Fix CAPTCHA page not following design pattern of sign-up flow (#25395)

lolsob-rspec
Eugen Rochko 2023-06-13 22:30:40 +02:00 committed by GitHub
parent 6e0c48cbe8
commit 239ee4f5d1
4 changed files with 16 additions and 6 deletions

View File

@ -2,6 +2,7 @@
module CaptchaConcern module CaptchaConcern
extend ActiveSupport::Concern extend ActiveSupport::Concern
include Hcaptcha::Adapters::ViewMethods include Hcaptcha::Adapters::ViewMethods
included do included do
@ -35,18 +36,22 @@ module CaptchaConcern
flash.delete(:hcaptcha_error) flash.delete(:hcaptcha_error)
yield message yield message
end end
false false
end end
end end
def extend_csp_for_captcha! def extend_csp_for_captcha!
policy = request.content_security_policy policy = request.content_security_policy
return unless captcha_required? && policy.present? return unless captcha_required? && policy.present?
%w(script_src frame_src style_src connect_src).each do |directive| %w(script_src frame_src style_src connect_src).each do |directive|
values = policy.send(directive) values = policy.send(directive)
values << 'https://hcaptcha.com' unless values.include?('https://hcaptcha.com') || values.include?('https:') values << 'https://hcaptcha.com' unless values.include?('https://hcaptcha.com') || values.include?('https:')
values << 'https://*.hcaptcha.com' unless values.include?('https://*.hcaptcha.com') || values.include?('https:') values << 'https://*.hcaptcha.com' unless values.include?('https://*.hcaptcha.com') || values.include?('https:')
policy.send(directive, *values) policy.send(directive, *values)
end end
end end

View File

@ -1048,7 +1048,9 @@ code {
} }
.simple_form .h-captcha { .simple_form .h-captcha {
text-align: center; display: flex;
justify-content: center;
margin-bottom: 30px;
} }
.permissions-list { .permissions-list {

View File

@ -7,10 +7,12 @@
= hidden_field_tag :confirmation_token, params[:confirmation_token] = hidden_field_tag :confirmation_token, params[:confirmation_token]
= hidden_field_tag :redirect_to_app, params[:redirect_to_app] = hidden_field_tag :redirect_to_app, params[:redirect_to_app]
%h1.title= t('auth.captcha_confirmation.title')
%p.lead= t('auth.captcha_confirmation.hint_html') %p.lead= t('auth.captcha_confirmation.hint_html')
.field-group
= render_captcha = render_captcha
%p.lead= t('auth.captcha_confirmation.help_html', email: mail_to(Setting.site_contact_email, nil))
.actions .actions
%button.button= t('challenge.confirm') = button_tag t('challenge.confirm'), class: 'button', type: :submit

View File

@ -993,8 +993,9 @@ en:
auth: auth:
apply_for_account: Request an account apply_for_account: Request an account
captcha_confirmation: captcha_confirmation:
hint_html: Just one more step! To confirm your account, this server requires you to solve a CAPTCHA. You can <a href="/about/more">contact the server administrator</a> if you have questions or need assistance with confirming your account. help_html: If you have issues solving the CAPTCHA, you can get in touch with us through %{email} and we can assist you.
title: User verification hint_html: Just one more thing! We need to confirm you're a human (this is so we can keep the spam out!). Solve the CAPTCHA below and click "Continue".
title: Security check
change_password: Password change_password: Password
confirmations: confirmations:
wrong_email_hint: If that e-mail address is not correct, you can change it in account settings. wrong_email_hint: If that e-mail address is not correct, you can change it in account settings.