Merge pull request #1665 from ClearlyClaire/glitch-soc/features/hcaptcha
Add optional hCaptcha supportlolsob-rspec
commit
7c94eaf269
|
@ -285,3 +285,7 @@ MAX_POLL_OPTION_CHARS=100
|
|||
# Units are in bytes
|
||||
MAX_EMOJI_SIZE=51200
|
||||
MAX_REMOTE_EMOJI_SIZE=204800
|
||||
|
||||
# Optional hCaptcha support
|
||||
# HCAPTCHA_SECRET_KEY=
|
||||
# HCAPTCHA_SITE_KEY=
|
||||
|
|
2
Gemfile
2
Gemfile
|
@ -156,3 +156,5 @@ gem 'concurrent-ruby', require: false
|
|||
gem 'connection_pool', require: false
|
||||
|
||||
gem 'xorcist', '~> 1.1'
|
||||
|
||||
gem 'hcaptcha', '~> 7.1'
|
||||
|
|
|
@ -271,6 +271,8 @@ GEM
|
|||
railties (>= 4.0.1)
|
||||
hashdiff (1.0.1)
|
||||
hashie (4.1.0)
|
||||
hcaptcha (7.1.0)
|
||||
json
|
||||
highline (2.0.3)
|
||||
hiredis (0.6.3)
|
||||
hkdf (0.3.0)
|
||||
|
@ -719,6 +721,7 @@ DEPENDENCIES
|
|||
fog-openstack (~> 0.3)
|
||||
fuubar (~> 2.5)
|
||||
hamlit-rails (~> 0.2)
|
||||
hcaptcha (~> 7.1)
|
||||
hiredis (~> 0.6)
|
||||
htmlentities (~> 4.3)
|
||||
http (~> 5.0)
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Auth::ConfirmationsController < Devise::ConfirmationsController
|
||||
include CaptchaConcern
|
||||
|
||||
layout 'auth'
|
||||
|
||||
before_action :set_body_classes
|
||||
before_action :set_pack
|
||||
before_action :set_confirmation_user!, only: [:show, :confirm_captcha]
|
||||
before_action :require_unconfirmed!
|
||||
|
||||
before_action :extend_csp_for_captcha!, only: [:show, :confirm_captcha]
|
||||
before_action :require_captcha_if_needed!, only: [:show]
|
||||
|
||||
skip_before_action :require_functional!
|
||||
|
||||
def new
|
||||
|
@ -15,8 +21,46 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
|
|||
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
|
||||
end
|
||||
|
||||
def show
|
||||
old_session_values = session.to_hash
|
||||
reset_session
|
||||
session.update old_session_values.except('session_id')
|
||||
|
||||
super
|
||||
end
|
||||
|
||||
def confirm_captcha
|
||||
check_captcha! do |message|
|
||||
flash.now[:alert] = message
|
||||
render :captcha
|
||||
return
|
||||
end
|
||||
|
||||
show
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def require_captcha_if_needed!
|
||||
render :captcha if captcha_required?
|
||||
end
|
||||
|
||||
def set_confirmation_user!
|
||||
# We need to reimplement looking up the user because
|
||||
# Devise::ConfirmationsController#show looks up and confirms in one
|
||||
# step.
|
||||
confirmation_token = params[:confirmation_token]
|
||||
return if confirmation_token.nil?
|
||||
@confirmation_user = User.find_first_by_auth_conditions(confirmation_token: confirmation_token)
|
||||
end
|
||||
|
||||
def captcha_user_bypass?
|
||||
return true if @confirmation_user.nil? || @confirmation_user.confirmed?
|
||||
|
||||
invite = Invite.find(@confirmation_user.invite_id) if @confirmation_user.invite_id.present?
|
||||
invite.present? && !invite.max_uses.nil?
|
||||
end
|
||||
|
||||
def set_pack
|
||||
use_pack 'auth'
|
||||
end
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module CaptchaConcern
|
||||
extend ActiveSupport::Concern
|
||||
include Hcaptcha::Adapters::ViewMethods
|
||||
|
||||
included do
|
||||
helper_method :render_captcha
|
||||
end
|
||||
|
||||
def captcha_available?
|
||||
ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present?
|
||||
end
|
||||
|
||||
def captcha_enabled?
|
||||
captcha_available? && Setting.captcha_enabled
|
||||
end
|
||||
|
||||
def captcha_user_bypass?
|
||||
false
|
||||
end
|
||||
|
||||
def captcha_required?
|
||||
captcha_enabled? && !captcha_user_bypass?
|
||||
end
|
||||
|
||||
def check_captcha!
|
||||
return true unless captcha_required?
|
||||
|
||||
if verify_hcaptcha
|
||||
true
|
||||
else
|
||||
if block_given?
|
||||
message = flash[:hcaptcha_error]
|
||||
flash.delete(:hcaptcha_error)
|
||||
yield message
|
||||
end
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def extend_csp_for_captcha!
|
||||
policy = request.content_security_policy
|
||||
return unless captcha_required? && policy.present?
|
||||
|
||||
%w(script_src frame_src style_src connect_src).each do |directive|
|
||||
values = policy.send(directive)
|
||||
values << 'https://hcaptcha.com' unless values.include?('https://hcaptcha.com') || values.include?('https:')
|
||||
values << 'https://*.hcaptcha.com' unless values.include?('https://*.hcaptcha.com') || values.include?('https:')
|
||||
policy.send(directive, *values)
|
||||
end
|
||||
end
|
||||
|
||||
def render_captcha
|
||||
return unless captcha_required?
|
||||
|
||||
hcaptcha_tags
|
||||
end
|
||||
end
|
|
@ -8,4 +8,8 @@ module Admin::SettingsHelper
|
|||
link = link_to t('admin.site_uploads.delete'), admin_site_upload_path(upload), data: { method: :delete }
|
||||
safe_join([hint, link], '<br/>'.html_safe)
|
||||
end
|
||||
|
||||
def captcha_available?
|
||||
ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present?
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1058,3 +1058,7 @@ code {
|
|||
display: none;
|
||||
}
|
||||
}
|
||||
|
||||
.simple_form .h-captcha {
|
||||
text-align: center;
|
||||
}
|
||||
|
|
|
@ -40,6 +40,7 @@ class Form::AdminSettings
|
|||
noindex
|
||||
outgoing_spoilers
|
||||
require_invite_text
|
||||
captcha_enabled
|
||||
).freeze
|
||||
|
||||
BOOLEAN_KEYS = %i(
|
||||
|
@ -58,6 +59,7 @@ class Form::AdminSettings
|
|||
trendable_by_default
|
||||
noindex
|
||||
require_invite_text
|
||||
captcha_enabled
|
||||
).freeze
|
||||
|
||||
UPLOAD_KEYS = %i(
|
||||
|
|
|
@ -42,7 +42,10 @@
|
|||
|
||||
.fields-group
|
||||
= f.input :require_invite_text, as: :boolean, wrapper: :with_label, label: t('admin.settings.registrations.require_invite_text.title'), hint: t('admin.settings.registrations.require_invite_text.desc_html'), disabled: !approved_registrations?
|
||||
.fields-group
|
||||
|
||||
- if captcha_available?
|
||||
.fields-group
|
||||
= f.input :captcha_enabled, as: :boolean, wrapper: :with_label, label: t('admin.settings.captcha_enabled.title'), hint: t('admin.settings.captcha_enabled.desc_html')
|
||||
|
||||
%hr.spacer/
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
- content_for :page_title do
|
||||
= t('auth.confirm_captcha')
|
||||
|
||||
= form_tag auth_captcha_confirmation_url, method: 'POST', class: 'simple_form' do
|
||||
= hidden_field_tag :confirmation_token, params[:confirmation_token]
|
||||
|
||||
.field-group
|
||||
= render_captcha
|
||||
|
||||
.actions
|
||||
%button.button= t('challenge.continue')
|
|
@ -2,6 +2,9 @@
|
|||
en:
|
||||
admin:
|
||||
settings:
|
||||
captcha_enabled:
|
||||
desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when confirming their email address. This requires third-party scripts from hCaptcha to be embedded in the email verification page, which may have security and privacy concerns. Users that have been invited through a limited-use invite will not need to solve a CAPTCHA challenge.
|
||||
title: Require new users to go through a CAPTCHA to confirm their account
|
||||
enable_keybase:
|
||||
desc_html: Allow your users to prove their identity via keybase
|
||||
title: Enable keybase integration
|
||||
|
@ -17,6 +20,8 @@ en:
|
|||
show_replies_in_public_timelines:
|
||||
desc_html: In addition to public self-replies (threads), show public replies in local and public timelines.
|
||||
title: Show replies in public timelines
|
||||
auth:
|
||||
confirm_captcha: User verification
|
||||
generic:
|
||||
use_this: Use this
|
||||
settings:
|
||||
|
|
|
@ -44,6 +44,7 @@ Rails.application.routes.draw do
|
|||
resource :setup, only: [:show, :update], controller: :setup
|
||||
resource :challenge, only: [:create], controller: :challenges
|
||||
get 'sessions/security_key_options', to: 'sessions#webauthn_options'
|
||||
post 'captcha_confirmation', to: 'confirmations#confirm_captcha', as: :captcha_confirmation
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -77,6 +77,7 @@ defaults: &defaults
|
|||
show_domain_blocks_rationale: 'disabled'
|
||||
outgoing_spoilers: ''
|
||||
require_invite_text: false
|
||||
captcha_enabled: false
|
||||
|
||||
development:
|
||||
<<: *defaults
|
||||
|
|
Loading…
Reference in New Issue