diff options
author | Chaoyi Zha <summermontreal@gmail.com> | 2017-05-18 04:39:21 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-18 04:39:21 +0300 |
commit | 475a1ba5a316a02b14540f44a8c6bcd1ae7c091d (patch) | |
tree | dc826e41393e094c6e5ef6a03671fa75bfa07350 | |
parent | 3c669ee1ca49bd5bef5af8e9e9a1ba2f464afe66 (diff) | |
parent | 53128c11b4b2f7ca804cb9b9dfd66a34ecf1752b (diff) |
Merge pull request #338 from cydrobolt/feature/recaptcha
Implement optional reCAPTCHA for registrations
-rw-r--r-- | app/Http/Controllers/SetupController.php | 7 | ||||
-rw-r--r-- | app/Http/Controllers/UserController.php | 12 | ||||
-rw-r--r-- | composer.json | 3 | ||||
-rw-r--r-- | composer.lock | 47 | ||||
-rw-r--r-- | public/css/signup.css | 4 | ||||
-rw-r--r-- | resources/views/env.blade.php | 11 | ||||
-rw-r--r-- | resources/views/setup.blade.php | 28 | ||||
-rw-r--r-- | resources/views/signup.blade.php | 12 |
8 files changed, 121 insertions, 3 deletions
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 8234c3f..d290065 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -102,6 +102,10 @@ class SetupController extends Controller { ]); } + $polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha'); + $polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key'); + $polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key'); + $acct_username = $request->input('acct:username'); $acct_email = $request->input('acct:email'); $acct_password = $request->input('acct:password'); @@ -154,12 +158,15 @@ class SetupController extends Controller { 'ST_PUBLIC_INTERFACE' => $st_public_interface, 'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation, 'POLR_ACCT_ACTIVATION' => $polr_acct_activation, + 'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha, 'ST_SHORTEN_PERMISSION' => $st_shorten_permission, 'ST_INDEX_REDIRECT' => $st_index_redirect, 'ST_REDIRECT_404' => $st_redirect_404, 'ST_PASSWORD_RECOV' => $st_password_recov, 'ST_RESTRICT_EMAIL_DOMAIN' => $st_restrict_email_domain, 'ST_ALLOWED_EMAIL_DOMAINS' => $st_allowed_email_domains, + 'POLR_RECAPTCHA_SITE_KEY' => $polr_recaptcha_site_key, + 'POLR_RECAPTCHA_SECRET' => $polr_recaptcha_secret_key, 'MAIL_ENABLED' => $mail_enabled, 'MAIL_HOST' => $mail_host, diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 4d4a34c..7cdf545 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -57,6 +57,18 @@ class UserController extends Controller { return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.'); } + if (env('POLR_ACCT_CREATION_RECAPTCHA')) { + // Verify reCAPTCHA if setting is enabled + $gRecaptchaResponse = $request->input('g-recaptcha-response'); + + $recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY')); + $recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip()); + + if (!$recaptcha_resp->isSuccess()) { + return redirect(route('signup'))->with('error', 'You must complete the reCAPTCHA to register.'); + } + } + // Validate signup form data $this->validate($request, [ 'username' => 'required|alpha_dash', diff --git a/composer.json b/composer.json index 5c9fcb0..4f883ee 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,8 @@ "torann/geoip": "^1.0", "geoip2/geoip2": "^2.4", "nesbot/carbon": "^1.22", - "doctrine/dbal": "^2.5" + "doctrine/dbal": "^2.5", + "google/recaptcha": "~1.1" }, "require-dev": { "fzaninotto/faker": "~1.0", diff --git a/composer.lock b/composer.lock index 232733f..14d90c6 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "270b76198a63efcbd85347ec35e337f4", + "content-hash": "1b7ae24ee886aba13a99bf0207be0cdd", "packages": [ { "name": "composer/ca-bundle", @@ -683,6 +683,51 @@ "time": "2016-10-11T21:58:42+00:00" }, { + "name": "google/recaptcha", + "version": "1.1.3", + "source": { + "type": "git", + "url": "https://github.com/google/recaptcha.git", + "reference": "5a56d15ca10a7b75158178752b2ad8f755eb4f78" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/google/recaptcha/zipball/5a56d15ca10a7b75158178752b2ad8f755eb4f78", + "reference": "5a56d15ca10a7b75158178752b2ad8f755eb4f78", + "shasum": "" + }, + "require": { + "php": ">=5.5" + }, + "require-dev": { + "phpunit/phpunit": "^4.8" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.1.x-dev" + } + }, + "autoload": { + "psr-4": { + "ReCaptcha\\": "src/ReCaptcha" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "Client library for reCAPTCHA, a free service that protect websites from spam and abuse.", + "homepage": "http://www.google.com/recaptcha/", + "keywords": [ + "Abuse", + "captcha", + "recaptcha", + "spam" + ], + "time": "2017-03-09T18:44:34+00:00" + }, + { "name": "illuminate/auth", "version": "v5.1.28", "source": { diff --git a/public/css/signup.css b/public/css/signup.css index 5996f15..2de4c77 100644 --- a/public/css/signup.css +++ b/public/css/signup.css @@ -17,3 +17,7 @@ .login-prompt { padding-top: 15px; } + +.g-recaptcha { + margin-bottom: 2em; +} diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php index 7bfd358..0b2b834 100644 --- a/resources/views/env.blade.php +++ b/resources/views/env.blade.php @@ -51,6 +51,11 @@ POLR_ALLOW_ACCT_CREATION={{$POLR_ALLOW_ACCT_CREATION}} # Set to true to require activation by email (e.g true/false) POLR_ACCT_ACTIVATION={{$POLR_ACCT_ACTIVATION}} +# Set to true to require reCAPTCHAs on sign up pages +# If this setting is enabled, you must also provide your reCAPTCHA keys +# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY +POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}} + # Set to true to require users to be logged in before shortening URLs SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}} @@ -86,6 +91,12 @@ SETTING_RESTRICT_EMAIL_DOMAIN={{$ST_RESTRICT_EMAIL_DOMAIN}} # A comma-separated list of permitted email domains SETTING_ALLOWED_EMAIL_DOMAINS={{$ST_ALLOWED_EMAIL_DOMAINS}} +# reCAPTCHA site key +POLR_RECAPTCHA_SITE_KEY={{$POLR_RECAPTCHA_SITE_KEY}} + +# reCAPTCHA secret key +POLR_RECAPTCHA_SECRET_KEY={{$POLR_RECAPTCHA_SECRET}} + # Set each to blank to disable mail @if($MAIL_ENABLED) MAIL_DRIVER=smtp diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php index c94ec85..c50b045 100644 --- a/resources/views/setup.blade.php +++ b/resources/views/setup.blade.php @@ -207,6 +207,34 @@ Setup Please ensure SMTP is properly set up before enabling password recovery. </p> + <p> + Require reCAPTCHA for Registrations + <setup-tooltip content="You must provide your reCAPTCHA keys to use this feature."></setup-tooltip> + </p> + <select name='setting:acct_registration_recaptcha' class='form-control'> + <option value='false'>Do not require reCAPTCHA for registration</option> + <option value='true'>Require reCATPCHA for registration</option> + </select> + + <p> + reCAPTCHA Configuration: + <setup-tooltip content="You must provide reCAPTCHA keys if you intend to use any reCAPTCHA-dependent features."></setup-tooltip> + </p> + + <p> + reCAPTCHA Site Key + </p> + <input type='text' class='form-control' name='setting:recaptcha_site_key'> + + <p> + reCAPTCHA Secret Key + </p> + <input type='text' class='form-control' name='setting:recaptcha_secret_key'> + + <p class='text-muted'> + You can obtain reCAPTCHA keys from <a href="https://www.google.com/recaptcha/admin">Google's reCAPTCHA website</a>. + </p> + <p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p> <select name='app:stylesheet' class='form-control'> <option value=''>Modern (default)</option> diff --git a/resources/views/signup.blade.php b/resources/views/signup.blade.php index 0523ef5..1bba206 100644 --- a/resources/views/signup.blade.php +++ b/resources/views/signup.blade.php @@ -12,6 +12,11 @@ Username: <input type='text' name='username' class='form-control form-field' placeholder='Username' /> Password: <input type='password' name='password' class='form-control form-field' placeholder='Password' /> Email: <input type='email' name='email' class='form-control form-field' placeholder='Email' /> + + @if (env('POLR_ACCT_CREATION_RECAPTCHA')) + <div class="g-recaptcha" data-sitekey="{{env('POLR_RECAPTCHA_SITE_KEY')}}"></div> + @endif + <input type="hidden" name='_token' value='{{csrf_token()}}' /> <input type="submit" class="btn btn-default btn-success" value="Register"/> <p class='login-prompt'> @@ -34,6 +39,11 @@ <h4>Email</h4> <p>The email you will use to verify your account or to recover your account.</p> </p> - </div> @endsection + +@section('js') + @if (env('POLR_ACCT_CREATION_RECAPTCHA')) + <script src="https://www.google.com/recaptcha/api.js" async defer></script> + @endif +@endsection |