Recaptcha (#3586)

CloCkWeRX · cesy · web-flow · commit 854679431147 · 2024-01-21T15:20:03.000+10:30
* add recaptcha on register view

Update new.html.haml to add it

* Update Gemfile to add recaptcha

* Update env-example to show recaptcha

* More view corrections for recaptcha

* Update registrations_controller.rb to add recaptcha

* Update env-example with test config

* Recaptcha help text

* Fix trailing spaces

* Fix trailing space

* Add Recaptcha to gemfile.lock

* Fixing Gemfile.lock space

* Typo on comments in view

* Update app/views/devise/registrations/new.html.haml

* Fix signup

---------

Co-authored-by: Cesy &lt;cesy.avon@gmail.com&gt;
diff --git a/Gemfile b/Gemfile
@@ -128,6 +128,9 @@ gem 'faraday_middleware'
 
 gem 'rack-cors'
 
+# for signups as requested by email service
+gem 'recaptcha'
+
 # External APIs for data
 gem "gbifrb"
 
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -477,6 +477,7 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    recaptcha (5.15.0)
     redis-client (0.18.0)
       connection_pool
     regexp_parser (2.9.0)
@@ -718,6 +719,7 @@ DEPENDENCIES
   rails-controller-testing
   rails_12factor
   rake (>= 10.0.0)
+  recaptcha
   responders
   rspec-activemodel-mocks
   rspec-rails
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
@@ -3,6 +3,8 @@
 class RegistrationsController < Devise::RegistrationsController
   respond_to :json
 
+  prepend_before_action :check_captcha, only: [:create] # Change this to be any actions you want to protect with recaptcha.
+
   def edit
     @twitter_auth  = current_member.auth('twitter')
     @flickr_auth   = current_member.auth('flickr')
@@ -46,6 +48,25 @@ def destroy
       render "edit"
     end
   end
+
+  private
+
+  def sign_up_params
+    params.require(:member).permit(:login_name, :email, :tos_agreement, :newsletter, :password, :password_confirmation)
+  end
+
+  def check_captcha
+    return if verify_recaptcha # verify_recaptcha(action: 'signup') for v3
+
+    self.resource = resource_class.new sign_up_params
+    resource.validate # Look for any other validation errors besides reCAPTCHA
+    set_minimum_password_length
+
+    respond_with_navigational(resource) do
+      flash.discard(:recaptcha_error) # We need to discard flash to avoid showing it on the next page reload
+      render :new
+    end
+  end
 end
 
 # check if we need the current password to update fields
diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml
@@ -3,9 +3,10 @@
     %h1 Join #{ENV['GROWSTUFF_SITE_NAME']}
     .card-body
       %p Sign up for a #{ENV['GROWSTUFF_SITE_NAME']} account to track your vegetable garden and connect with other local growers.
+      %p If you have accessibility issues with the captcha, please contact us via the links in the footer and we will help.
 
     = bootstrap_form_for(resource, as: resource_name, url: registration_path(resource_name),
-        html: { class: "text-center border border-light p-5" }) do |f|
+        html: { class: "text-center border border-light p-5", data: { turbo: false } }) do |f|
       = render 'devise/shared/error_messages', resource: resource
 
       = f.text_field :login_name
@@ -28,4 +29,9 @@
 
       = f.submit "Sign up", class: 'btn btn-block btn-success'
 
+      -# START add reCAPTCHA
+      = flash[:recaptcha_error]
+      = recaptcha_tags
+      -# END add reCAPTCHA
+
     .card-footer= render "devise/shared/links"
diff --git a/env-example b/env-example
@@ -10,7 +10,7 @@
 # include:
 #   mapbox_map_id
 
-# To use it, copy application.yml.example to application.yml (which is
+# To use it, copy env-example.yml or application.yml.example to application.yml (which is
 # .gitignored) and fill in the appropriate values.
 
 # Settings in this file will be available to you as ENV['WHATEVER']
@@ -59,3 +59,14 @@ GROWSTUFF_ELASTICSEARCH="true"
 GROWSTUFF_EMAIL='noreply@dev.growstuff.org'
 ELASTIC_SEARCH_VERSION="7.5.1-amd64"
 
+# We also now use SMTP2GO in prod and Mailgun in staging
+# and recaptcha to solve our email issues after SendGrid stopped working
+MAILGUN_SMTP_LOGIN=""
+MAILGUN_SMTP_PASSWORD=""
+MAILGUN_SMTP_PORT=""
+MAILGUN_SMTP_SERVER=""
+# These recaptcha values are the official Google test ones from
+# https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha.-what-should-i-do
+# In production, replace them with real ones
+RECAPTCHA_SITE_KEY="6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
+RECAPTCHA_SECRET_KEY="6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
