Merge pull request #338 from cydrobolt/feature/recaptcha

Implement optional reCAPTCHA for registrations
2024-09-19 15:11:40 +02:00 · 2017-05-17 21:39:21 -04:00 · 2017-05-17 21:39:21 -04:00 · 475a1ba5a3
commit 475a1ba5a3
parent 3c669ee1ca 53128c11b4
8 changed files with 121 additions and 3 deletions
--- a/app/Http/Controllers/SetupController.php
+++ b/app/Http/Controllers/SetupController.php
@ -102,6 +102,10 @@ class SetupController extends Controller {
            ]);
        }

+        $polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha');
+        $polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key');
+        $polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key');
+
        $acct_username = $request->input('acct:username');
        $acct_email = $request->input('acct:email');
        $acct_password = $request->input('acct:password');
@ -154,12 +158,15 @@ class SetupController extends Controller {
            'ST_PUBLIC_INTERFACE' => $st_public_interface,
            'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation,
            'POLR_ACCT_ACTIVATION' => $polr_acct_activation,
+            'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha,
            'ST_SHORTEN_PERMISSION' => $st_shorten_permission,
            'ST_INDEX_REDIRECT' => $st_index_redirect,
            'ST_REDIRECT_404' => $st_redirect_404,
            'ST_PASSWORD_RECOV' => $st_password_recov,
            'ST_RESTRICT_EMAIL_DOMAIN' => $st_restrict_email_domain,
            'ST_ALLOWED_EMAIL_DOMAINS' => $st_allowed_email_domains,
+            'POLR_RECAPTCHA_SITE_KEY' => $polr_recaptcha_site_key,
+            'POLR_RECAPTCHA_SECRET' => $polr_recaptcha_secret_key,

            'MAIL_ENABLED' => $mail_enabled,
            'MAIL_HOST' => $mail_host,
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -57,6 +57,18 @@ class UserController extends Controller {
            return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.');
        }

+        if (env('POLR_ACCT_CREATION_RECAPTCHA')) {
+            // Verify reCAPTCHA if setting is enabled
+            $gRecaptchaResponse = $request->input('g-recaptcha-response');
+
+            $recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY'));
+            $recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip());
+
+            if (!$recaptcha_resp->isSuccess()) {
+                return redirect(route('signup'))->with('error', 'You must complete the reCAPTCHA to register.');
+            }
+        }
+
        // Validate signup form data
        $this->validate($request, [
            'username' => 'required|alpha_dash',
--- a/composer.json
+++ b/composer.json
@ -14,7 +14,8 @@
        "torann/geoip": "^1.0",
        "geoip2/geoip2": "^2.4",
        "nesbot/carbon": "^1.22",
-        "doctrine/dbal": "^2.5"
+        "doctrine/dbal": "^2.5",
+        "google/recaptcha": "~1.1"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.0",
--- a/composer.lock
+++ b/composer.lock
@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
        "This file is @generated automatically"
    ],
-    "content-hash": "270b76198a63efcbd85347ec35e337f4",
+    "content-hash": "1b7ae24ee886aba13a99bf0207be0cdd",
    "packages": [
        {
            "name": "composer/ca-bundle",
@ -682,6 +682,51 @@
            ],
            "time": "2016-10-11T21:58:42+00:00"
        },
+        {
+            "name": "google/recaptcha",
+            "version": "1.1.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/google/recaptcha.git",
+                "reference": "5a56d15ca10a7b75158178752b2ad8f755eb4f78"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/google/recaptcha/zipball/5a56d15ca10a7b75158178752b2ad8f755eb4f78",
+                "reference": "5a56d15ca10a7b75158178752b2ad8f755eb4f78",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.5"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.8"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "ReCaptcha\\": "src/ReCaptcha"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "description": "Client library for reCAPTCHA, a free service that protect websites from spam and abuse.",
+            "homepage": "http://www.google.com/recaptcha/",
+            "keywords": [
+                "Abuse",
+                "captcha",
+                "recaptcha",
+                "spam"
+            ],
+            "time": "2017-03-09T18:44:34+00:00"
+        },
        {
            "name": "illuminate/auth",
            "version": "v5.1.28",
--- a/public/css/signup.css
+++ b/public/css/signup.css
@ -17,3 +17,7 @@
 .login-prompt {
    padding-top: 15px;
 }
+
+.g-recaptcha {
+    margin-bottom: 2em;
+}
--- a/resources/views/env.blade.php
+++ b/resources/views/env.blade.php
@ -51,6 +51,11 @@ POLR_ALLOW_ACCT_CREATION={{$POLR_ALLOW_ACCT_CREATION}}
 # Set to true to require activation by email (e.g true/false)
 POLR_ACCT_ACTIVATION={{$POLR_ACCT_ACTIVATION}}

+# Set to true to require reCAPTCHAs on sign up pages
+# If this setting is enabled, you must also provide your reCAPTCHA keys
+# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY
+POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}}
+
 # Set to true to require users to be logged in before shortening URLs
 SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}}

@ -86,6 +91,12 @@ SETTING_RESTRICT_EMAIL_DOMAIN={{$ST_RESTRICT_EMAIL_DOMAIN}}
 # A comma-separated list of permitted email domains
 SETTING_ALLOWED_EMAIL_DOMAINS={{$ST_ALLOWED_EMAIL_DOMAINS}}

+# reCAPTCHA site key
+POLR_RECAPTCHA_SITE_KEY={{$POLR_RECAPTCHA_SITE_KEY}}
+
+# reCAPTCHA secret key
+POLR_RECAPTCHA_SECRET_KEY={{$POLR_RECAPTCHA_SECRET}}
+
 # Set each to blank to disable mail
@if($MAIL_ENABLED)
 MAIL_DRIVER=smtp
--- a/resources/views/setup.blade.php
+++ b/resources/views/setup.blade.php
@ -207,6 +207,34 @@ Setup
                Please ensure SMTP is properly set up before enabling password recovery.
            </p>

+            <p>
+                Require reCAPTCHA for Registrations
+                <setup-tooltip content="You must provide your reCAPTCHA keys to use this feature."></setup-tooltip>
+            </p>
+            <select name='setting:acct_registration_recaptcha' class='form-control'>
+                <option value='false'>Do not require reCAPTCHA for registration</option>
+                <option value='true'>Require reCATPCHA for registration</option>
+            </select>
+
+            <p>
+                reCAPTCHA Configuration:
+                <setup-tooltip content="You must provide reCAPTCHA keys if you intend to use any reCAPTCHA-dependent features."></setup-tooltip>
+            </p>
+
+            <p>
+                reCAPTCHA Site Key
+            </p>
+            <input type='text' class='form-control' name='setting:recaptcha_site_key'>
+
+            <p>
+                reCAPTCHA Secret Key
+            </p>
+            <input type='text' class='form-control' name='setting:recaptcha_secret_key'>
+
+            <p class='text-muted'>
+                You can obtain reCAPTCHA keys from <a href="https://www.google.com/recaptcha/admin">Google's reCAPTCHA website</a>.
+            </p>
+
            <p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p>
            <select name='app:stylesheet' class='form-control'>
                <option value=''>Modern (default)</option>
--- a/resources/views/signup.blade.php
+++ b/resources/views/signup.blade.php
@ -12,6 +12,11 @@
        Username: <input type='text' name='username' class='form-control form-field' placeholder='Username' />
        Password: <input type='password' name='password' class='form-control form-field' placeholder='Password' />
        Email: <input type='email' name='email' class='form-control form-field' placeholder='Email' />
+
+        @if (env('POLR_ACCT_CREATION_RECAPTCHA'))
+        <div class="g-recaptcha" data-sitekey="{{env('POLR_RECAPTCHA_SITE_KEY')}}"></div>
+        @endif
+
        <input type="hidden" name='_token' value='{{csrf_token()}}' />
        <input type="submit" class="btn btn-default btn-success" value="Register"/>
        <p class='login-prompt'>
@ -34,6 +39,11 @@
        <h4>Email</h4>
        <p>The email you will use to verify your account or to recover your account.</p>
    </p>
-
 </div>
@endsection
+
+@section('js')
+    @if (env('POLR_ACCT_CREATION_RECAPTCHA'))
+    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+    @endif
+@endsection