From 7cac93ad4e575855581d6046341715c4fd3fe1a1 Mon Sep 17 00:00:00 2001
From: "Dominik M. Kwiatek" <dom@dom.dog>
Date: Fri, 22 May 2020 21:29:22 +0100
Subject: [PATCH] Add hCaptcha

---
 Gemfile                                       |  1 +
 Gemfile.lock                                  | 59 +++++++++++--------
 .../user/registrations_controller.rb          |  7 +++
 app/views/devise/registrations/new.haml       |  2 +
 config/initializers/hcaptcha.rb               |  6 ++
 config/routes.rb                              |  2 +-
 6 files changed, 52 insertions(+), 25 deletions(-)
 create mode 100644 config/initializers/hcaptcha.rb

diff --git a/Gemfile b/Gemfile
index 37b47643..38d55bb3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -40,6 +40,7 @@ gem 'colorize'
 gem 'carrierwave', '~> 2.0'
 gem 'carrierwave_backgrounder', git: 'https://github.com/mltnhm/carrierwave_backgrounder.git'
 gem 'mini_magick'
+gem 'hcaptcha', git: 'https://github.com/firstmoversadvantage/hcaptcha.git'
 
 gem "rolify", "~> 5.2"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 77f43f8d..1075a4d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -10,6 +10,13 @@ GIT
       oauth
       simple_oauth
 
+GIT
+  remote: https://github.com/firstmoversadvantage/hcaptcha.git
+  revision: 531ce4562dd3d29a52497bfe09378ba61a40c98a
+  specs:
+    hcaptcha (6.0.1)
+      json
+
 GIT
   remote: https://github.com/mltnhm/carrierwave_backgrounder.git
   revision: 8fe468957f047ad7039f07679e5952a534d07b6d
@@ -80,14 +87,14 @@ GEM
     autoprefixer-rails (9.7.6)
       execjs
     bcrypt (3.1.13)
-    better_errors (2.6.0)
+    better_errors (2.7.1)
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
     bindex (0.8.1)
     binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
-    bootstrap (4.4.1)
+    bootstrap (4.5.0)
       autoprefixer-rails (>= 9.1.0)
       popper_js (>= 1.14.3, < 2)
       sassc-rails (>= 2.0.0)
@@ -95,14 +102,14 @@ GEM
       jquery-rails (~> 4.2, >= 4.2.0)
       moment-timezone-rails (~> 1.0)
       momentjs-rails (>= 2.10.5, <= 3.0.0)
-    bootstrap_form (4.4.0)
-      actionpack (>= 5.0)
-      activemodel (>= 5.0)
-    brakeman (4.8.1)
+    bootstrap_form (4.5.0)
+      actionpack (>= 5.2)
+      activemodel (>= 5.2)
+    brakeman (4.8.2)
     buftok (0.2.0)
     builder (3.2.4)
-    byebug (11.1.2)
-    capybara (3.32.1)
+    byebug (11.1.3)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -130,7 +137,7 @@ GEM
     concurrent-ruby (1.1.6)
     connection_pool (2.2.2)
     crass (1.0.6)
-    database_cleaner (1.8.4)
+    database_cleaner (1.8.5)
     debug_inspector (0.0.3)
     devise (4.7.1)
       bcrypt (~> 3.0)
@@ -151,10 +158,10 @@ GEM
     erubi (1.9.0)
     excon (0.73.0)
     execjs (2.7.0)
-    factory_bot (5.1.2)
+    factory_bot (5.2.0)
       activesupport (>= 4.2.0)
-    factory_bot_rails (5.1.1)
-      factory_bot (~> 5.1.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
       railties (>= 4.2.0)
     fake_email_validator (1.0.11)
       activemodel
@@ -169,7 +176,7 @@ GEM
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    fog-aws (3.6.2)
+    fog-aws (3.6.5)
       fog-core (~> 2.1)
       fog-json (~> 1.1)
       fog-xml (~> 0.1)
@@ -235,7 +242,7 @@ GEM
       concurrent-ruby (~> 1.0)
     i18n-js (3.0.0.rc10)
       i18n (~> 0.6)
-    image_processing (1.10.3)
+    image_processing (1.11.0)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
     ipaddress (0.8.3)
@@ -244,7 +251,7 @@ GEM
     jquery-minicolors-rails (2.2.6.2)
       jquery-rails
       rails (>= 3.2.8)
-    jquery-rails (4.3.5)
+    jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
@@ -286,7 +293,7 @@ GEM
     method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
+    mime-types-data (3.2020.0512)
     mimemagic (0.3.5)
     mini_magick (4.10.1)
     mini_mime (1.0.2)
@@ -340,7 +347,7 @@ GEM
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.4)
+    public_suffix (4.0.5)
     puma (4.3.5)
       nio4r (~> 2.0)
     rack (2.0.9)
@@ -399,11 +406,11 @@ GEM
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
     rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.5.0)
-    redis (4.1.3)
+    redis (4.1.4)
     regexp_parser (1.7.0)
     remotipart (1.4.4)
     responders (3.0.0)
@@ -411,9 +418,9 @@ GEM
       railties (>= 5.0)
     rexml (3.2.4)
     rolify (5.2.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.1)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-its (1.3.0)
@@ -433,14 +440,17 @@ GEM
     rspec-sidekiq (3.0.3)
       rspec-core (~> 3.0, >= 3.0.0)
       sidekiq (>= 2.4.0)
-    rspec-support (3.9.2)
-    rubocop (0.83.0)
+    rspec-support (3.9.3)
+    rubocop (0.84.0)
       parallel (~> 1.10)
       parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
       rexml
+      rubocop-ast (>= 0.0.3)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.0.3)
+      parser (>= 2.7.0.1)
     ruby-progressbar (1.10.1)
     ruby-vips (2.0.17)
       ffi (~> 1.9)
@@ -567,6 +577,7 @@ DEPENDENCIES
   guard-brakeman
   haml (~> 5.0)
   haml_lint
+  hcaptcha!
   httparty
   i18n-js (= 3.0.0.rc10)
   jbuilder (~> 2.10)
diff --git a/app/controllers/user/registrations_controller.rb b/app/controllers/user/registrations_controller.rb
index 1e01a393..181ae2a3 100644
--- a/app/controllers/user/registrations_controller.rb
+++ b/app/controllers/user/registrations_controller.rb
@@ -1,4 +1,11 @@
 class User::RegistrationsController < Devise::RegistrationsController
+  def create
+    if verify_hcaptcha(model: resource)
+      super
+    else
+      respond_with_navigational(resource){ redirect_to new_user_registration_path }
+    end
+  end
 
   def destroy
     DeletionWorker.perform_async(resource.id)
diff --git a/app/views/devise/registrations/new.haml b/app/views/devise/registrations/new.haml
index cbbafe39..521c3d57 100644
--- a/app/views/devise/registrations/new.haml
+++ b/app/views/devise/registrations/new.haml
@@ -14,6 +14,8 @@
             = f.password_field :password, autocomplete: :off, label: t('views.settings.account.password')
             = f.password_field :password_confirmation, autocomplete: :off, label: t('views.settings.account.password_confirm')
 
+            = hcaptcha_tags
+
             %p= raw t('views.sessions.info', terms: link_to(t('views.general.terms'), terms_path))
             = f.submit 'Sign up', class: 'btn btn-primary mb-3'
 
diff --git a/config/initializers/hcaptcha.rb b/config/initializers/hcaptcha.rb
new file mode 100644
index 00000000..a87c524e
--- /dev/null
+++ b/config/initializers/hcaptcha.rb
@@ -0,0 +1,6 @@
+if APP_CONFIG.dig(:hcaptcha, :enabled)
+  Hcaptcha.configure do |config|
+    config.site_key = APP_CONFIG.dig(:hcaptcha, :site_key)
+    config.secret_key = APP_CONFIG.dig(:hcaptcha, :secret_key)
+  end
+end
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index d9958377..92d57d42 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -52,7 +52,7 @@ Rails.application.routes.draw do
     delete 'sign_out' => 'devise/sessions#destroy', as: :destroy_user_session
     # :registrations
     get 'settings/delete_account' => 'devise/registrations#cancel', as: :cancel_user_registration
-    post '/user/create' => 'devise/registrations#create', as: :user_registration
+    post '/user/create' => 'user/registrations#create', as: :user_registration
     get '/sign_up' => 'devise/registrations#new', as: :new_user_registration
     get '/settings/account' => 'devise/registrations#edit', as: :edit_user_registration
     patch '/settings/account' => 'devise/registrations#update', as: :update_user_registration