include_recaptcha_js        
         .dlg#login-dlg
           .dlg-content
             %h2.title=_'forms.actions.generic.login'
@@ -77,6 +80,7 @@
                 = hidden_field_tag :dest, settings_path
                 = emailfield :email, nil, big: true
                 = button :continue, value: :confirm_email
+                = recaptcha_execute('sign_in')
               .flex-form
                 = link_to (_'forms.actions.generic.facebook_sign_in','Facebook Sign In'), auth_at_provider_path(provider: :facebook, dest: settings_path), class: [:button, :facebook]
                 %button.close.subdued=_'forms.actions.generic.cancel'

config/app_config.yml

@@ -6,6 +6,8 @@ default: &default
   smtp_password: <%= ENV['SMTP_PASSWORD'] %>
   smtp_ssl: <%= ENV['SMTP_SSL'] %>
   default_url: <%= ENV['DEFAULT_URL'] %>
+  recaptcha_secret_key: <%= ENV['RECAPTCHA_SECRET_KEY'] %>
+  recaptcha_site_key: 'hello'
 
 development:
   <<: *default

docker-compose.yml

@@ -104,6 +104,8 @@ services:
       - ADMIN_EMAIL=${ADMIN_EMAIL:-info@bikebike.org}
       - DEFAULT_URL=${DEFAULT_URL:-bikebike.org}
       - REDIS_URL=redis://redis:6379
+      - RECAPTCHA_SECRET_KEY=${RECAPTCHA_SECRET_KEY:-123456789}
+      - RECAPTCHA_SITE_KEY=${RECAPTCHA_SITE_KEY:-123456789}      
     volumes:
       - bikebikebike:/app/BikeBike
       - bikebikebike_bundle:/usr/local/bundle