Merge pull request #119 from Retrospring/feature/hcaptcha

This commit is contained in:
Dominik M. Kwiatek 2020-05-27 22:51:01 +01:00 committed by GitHub
commit 0336651f30
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 179 additions and 31 deletions

View File

@ -40,6 +40,7 @@ gem 'colorize'
gem 'carrierwave', '~> 2.0'
gem 'carrierwave_backgrounder', git: 'https://github.com/mltnhm/carrierwave_backgrounder.git'
gem 'mini_magick'
gem 'hcaptcha', git: 'https://github.com/firstmoversadvantage/hcaptcha.git'
gem "rolify", "~> 5.2"
@ -87,6 +88,7 @@ gem 'puma'
group :development, :test do
gem 'rake'
gem 'rspec-mocks'
gem 'rspec-rails', '~> 3.9'
gem 'rspec-its', '~> 1.3'
gem "rspec-sidekiq", "~> 3.0", require: false

View File

@ -10,6 +10,13 @@ GIT
oauth
simple_oauth
GIT
remote: https://github.com/firstmoversadvantage/hcaptcha.git
revision: 531ce4562dd3d29a52497bfe09378ba61a40c98a
specs:
hcaptcha (6.0.1)
json
GIT
remote: https://github.com/mltnhm/carrierwave_backgrounder.git
revision: 8fe468957f047ad7039f07679e5952a534d07b6d
@ -80,14 +87,14 @@ GEM
autoprefixer-rails (9.7.6)
execjs
bcrypt (3.1.13)
better_errors (2.6.0)
better_errors (2.7.1)
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
bindex (0.8.1)
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
bootstrap (4.4.1)
bootstrap (4.5.0)
autoprefixer-rails (>= 9.1.0)
popper_js (>= 1.14.3, < 2)
sassc-rails (>= 2.0.0)
@ -95,14 +102,14 @@ GEM
jquery-rails (~> 4.2, >= 4.2.0)
moment-timezone-rails (~> 1.0)
momentjs-rails (>= 2.10.5, <= 3.0.0)
bootstrap_form (4.4.0)
actionpack (>= 5.0)
activemodel (>= 5.0)
brakeman (4.8.1)
bootstrap_form (4.5.0)
actionpack (>= 5.2)
activemodel (>= 5.2)
brakeman (4.8.2)
buftok (0.2.0)
builder (3.2.4)
byebug (11.1.2)
capybara (3.32.1)
byebug (11.1.3)
capybara (3.32.2)
addressable
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
@ -130,7 +137,7 @@ GEM
concurrent-ruby (1.1.6)
connection_pool (2.2.2)
crass (1.0.6)
database_cleaner (1.8.4)
database_cleaner (1.8.5)
debug_inspector (0.0.3)
devise (4.7.1)
bcrypt (~> 3.0)
@ -151,10 +158,10 @@ GEM
erubi (1.9.0)
excon (0.73.0)
execjs (2.7.0)
factory_bot (5.1.2)
factory_bot (5.2.0)
activesupport (>= 4.2.0)
factory_bot_rails (5.1.1)
factory_bot (~> 5.1.0)
factory_bot_rails (5.2.0)
factory_bot (~> 5.2.0)
railties (>= 4.2.0)
fake_email_validator (1.0.11)
activemodel
@ -169,7 +176,7 @@ GEM
ffi-compiler (1.0.1)
ffi (>= 1.0.0)
rake
fog-aws (3.6.2)
fog-aws (3.6.5)
fog-core (~> 2.1)
fog-json (~> 1.1)
fog-xml (~> 0.1)
@ -235,7 +242,7 @@ GEM
concurrent-ruby (~> 1.0)
i18n-js (3.0.0.rc10)
i18n (~> 0.6)
image_processing (1.10.3)
image_processing (1.11.0)
mini_magick (>= 4.9.5, < 5)
ruby-vips (>= 2.0.17, < 3)
ipaddress (0.8.3)
@ -244,7 +251,7 @@ GEM
jquery-minicolors-rails (2.2.6.2)
jquery-rails
rails (>= 3.2.8)
jquery-rails (4.3.5)
jquery-rails (4.4.0)
rails-dom-testing (>= 1, < 3)
railties (>= 4.2.0)
thor (>= 0.14, < 2.0)
@ -286,7 +293,7 @@ GEM
method_source (1.0.0)
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2019.1009)
mime-types-data (3.2020.0512)
mimemagic (0.3.5)
mini_magick (4.10.1)
mini_mime (1.0.2)
@ -340,7 +347,7 @@ GEM
pry (0.13.1)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (4.0.4)
public_suffix (4.0.5)
puma (4.3.5)
nio4r (~> 2.0)
rack (2.0.9)
@ -399,11 +406,11 @@ GEM
thor (>= 0.19.0, < 2.0)
rainbow (3.0.0)
rake (13.0.1)
rb-fsevent (0.10.3)
rb-fsevent (0.10.4)
rb-inotify (0.10.1)
ffi (~> 1.0)
redcarpet (3.5.0)
redis (4.1.3)
redis (4.1.4)
regexp_parser (1.7.0)
remotipart (1.4.4)
responders (3.0.0)
@ -411,9 +418,9 @@ GEM
railties (>= 5.0)
rexml (3.2.4)
rolify (5.2.0)
rspec-core (3.9.1)
rspec-support (~> 3.9.1)
rspec-expectations (3.9.1)
rspec-core (3.9.2)
rspec-support (~> 3.9.3)
rspec-expectations (3.9.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-its (1.3.0)
@ -433,14 +440,17 @@ GEM
rspec-sidekiq (3.0.3)
rspec-core (~> 3.0, >= 3.0.0)
sidekiq (>= 2.4.0)
rspec-support (3.9.2)
rubocop (0.83.0)
rspec-support (3.9.3)
rubocop (0.84.0)
parallel (~> 1.10)
parser (>= 2.7.0.1)
rainbow (>= 2.2.2, < 4.0)
rexml
rubocop-ast (>= 0.0.3)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 2.0)
rubocop-ast (0.0.3)
parser (>= 2.7.0.1)
ruby-progressbar (1.10.1)
ruby-vips (2.0.17)
ffi (~> 1.9)
@ -567,6 +577,7 @@ DEPENDENCIES
guard-brakeman
haml (~> 5.0)
haml_lint
hcaptcha!
httparty
i18n-js (= 3.0.0.rc10)
jbuilder (~> 2.10)
@ -598,6 +609,7 @@ DEPENDENCIES
redis
rolify (~> 5.2)
rspec-its (~> 1.3)
rspec-mocks
rspec-rails (~> 3.9)
rspec-sidekiq (~> 3.0)
ruby-progressbar

View File

@ -1,4 +1,11 @@
class User::RegistrationsController < Devise::RegistrationsController
def create
if captcha_valid?
super
else
respond_with_navigational(resource){ redirect_to new_user_registration_path }
end
end
def destroy
DeletionWorker.perform_async(resource.id)
@ -7,4 +14,13 @@ class User::RegistrationsController < Devise::RegistrationsController
yield resource if block_given?
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
end
private
def captcha_valid?
# If the captcha isn't enabled, treat it as being correct
return true unless APP_CONFIG.dig(:hcaptcha, :enabled)
verify_hcaptcha
end
end

View File

@ -6,7 +6,7 @@
.card-body
%h1 Resend confirmation instructions
= bootstrap_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= f.text_field :screen_name, autofocus: true, label: 'User name'
= f.submit 'Resend confirmation instructions', class: 'btn btn-primary mb-3'

View File

@ -6,7 +6,7 @@
.card-body
%h1 Change your password
= bootstrap_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= f.hidden_field :reset_password_token

View File

@ -6,7 +6,7 @@
.card-body
%h1 Forgot your password?
= bootstrap_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f|
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= f.email_field :email, autofocus: true, label: 'Email address'
= f.submit 'Send me password reset instructions', class: 'btn btn-primary mb-3'

View File

@ -6,7 +6,8 @@
.card-body
%h1= t('views.sessions.new')
= bootstrap_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= render 'layouts/messages'
= f.text_field :screen_name, autofocus: true, label: t('views.settings.account.username')
= f.email_field :email, autofocus: false, label: t('views.settings.account.email')
@ -14,6 +15,9 @@
= f.password_field :password, autocomplete: :off, label: t('views.settings.account.password')
= f.password_field :password_confirmation, autocomplete: :off, label: t('views.settings.account.password_confirm')
- if APP_CONFIG.dig(:hcaptcha, :enabled)
= hcaptcha_tags
%p= raw t('views.sessions.info', terms: link_to(t('views.general.terms'), terms_path))
= f.submit 'Sign up', class: 'btn btn-primary mb-3'

View File

@ -4,7 +4,7 @@
= render 'layouts/messages'
= bootstrap_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= f.email_field :email, autofocus: true, label: 'Email address'

View File

@ -3,7 +3,7 @@
= bootstrap_form_for(resource, as: resource_name, url: '/settings/account', html: { method: :put }) do |f|
= render 'modal/password', f: f
= devise_error_messages!
= render 'devise/shared/error_messages', resource: resource
= f.text_field :screen_name, autofocus: true, label: t('views.settings.account.username')

View File

@ -0,0 +1,6 @@
return unless APP_CONFIG.dig(:hcaptcha, :enabled)
Hcaptcha.configure do |config|
config.site_key = APP_CONFIG.dig(:hcaptcha, :site_key)
config.secret_key = APP_CONFIG.dig(:hcaptcha, :secret_key)
end

View File

@ -62,3 +62,9 @@ admins:
# host: 's3.wherever.com'
# bucket name, required
# directory: 'retrospring'
# hCaptcha -- get keys from https://www.hcaptcha.com/
hcaptcha:
enabled: false
site_key: ''
secret_key: ''

View File

@ -52,7 +52,7 @@ Rails.application.routes.draw do
delete 'sign_out' => 'devise/sessions#destroy', as: :destroy_user_session
# :registrations
get 'settings/delete_account' => 'devise/registrations#cancel', as: :cancel_user_registration
post '/user/create' => 'devise/registrations#create', as: :user_registration
post '/user/create' => 'user/registrations#create', as: :user_registration
get '/sign_up' => 'devise/registrations#new', as: :new_user_registration
get '/settings/account' => 'devise/registrations#edit', as: :edit_user_registration
patch '/settings/account' => 'devise/registrations#update', as: :update_user_registration

View File

@ -0,0 +1,102 @@
# frozen_string_literal: true
require "rails_helper"
describe User::RegistrationsController, type: :controller do
before do
@request.env["devise.mapping"] = Devise.mappings[:user]
end
describe "#create" do
context "valid user sign up" do
before do
allow(APP_CONFIG).to receive(:dig).with(:hcaptcha, :enabled).and_return(true)
allow(controller).to receive(:verify_hcaptcha).and_return(captcha_successful)
end
let :registration_params do
{
user: {
screen_name: 'dio',
email: 'the-world-21@somewhere.everywhere',
password: 'AReallySecurePassword456!',
password_confirmation: 'AReallySecurePassword456!'
}
}
end
subject { post :create, params: registration_params }
context "when captcha is invalid" do
let(:captcha_successful) { false }
it "doesn't allow a registration with an invalid captcha" do
expect { subject }.not_to(change { User.count })
expect(response).to redirect_to :new_user_registration
end
end
context "when captcha is valid" do
let(:captcha_successful) { true }
it "creates a user" do
allow(controller).to receive(:verify_hcaptcha).and_return(true)
expect { subject }.to change { User.count }.by(1)
end
end
end
context "invalid user sign up" do
before do
allow(APP_CONFIG).to receive(:dig).with(:hcaptcha, :enabled).and_return(false)
end
subject { post :create, params: registration_params }
context "when registration params are empty" do
let(:registration_params) do
{
user: {
screen_name: '',
email: '',
password: '',
password_confirmation: ''
}
}
end
it "does not create a user" do
expect { subject }.not_to(change { User.count })
end
end
context "when username contains invalid characters" do
let(:registration_params) { {
user: {
screen_name: 'Dio Brando',
email: 'the-world-21@somewhere.everywhere',
password: 'AReallySecurePassword456!',
password_confirmation: 'AReallySecurePassword456!'
}
} }
it "does not create a user" do
expect { subject }.not_to(change { User.count })
end
end
context "when username is forbidden" do
let(:registration_params) { {
user: {
screen_name: 'inbox',
email: 'the-world-21@somewhere.everywhere',
password: 'AReallySecurePassword456!',
password_confirmation: 'AReallySecurePassword456!'
}
} }
it "does not create a user" do
expect { subject }.not_to(change { User.count })
end
end
end
end
end