Validate the Captcha challenge for account signup
Some checks failed
Check usage of free licenses / check-licenses (pull_request) Failing after 51s
Add copyright notice / copyright_notice (pull_request) Successful in 1m0s
Run unit tests / unit_tests (pull_request) Successful in 1m40s

This commit is contained in:
Manuel Bustillo 2024-12-01 19:56:49 +01:00
parent be9ca9e6b0
commit 5f01741943
6 changed files with 35 additions and 3 deletions

View File

@ -30,6 +30,18 @@ class ApplicationController < ActionController::Base
private private
def validate_captcha!
Rails.logger.info("Captcha params: #{captcha_params}")
return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])
render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity
end
def captcha_params
params.expect(captcha: [:id, :answer])
end
def default_url_options(options = {}) def default_url_options(options = {})
options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug }) options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })
end end

View File

@ -4,6 +4,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
clear_respond_to clear_respond_to
respond_to :json respond_to :json
before_action :validate_captcha!, only: :create
def create def create
wedding = Wedding.create(wedding_params) wedding = Wedding.create(wedding_params)
unless wedding.persisted? unless wedding.persisted?

View File

@ -11,4 +11,10 @@ class LibreCaptcha
}.to_json }.to_json
).then { |raw| JSON.parse(raw)['id'] } ).then { |raw| JSON.parse(raw)['id'] }
end end
def valid?(id:, answer:)
HTTParty.post("http://libre-captcha:8888/v2/answer",
body: { id:, answer: }.to_json
).then { |raw| JSON.parse(raw)['result'] == 'True' }
end
end end

View File

@ -14,8 +14,8 @@ RSpec.describe 'captcha', type: :request do
schema type: :object, schema type: :object,
required: %i[id], required: %i[id],
properties: { properties: {
id: { type: :string, format: :uuid } id: { type: :string, format: :uuid },
media_url: { type: :string, format: :uri } media_url: { type: :string, format: :uri },
} }
xit xit
end end

View File

@ -18,5 +18,16 @@ module Swagger
example: :default, example: :default,
description: 'Wedding slug' description: 'Wedding slug'
} }
CAPTCHA = {
captcha: {
type: :object,
required: %i[id answer],
properties: {
id: { type: :string, format: :uuid },
answer: { type: :string }
}
}
}
end end
end end

View File

@ -30,7 +30,8 @@ RSpec.describe 'users/registrations', type: :request do
properties: { properties: {
date: { type: :string, format: :date}, date: { type: :string, format: :date},
} }
} },
**Swagger::Schema::CAPTCHA
} }
} }