From 62ab342136677da27d5eac5061d1bd34d7368094 Mon Sep 17 00:00:00 2001 From: Kevin Custer Date: Tue, 18 Aug 2020 17:26:37 -0400 Subject: [PATCH 1/2] Add recaptcha v3 to registrations. Closes #114 --- Gemfile | 1 + Gemfile.lock | 6 ++++- app/controllers/registrations_controller.rb | 27 +++++++++++++++++++ .../components/_formNew.html.erb | 8 +++++- config/application.yml.sample | 4 ++- config/routes.rb | 2 +- yarn.lock | 24 ++++++++--------- 7 files changed, 56 insertions(+), 16 deletions(-) create mode 100644 app/controllers/registrations_controller.rb diff --git a/Gemfile b/Gemfile index 86bb708..61d483d 100644 --- a/Gemfile +++ b/Gemfile @@ -20,6 +20,7 @@ gem 'pagy', '~> 3.8.2' gem 'pg', '~> 1.2.3' gem 'puma', '~> 4.3.5' gem 'rails', '~> 6.0.3.2' +gem 'recaptcha' gem 'redis', '>= 4.0', require: ['redis', 'redis/connection/hiredis'] gem 'stimulus_reflex', '~> 3.2.3' gem 'webpacker', '~> 5.1.1' diff --git a/Gemfile.lock b/Gemfile.lock index f68a08f..895d614 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,7 +64,7 @@ GEM public_suffix (>= 2.0.2, < 5.0) ast (2.4.1) aws-eventstream (1.1.0) - aws-partitions (1.356.0) + aws-partitions (1.357.0) aws-sdk-core (3.104.3) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -134,6 +134,7 @@ GEM i18n (1.8.5) concurrent-ruby (~> 1.0) jmespath (1.4.0) + json (2.3.1) launchy (2.5.0) addressable (~> 2.7) letter_opener (1.7.0) @@ -214,6 +215,8 @@ GEM rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) + recaptcha (5.5.0) + json redis (4.2.1) regexp_parser (1.7.1) request_store (1.5.0) @@ -324,6 +327,7 @@ DEPENDENCIES puma (~> 4.3.5) rails (~> 6.0.3.2) rails-controller-testing (~> 1.0.4) + recaptcha redis (>= 4.0) rspec-rails (~> 4.0.1) rubocop diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb new file mode 100644 index 0000000..63ccf19 --- /dev/null +++ b/app/controllers/registrations_controller.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class RegistrationsController < Devise::RegistrationsController + prepend_before_action :check_captcha, only: [:create] # Change this to be any actions you want to protect. + + private + + def check_captcha + success = verify_recaptcha(action: 'registration', minimum_score: 0.5) + checkbox_success = verify_recaptcha unless success + if success || checkbox_success + + else + if !success + @show_checkbox_recaptcha = true + end + render 'new' + end + + # unless verify_recaptcha + # self.resource = resource_class.new sign_up_params + # resource.validate # Look for any other validation errors besides reCAPTCHA + # set_minimum_password_length + # respond_with_navigational(resource) { render :new } + # end + end +end diff --git a/app/views/devise/registrations/components/_formNew.html.erb b/app/views/devise/registrations/components/_formNew.html.erb index a9d1409..1a1414b 100644 --- a/app/views/devise/registrations/components/_formNew.html.erb +++ b/app/views/devise/registrations/components/_formNew.html.erb @@ -115,7 +115,13 @@ - + <%= flash[:recaptcha_error] %> + <% if @show_checkbox_recaptcha %> + <%= recaptcha_tags %> + <% else %> + <%= recaptcha_v3(action: 'registration') %> + <% end %> + diff --git a/config/application.yml.sample b/config/application.yml.sample index a1e3965..baffd54 100644 --- a/config/application.yml.sample +++ b/config/application.yml.sample @@ -11,4 +11,6 @@ S3_HOST_NAME: MAILER_ADDRESS: MAILER_PORT: "" MAILER_USER: -MAILER_PASSWORD: \ No newline at end of file +MAILER_PASSWORD: +RECAPTCHA_SITE_KEY: +RECAPTCHA_SECRET_KEY: \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 3f1c9ed..98c2225 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true Rails.application.routes.draw do - devise_for :users + devise_for :users, controllers: { registrations: 'registrations' } get 'accounts/inactive' => 'accounts#inactive' diff --git a/yarn.lock b/yarn.lock index 6cc74e5..e6afc18 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1820,9 +1820,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001111: - version "1.0.30001114" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001114.tgz#2e88119afb332ead5eaa330e332e951b1c4bfea9" - integrity sha512-ml/zTsfNBM+T1+mjglWRPgVsu2L76GAaADKX5f4t0pbhttEp0WMawJsHDYlFkVZkoA+89uvBRrVrEE4oqenzXQ== + version "1.0.30001116" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001116.tgz#f3a3dea347f9294a3bdc4292309039cc84117fb8" + integrity sha512-f2lcYnmAI5Mst9+g0nkMIznFGsArRmZ0qU+dnq8l91hymdc2J3SFbiPhOJEeDqC1vtE8nc1qNQyklzB8veJefQ== case-sensitive-paths-webpack-plugin@^2.3.0: version "2.3.0" @@ -2667,9 +2667,9 @@ ee-first@1.1.1: integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= electron-to-chromium@^1.3.523: - version "1.3.533" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.533.tgz#d7e5ca4d57e9bc99af87efbe13e7be5dde729b0f" - integrity sha512-YqAL+NXOzjBnpY+dcOKDlZybJDCOzgsq4koW3fvyty/ldTmsb4QazZpOWmVvZ2m0t5jbBf7L0lIGU3BUipwG+A== + version "1.3.536" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.536.tgz#78a4ff753111283489f3b6ad19664902245ab876" + integrity sha512-aU16nvH8/zNNeFIQ7H2SKRQlJ/srw7mCn/JDj2ImWUA7Lk2+3zJFpDGJNP2qRxPAZsC+qgnlgNTYIvT6EOdJFQ== elliptic@^6.5.3: version "6.5.3" @@ -6001,9 +6001,9 @@ querystring@0.2.0: integrity sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA= querystringify@^2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.1.1.tgz#60e5a5fd64a7f8bfa4d2ab2ed6fdf4c85bad154e" - integrity sha512-w7fLxIRCRT7U8Qu53jQnJyPkYZIaR4n5151KMfcJlO/A9397Wxb1amJvROTK6TOnp7PfoAmg/qXiNHI+08jRfA== + version "2.2.0" + resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.2.0.tgz#3345941b4153cb9d082d8eee4cda2016a9aef7f6" + integrity sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ== randombytes@^2.0.0, randombytes@^2.0.1, randombytes@^2.0.5, randombytes@^2.1.0: version "2.1.0" @@ -7045,9 +7045,9 @@ terser@^4.1.2: source-map-support "~0.5.12" terser@^5.0.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/terser/-/terser-5.1.0.tgz#1f4ab81c8619654fdded51f3157b001e1747281d" - integrity sha512-pwC1Jbzahz1ZPU87NQ8B3g5pKbhyJSiHih4gLH6WZiPU8mmS1IlGbB0A2Nuvkj/LCNsgIKctg6GkYwWCeTvXZQ== + version "5.2.0" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.2.0.tgz#e547d0b20926b321d3e524bf9e5bc1b10ba2f360" + integrity sha512-nZ9TWhBznZdlww3borgJyfQDrxzpgd0RlRNoxR63tMVry01lIH/zKQDTTiaWRMGowydfvSHMgyiGyn6A9PSkCQ== dependencies: commander "^2.20.0" source-map "~0.6.1" From a3ecd79a04a40b429b79622ba46400d415a5d368 Mon Sep 17 00:00:00 2001 From: Kevin Custer Date: Tue, 18 Aug 2020 18:14:49 -0400 Subject: [PATCH 2/2] Switch to reCAPTCHA v2. Closes #114 --- CHANGELOG.md | 8 ++++++- app/controllers/registrations_controller.rb | 21 +++++-------------- .../components/_formNew.html.erb | 12 +++++------ config/application.rb | 2 +- 4 files changed, 19 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f369656..950e43a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] changes +## [v1.7.2] - 2020-08-18 + +### New +- User registration now requires passing reCAPTCHA. This is to further prevent spam registrations. + ## [v1.7.1] - 2020-08-17 ### New @@ -226,7 +231,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Account overview with list of all accounts and balances for each -[Unreleased]: https://github.com/odinsride/olubalance/compare/v1.7.1...develop +[Unreleased]: https://github.com/odinsride/olubalance/compare/v1.7.2...develop +[v1.7.1]: https://github.com/odinsride/olubalance/compare/v1.7.1...v1.7.2 [v1.7.1]: https://github.com/odinsride/olubalance/compare/v1.7.0...v1.7.1 [v1.7.0]: https://github.com/odinsride/olubalance/compare/v1.6.4...v1.7.0 [v1.6.4]: https://github.com/odinsride/olubalance/compare/v1.6.3...v1.6.4 diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 63ccf19..21506b7 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -6,22 +6,11 @@ class RegistrationsController < Devise::RegistrationsController private def check_captcha - success = verify_recaptcha(action: 'registration', minimum_score: 0.5) - checkbox_success = verify_recaptcha unless success - if success || checkbox_success - - else - if !success - @show_checkbox_recaptcha = true - end - render 'new' + unless verify_recaptcha + self.resource = resource_class.new sign_up_params + resource.validate # Look for any other validation errors besides reCAPTCHA + set_minimum_password_length + respond_with_navigational(resource) { render :new } end - - # unless verify_recaptcha - # self.resource = resource_class.new sign_up_params - # resource.validate # Look for any other validation errors besides reCAPTCHA - # set_minimum_password_length - # respond_with_navigational(resource) { render :new } - # end end end diff --git a/app/views/devise/registrations/components/_formNew.html.erb b/app/views/devise/registrations/components/_formNew.html.erb index 1a1414b..4536fca 100644 --- a/app/views/devise/registrations/components/_formNew.html.erb +++ b/app/views/devise/registrations/components/_formNew.html.erb @@ -115,12 +115,12 @@ - <%= flash[:recaptcha_error] %> - <% if @show_checkbox_recaptcha %> - <%= recaptcha_tags %> - <% else %> - <%= recaptcha_v3(action: 'registration') %> - <% end %> +
+
+ <%= flash[:recaptcha_error] %> + <%= recaptcha_tags %> +
+
diff --git a/config/application.rb b/config/application.rb index 6282b33..2d6977f 100644 --- a/config/application.rb +++ b/config/application.rb @@ -23,7 +23,7 @@ class Application < Rails::Application config.load_defaults 6.0 # olubalance Version - config.version = "1.7.1" + config.version = "1.7.2" # Settings in config/environments/* take precedence over those specified here. # Application configuration can go into files in config/initializers