Validate the Captcha challenge for account signup

2024-12-01 19:56:49 +01:00 · 2024-12-01 19:56:49 +01:00 · 5f01741943
commit 5f01741943
parent be9ca9e6b0
6 changed files with 35 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -30,6 +30,18 @@ class ApplicationController < ActionController::Base

  private

+  def validate_captcha!
+    Rails.logger.info("Captcha params: #{captcha_params}")
+
+    return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])
+
+    render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity
+  end
+
+  def captcha_params
+    params.expect(captcha: [:id, :answer])
+  end
+  
  def default_url_options(options = {})
    options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })
  end
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@ -4,6 +4,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
  clear_respond_to 
  respond_to :json

+  before_action :validate_captcha!, only: :create
+
  def create
    wedding = Wedding.create(wedding_params)
    unless wedding.persisted?
--- a/app/services/libre_captcha.rb
+++ b/app/services/libre_captcha.rb
@ -11,4 +11,10 @@ class LibreCaptcha
      }.to_json
    ).then { |raw| JSON.parse(raw)['id'] }
  end
+
+  def valid?(id:, answer:)
+    HTTParty.post("http://libre-captcha:8888/v2/answer",
+      body: { id:, answer: }.to_json
+    ).then { |raw| JSON.parse(raw)['result'] == 'True' }
+  end
 end
--- a/spec/requests/captcha_spec.rb
+++ b/spec/requests/captcha_spec.rb
@ -14,8 +14,8 @@ RSpec.describe 'captcha', type: :request do
        schema type: :object,
        required: %i[id], 
        properties: {
-          id: { type: :string, format: :uuid }
-          media_url: { type: :string, format: :uri }
+          id: { type: :string, format: :uuid },
+          media_url: { type: :string, format: :uri },
        }
        xit
      end
--- a/spec/requests/schemas.rb
+++ b/spec/requests/schemas.rb
@ -18,5 +18,16 @@ module Swagger
      example: :default,
      description: 'Wedding slug'
    }
+
+    CAPTCHA = {
+      captcha: {
+        type: :object,
+        required: %i[id answer],
+        properties: {
+          id: { type: :string, format: :uuid },
+          answer: { type: :string }
+        }
+      }
+    } 
  end
 end
--- a/spec/requests/users/registrations_spec.rb
+++ b/spec/requests/users/registrations_spec.rb
@ -30,7 +30,8 @@ RSpec.describe 'users/registrations', type: :request do
            properties: {
              date: { type: :string, format: :date},
            }
-          }
+          },
+          **Swagger::Schema::CAPTCHA
        }
      }