Merge pull request #119 from Retrospring/feature/hcaptcha
This commit is contained in:
commit
0336651f30
2
Gemfile
2
Gemfile
|
@ -40,6 +40,7 @@ gem 'colorize'
|
|||
gem 'carrierwave', '~> 2.0'
|
||||
gem 'carrierwave_backgrounder', git: 'https://github.com/mltnhm/carrierwave_backgrounder.git'
|
||||
gem 'mini_magick'
|
||||
gem 'hcaptcha', git: 'https://github.com/firstmoversadvantage/hcaptcha.git'
|
||||
|
||||
gem "rolify", "~> 5.2"
|
||||
|
||||
|
@ -87,6 +88,7 @@ gem 'puma'
|
|||
|
||||
group :development, :test do
|
||||
gem 'rake'
|
||||
gem 'rspec-mocks'
|
||||
gem 'rspec-rails', '~> 3.9'
|
||||
gem 'rspec-its', '~> 1.3'
|
||||
gem "rspec-sidekiq", "~> 3.0", require: false
|
||||
|
|
60
Gemfile.lock
60
Gemfile.lock
|
@ -10,6 +10,13 @@ GIT
|
|||
oauth
|
||||
simple_oauth
|
||||
|
||||
GIT
|
||||
remote: https://github.com/firstmoversadvantage/hcaptcha.git
|
||||
revision: 531ce4562dd3d29a52497bfe09378ba61a40c98a
|
||||
specs:
|
||||
hcaptcha (6.0.1)
|
||||
json
|
||||
|
||||
GIT
|
||||
remote: https://github.com/mltnhm/carrierwave_backgrounder.git
|
||||
revision: 8fe468957f047ad7039f07679e5952a534d07b6d
|
||||
|
@ -80,14 +87,14 @@ GEM
|
|||
autoprefixer-rails (9.7.6)
|
||||
execjs
|
||||
bcrypt (3.1.13)
|
||||
better_errors (2.6.0)
|
||||
better_errors (2.7.1)
|
||||
coderay (>= 1.0.0)
|
||||
erubi (>= 1.0.0)
|
||||
rack (>= 0.9.0)
|
||||
bindex (0.8.1)
|
||||
binding_of_caller (0.8.0)
|
||||
debug_inspector (>= 0.0.1)
|
||||
bootstrap (4.4.1)
|
||||
bootstrap (4.5.0)
|
||||
autoprefixer-rails (>= 9.1.0)
|
||||
popper_js (>= 1.14.3, < 2)
|
||||
sassc-rails (>= 2.0.0)
|
||||
|
@ -95,14 +102,14 @@ GEM
|
|||
jquery-rails (~> 4.2, >= 4.2.0)
|
||||
moment-timezone-rails (~> 1.0)
|
||||
momentjs-rails (>= 2.10.5, <= 3.0.0)
|
||||
bootstrap_form (4.4.0)
|
||||
actionpack (>= 5.0)
|
||||
activemodel (>= 5.0)
|
||||
brakeman (4.8.1)
|
||||
bootstrap_form (4.5.0)
|
||||
actionpack (>= 5.2)
|
||||
activemodel (>= 5.2)
|
||||
brakeman (4.8.2)
|
||||
buftok (0.2.0)
|
||||
builder (3.2.4)
|
||||
byebug (11.1.2)
|
||||
capybara (3.32.1)
|
||||
byebug (11.1.3)
|
||||
capybara (3.32.2)
|
||||
addressable
|
||||
mini_mime (>= 0.1.3)
|
||||
nokogiri (~> 1.8)
|
||||
|
@ -130,7 +137,7 @@ GEM
|
|||
concurrent-ruby (1.1.6)
|
||||
connection_pool (2.2.2)
|
||||
crass (1.0.6)
|
||||
database_cleaner (1.8.4)
|
||||
database_cleaner (1.8.5)
|
||||
debug_inspector (0.0.3)
|
||||
devise (4.7.1)
|
||||
bcrypt (~> 3.0)
|
||||
|
@ -151,10 +158,10 @@ GEM
|
|||
erubi (1.9.0)
|
||||
excon (0.73.0)
|
||||
execjs (2.7.0)
|
||||
factory_bot (5.1.2)
|
||||
factory_bot (5.2.0)
|
||||
activesupport (>= 4.2.0)
|
||||
factory_bot_rails (5.1.1)
|
||||
factory_bot (~> 5.1.0)
|
||||
factory_bot_rails (5.2.0)
|
||||
factory_bot (~> 5.2.0)
|
||||
railties (>= 4.2.0)
|
||||
fake_email_validator (1.0.11)
|
||||
activemodel
|
||||
|
@ -169,7 +176,7 @@ GEM
|
|||
ffi-compiler (1.0.1)
|
||||
ffi (>= 1.0.0)
|
||||
rake
|
||||
fog-aws (3.6.2)
|
||||
fog-aws (3.6.5)
|
||||
fog-core (~> 2.1)
|
||||
fog-json (~> 1.1)
|
||||
fog-xml (~> 0.1)
|
||||
|
@ -235,7 +242,7 @@ GEM
|
|||
concurrent-ruby (~> 1.0)
|
||||
i18n-js (3.0.0.rc10)
|
||||
i18n (~> 0.6)
|
||||
image_processing (1.10.3)
|
||||
image_processing (1.11.0)
|
||||
mini_magick (>= 4.9.5, < 5)
|
||||
ruby-vips (>= 2.0.17, < 3)
|
||||
ipaddress (0.8.3)
|
||||
|
@ -244,7 +251,7 @@ GEM
|
|||
jquery-minicolors-rails (2.2.6.2)
|
||||
jquery-rails
|
||||
rails (>= 3.2.8)
|
||||
jquery-rails (4.3.5)
|
||||
jquery-rails (4.4.0)
|
||||
rails-dom-testing (>= 1, < 3)
|
||||
railties (>= 4.2.0)
|
||||
thor (>= 0.14, < 2.0)
|
||||
|
@ -286,7 +293,7 @@ GEM
|
|||
method_source (1.0.0)
|
||||
mime-types (3.3.1)
|
||||
mime-types-data (~> 3.2015)
|
||||
mime-types-data (3.2019.1009)
|
||||
mime-types-data (3.2020.0512)
|
||||
mimemagic (0.3.5)
|
||||
mini_magick (4.10.1)
|
||||
mini_mime (1.0.2)
|
||||
|
@ -340,7 +347,7 @@ GEM
|
|||
pry (0.13.1)
|
||||
coderay (~> 1.1)
|
||||
method_source (~> 1.0)
|
||||
public_suffix (4.0.4)
|
||||
public_suffix (4.0.5)
|
||||
puma (4.3.5)
|
||||
nio4r (~> 2.0)
|
||||
rack (2.0.9)
|
||||
|
@ -399,11 +406,11 @@ GEM
|
|||
thor (>= 0.19.0, < 2.0)
|
||||
rainbow (3.0.0)
|
||||
rake (13.0.1)
|
||||
rb-fsevent (0.10.3)
|
||||
rb-fsevent (0.10.4)
|
||||
rb-inotify (0.10.1)
|
||||
ffi (~> 1.0)
|
||||
redcarpet (3.5.0)
|
||||
redis (4.1.3)
|
||||
redis (4.1.4)
|
||||
regexp_parser (1.7.0)
|
||||
remotipart (1.4.4)
|
||||
responders (3.0.0)
|
||||
|
@ -411,9 +418,9 @@ GEM
|
|||
railties (>= 5.0)
|
||||
rexml (3.2.4)
|
||||
rolify (5.2.0)
|
||||
rspec-core (3.9.1)
|
||||
rspec-support (~> 3.9.1)
|
||||
rspec-expectations (3.9.1)
|
||||
rspec-core (3.9.2)
|
||||
rspec-support (~> 3.9.3)
|
||||
rspec-expectations (3.9.2)
|
||||
diff-lcs (>= 1.2.0, < 2.0)
|
||||
rspec-support (~> 3.9.0)
|
||||
rspec-its (1.3.0)
|
||||
|
@ -433,14 +440,17 @@ GEM
|
|||
rspec-sidekiq (3.0.3)
|
||||
rspec-core (~> 3.0, >= 3.0.0)
|
||||
sidekiq (>= 2.4.0)
|
||||
rspec-support (3.9.2)
|
||||
rubocop (0.83.0)
|
||||
rspec-support (3.9.3)
|
||||
rubocop (0.84.0)
|
||||
parallel (~> 1.10)
|
||||
parser (>= 2.7.0.1)
|
||||
rainbow (>= 2.2.2, < 4.0)
|
||||
rexml
|
||||
rubocop-ast (>= 0.0.3)
|
||||
ruby-progressbar (~> 1.7)
|
||||
unicode-display_width (>= 1.4.0, < 2.0)
|
||||
rubocop-ast (0.0.3)
|
||||
parser (>= 2.7.0.1)
|
||||
ruby-progressbar (1.10.1)
|
||||
ruby-vips (2.0.17)
|
||||
ffi (~> 1.9)
|
||||
|
@ -567,6 +577,7 @@ DEPENDENCIES
|
|||
guard-brakeman
|
||||
haml (~> 5.0)
|
||||
haml_lint
|
||||
hcaptcha!
|
||||
httparty
|
||||
i18n-js (= 3.0.0.rc10)
|
||||
jbuilder (~> 2.10)
|
||||
|
@ -598,6 +609,7 @@ DEPENDENCIES
|
|||
redis
|
||||
rolify (~> 5.2)
|
||||
rspec-its (~> 1.3)
|
||||
rspec-mocks
|
||||
rspec-rails (~> 3.9)
|
||||
rspec-sidekiq (~> 3.0)
|
||||
ruby-progressbar
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
class User::RegistrationsController < Devise::RegistrationsController
|
||||
def create
|
||||
if captcha_valid?
|
||||
super
|
||||
else
|
||||
respond_with_navigational(resource){ redirect_to new_user_registration_path }
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
DeletionWorker.perform_async(resource.id)
|
||||
|
@ -7,4 +14,13 @@ class User::RegistrationsController < Devise::RegistrationsController
|
|||
yield resource if block_given?
|
||||
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def captcha_valid?
|
||||
# If the captcha isn't enabled, treat it as being correct
|
||||
return true unless APP_CONFIG.dig(:hcaptcha, :enabled)
|
||||
|
||||
verify_hcaptcha
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
.card-body
|
||||
%h1 Resend confirmation instructions
|
||||
= bootstrap_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
|
||||
= f.text_field :screen_name, autofocus: true, label: 'User name'
|
||||
= f.submit 'Resend confirmation instructions', class: 'btn btn-primary mb-3'
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
.card-body
|
||||
%h1 Change your password
|
||||
= bootstrap_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
|
||||
= f.hidden_field :reset_password_token
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
.card-body
|
||||
%h1 Forgot your password?
|
||||
= bootstrap_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f|
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
|
||||
= f.email_field :email, autofocus: true, label: 'Email address'
|
||||
= f.submit 'Send me password reset instructions', class: 'btn btn-primary mb-3'
|
||||
|
|
|
@ -6,7 +6,8 @@
|
|||
.card-body
|
||||
%h1= t('views.sessions.new')
|
||||
= bootstrap_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
= render 'layouts/messages'
|
||||
|
||||
= f.text_field :screen_name, autofocus: true, label: t('views.settings.account.username')
|
||||
= f.email_field :email, autofocus: false, label: t('views.settings.account.email')
|
||||
|
@ -14,6 +15,9 @@
|
|||
= f.password_field :password, autocomplete: :off, label: t('views.settings.account.password')
|
||||
= f.password_field :password_confirmation, autocomplete: :off, label: t('views.settings.account.password_confirm')
|
||||
|
||||
- if APP_CONFIG.dig(:hcaptcha, :enabled)
|
||||
= hcaptcha_tags
|
||||
|
||||
%p= raw t('views.sessions.info', terms: link_to(t('views.general.terms'), terms_path))
|
||||
= f.submit 'Sign up', class: 'btn btn-primary mb-3'
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
= render 'layouts/messages'
|
||||
|
||||
= bootstrap_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
|
||||
= f.email_field :email, autofocus: true, label: 'Email address'
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
= bootstrap_form_for(resource, as: resource_name, url: '/settings/account', html: { method: :put }) do |f|
|
||||
= render 'modal/password', f: f
|
||||
|
||||
= devise_error_messages!
|
||||
= render 'devise/shared/error_messages', resource: resource
|
||||
|
||||
= f.text_field :screen_name, autofocus: true, label: t('views.settings.account.username')
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
return unless APP_CONFIG.dig(:hcaptcha, :enabled)
|
||||
|
||||
Hcaptcha.configure do |config|
|
||||
config.site_key = APP_CONFIG.dig(:hcaptcha, :site_key)
|
||||
config.secret_key = APP_CONFIG.dig(:hcaptcha, :secret_key)
|
||||
end
|
|
@ -62,3 +62,9 @@ admins:
|
|||
# host: 's3.wherever.com'
|
||||
# bucket name, required
|
||||
# directory: 'retrospring'
|
||||
|
||||
# hCaptcha -- get keys from https://www.hcaptcha.com/
|
||||
hcaptcha:
|
||||
enabled: false
|
||||
site_key: ''
|
||||
secret_key: ''
|
||||
|
|
|
@ -52,7 +52,7 @@ Rails.application.routes.draw do
|
|||
delete 'sign_out' => 'devise/sessions#destroy', as: :destroy_user_session
|
||||
# :registrations
|
||||
get 'settings/delete_account' => 'devise/registrations#cancel', as: :cancel_user_registration
|
||||
post '/user/create' => 'devise/registrations#create', as: :user_registration
|
||||
post '/user/create' => 'user/registrations#create', as: :user_registration
|
||||
get '/sign_up' => 'devise/registrations#new', as: :new_user_registration
|
||||
get '/settings/account' => 'devise/registrations#edit', as: :edit_user_registration
|
||||
patch '/settings/account' => 'devise/registrations#update', as: :update_user_registration
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require "rails_helper"
|
||||
|
||||
describe User::RegistrationsController, type: :controller do
|
||||
before do
|
||||
@request.env["devise.mapping"] = Devise.mappings[:user]
|
||||
end
|
||||
|
||||
describe "#create" do
|
||||
context "valid user sign up" do
|
||||
before do
|
||||
allow(APP_CONFIG).to receive(:dig).with(:hcaptcha, :enabled).and_return(true)
|
||||
allow(controller).to receive(:verify_hcaptcha).and_return(captcha_successful)
|
||||
end
|
||||
|
||||
let :registration_params do
|
||||
{
|
||||
user: {
|
||||
screen_name: 'dio',
|
||||
email: 'the-world-21@somewhere.everywhere',
|
||||
password: 'AReallySecurePassword456!',
|
||||
password_confirmation: 'AReallySecurePassword456!'
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
subject { post :create, params: registration_params }
|
||||
|
||||
context "when captcha is invalid" do
|
||||
let(:captcha_successful) { false }
|
||||
it "doesn't allow a registration with an invalid captcha" do
|
||||
expect { subject }.not_to(change { User.count })
|
||||
expect(response).to redirect_to :new_user_registration
|
||||
end
|
||||
end
|
||||
|
||||
context "when captcha is valid" do
|
||||
let(:captcha_successful) { true }
|
||||
it "creates a user" do
|
||||
allow(controller).to receive(:verify_hcaptcha).and_return(true)
|
||||
expect { subject }.to change { User.count }.by(1)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context "invalid user sign up" do
|
||||
before do
|
||||
allow(APP_CONFIG).to receive(:dig).with(:hcaptcha, :enabled).and_return(false)
|
||||
end
|
||||
|
||||
subject { post :create, params: registration_params }
|
||||
|
||||
context "when registration params are empty" do
|
||||
let(:registration_params) do
|
||||
{
|
||||
user: {
|
||||
screen_name: '',
|
||||
email: '',
|
||||
password: '',
|
||||
password_confirmation: ''
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it "does not create a user" do
|
||||
expect { subject }.not_to(change { User.count })
|
||||
end
|
||||
end
|
||||
|
||||
context "when username contains invalid characters" do
|
||||
let(:registration_params) { {
|
||||
user: {
|
||||
screen_name: 'Dio Brando',
|
||||
email: 'the-world-21@somewhere.everywhere',
|
||||
password: 'AReallySecurePassword456!',
|
||||
password_confirmation: 'AReallySecurePassword456!'
|
||||
}
|
||||
} }
|
||||
|
||||
it "does not create a user" do
|
||||
expect { subject }.not_to(change { User.count })
|
||||
end
|
||||
end
|
||||
|
||||
context "when username is forbidden" do
|
||||
let(:registration_params) { {
|
||||
user: {
|
||||
screen_name: 'inbox',
|
||||
email: 'the-world-21@somewhere.everywhere',
|
||||
password: 'AReallySecurePassword456!',
|
||||
password_confirmation: 'AReallySecurePassword456!'
|
||||
}
|
||||
} }
|
||||
|
||||
it "does not create a user" do
|
||||
expect { subject }.not_to(change { User.count })
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue