mirror of
https://github.com/lunaisnotaboy/mastodon.git
synced 2024-11-18 04:43:24 +00:00
Add ability to set hCaptcha either on registration form or on e-mail validation
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band registration API.
This commit is contained in:
parent
a9269f8786
commit
0fb907441c
|
@ -1,12 +1,18 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class Auth::ConfirmationsController < Devise::ConfirmationsController
|
class Auth::ConfirmationsController < Devise::ConfirmationsController
|
||||||
|
include CaptchaConcern
|
||||||
|
|
||||||
layout 'auth'
|
layout 'auth'
|
||||||
|
|
||||||
before_action :set_body_classes
|
before_action :set_body_classes
|
||||||
before_action :set_pack
|
before_action :set_pack
|
||||||
|
before_action :set_confirmation_user!, only: [:show, :confirm_captcha]
|
||||||
before_action :require_unconfirmed!
|
before_action :require_unconfirmed!
|
||||||
|
|
||||||
|
before_action :extend_csp_for_captcha!, only: [:show, :confirm_captcha]
|
||||||
|
before_action :require_captcha_if_needed!, only: [:show]
|
||||||
|
|
||||||
skip_before_action :require_functional!
|
skip_before_action :require_functional!
|
||||||
|
|
||||||
def new
|
def new
|
||||||
|
@ -15,8 +21,52 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
|
||||||
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
|
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def show
|
||||||
|
clear_captcha!
|
||||||
|
|
||||||
|
old_session_values = session.to_hash
|
||||||
|
reset_session
|
||||||
|
session.update old_session_values.except('session_id')
|
||||||
|
|
||||||
|
super
|
||||||
|
end
|
||||||
|
|
||||||
|
def confirm_captcha
|
||||||
|
check_captcha! do |message|
|
||||||
|
flash.now[:alert] = message
|
||||||
|
render :captcha
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
show
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def require_captcha_if_needed!
|
||||||
|
render :captcha if captcha_required?
|
||||||
|
end
|
||||||
|
|
||||||
|
def set_confirmation_user!
|
||||||
|
# We need to reimplement looking up the user because
|
||||||
|
# Devise::ConfirmationsController#show looks up and confirms in one
|
||||||
|
# step.
|
||||||
|
confirmation_token = params[:confirmation_token]
|
||||||
|
return if confirmation_token.nil?
|
||||||
|
@confirmation_user = User.find_first_by_auth_conditions(confirmation_token: confirmation_token)
|
||||||
|
end
|
||||||
|
|
||||||
|
def captcha_user_bypass?
|
||||||
|
return true if @confirmation_user.nil? || @confirmation_user.confirmed?
|
||||||
|
|
||||||
|
invite = Invite.find(@confirmation_user.invite_id) if @confirmation_user.invite_id.present?
|
||||||
|
invite.present? && !invite.max_uses.nil?
|
||||||
|
end
|
||||||
|
|
||||||
|
def captcha_context
|
||||||
|
'email-confirmation'
|
||||||
|
end
|
||||||
|
|
||||||
def set_pack
|
def set_pack
|
||||||
use_pack 'auth'
|
use_pack 'auth'
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,17 +15,21 @@ module CaptchaConcern
|
||||||
end
|
end
|
||||||
|
|
||||||
def captcha_enabled?
|
def captcha_enabled?
|
||||||
captcha_available? && Setting.captcha_enabled
|
captcha_available? && Setting.captcha_mode == captcha_context
|
||||||
end
|
end
|
||||||
|
|
||||||
def captcha_recently_passed?
|
def captcha_recently_passed?
|
||||||
session[:captcha_passed_at].present? && session[:captcha_passed_at] >= CAPTCHA_TIMEOUT.ago
|
session[:captcha_passed_at].present? && session[:captcha_passed_at] >= CAPTCHA_TIMEOUT.ago
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def captcha_user_bypass?
|
||||||
|
current_user.present? || (@invite.present? && @invite.valid_for_use? && !@invite.max_uses.nil?)
|
||||||
|
end
|
||||||
|
|
||||||
def captcha_required?
|
def captcha_required?
|
||||||
return false if ENV['OMNIAUTH_ONLY'] == 'true'
|
return false if ENV['OMNIAUTH_ONLY'] == 'true'
|
||||||
return false unless Setting.registrations_mode != 'none' || @invite&.valid_for_use?
|
return false unless Setting.registrations_mode != 'none' || @invite&.valid_for_use?
|
||||||
captcha_enabled? && !current_user && !(@invite.present? && @invite.valid_for_use? && !@invite.max_uses.nil?) && !captcha_recently_passed?
|
captcha_enabled? && !captcha_user_bypass? && !captcha_recently_passed?
|
||||||
end
|
end
|
||||||
|
|
||||||
def clear_captcha!
|
def clear_captcha!
|
||||||
|
@ -65,4 +69,8 @@ module CaptchaConcern
|
||||||
|
|
||||||
hcaptcha_tags
|
hcaptcha_tags
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def captcha_context
|
||||||
|
'registration-form'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -40,7 +40,7 @@ class Form::AdminSettings
|
||||||
noindex
|
noindex
|
||||||
outgoing_spoilers
|
outgoing_spoilers
|
||||||
require_invite_text
|
require_invite_text
|
||||||
captcha_enabled
|
captcha_mode
|
||||||
).freeze
|
).freeze
|
||||||
|
|
||||||
BOOLEAN_KEYS = %i(
|
BOOLEAN_KEYS = %i(
|
||||||
|
@ -59,7 +59,6 @@ class Form::AdminSettings
|
||||||
trendable_by_default
|
trendable_by_default
|
||||||
noindex
|
noindex
|
||||||
require_invite_text
|
require_invite_text
|
||||||
captcha_enabled
|
|
||||||
).freeze
|
).freeze
|
||||||
|
|
||||||
UPLOAD_KEYS = %i(
|
UPLOAD_KEYS = %i(
|
||||||
|
@ -83,6 +82,7 @@ class Form::AdminSettings
|
||||||
validates :bootstrap_timeline_accounts, existing_username: { multiple: true }
|
validates :bootstrap_timeline_accounts, existing_username: { multiple: true }
|
||||||
validates :show_domain_blocks, inclusion: { in: %w(disabled users all) }
|
validates :show_domain_blocks, inclusion: { in: %w(disabled users all) }
|
||||||
validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }
|
validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }
|
||||||
|
validates :captcha_mode, inclusion: { in: %w(disabled registration-form email-confirmation) }
|
||||||
|
|
||||||
def initialize(_attributes = {})
|
def initialize(_attributes = {})
|
||||||
super
|
super
|
||||||
|
|
|
@ -116,6 +116,6 @@ class REST::InstanceSerializer < ActiveModel::Serializer
|
||||||
end
|
end
|
||||||
|
|
||||||
def captcha_enabled?
|
def captcha_enabled?
|
||||||
ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present? && Setting.captcha_enabled
|
ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present? && Setting.captcha_mode == 'registration-form'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
|
|
||||||
- if captcha_available?
|
- if captcha_available?
|
||||||
.fields-group
|
.fields-group
|
||||||
= f.input :captcha_enabled, as: :boolean, wrapper: :with_label, label: t('admin.settings.captcha_enabled.title'), hint: t('admin.settings.captcha_enabled.desc_html')
|
= f.input :captcha_mode, as: :radio_buttons, collection: %w(disabled registration-form email-confirmation), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([t("admin.settings.captcha.#{type}.title"), content_tag(:span, t("admin.settings.captcha.#{type}.desc_html"), class: 'hint')])}, label: t('admin.settings.captcha.title'), hint: t('admin.settings.captcha.desc_html')
|
||||||
|
|
||||||
%hr.spacer/
|
%hr.spacer/
|
||||||
|
|
||||||
|
|
11
app/views/auth/confirmations/captcha.html.haml
Normal file
11
app/views/auth/confirmations/captcha.html.haml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
- content_for :page_title do
|
||||||
|
= t('auth.confirm_captcha')
|
||||||
|
|
||||||
|
= form_tag auth_captcha_confirmation_url, method: 'POST', class: 'simple_form' do
|
||||||
|
= hidden_field_tag :confirmation_token, params[:confirmation_token]
|
||||||
|
|
||||||
|
.field-group
|
||||||
|
= render_captcha_if_needed
|
||||||
|
|
||||||
|
.actions
|
||||||
|
%button.button= t('challenge.continue')
|
|
@ -2,9 +2,18 @@
|
||||||
en:
|
en:
|
||||||
admin:
|
admin:
|
||||||
settings:
|
settings:
|
||||||
captcha_enabled:
|
captcha:
|
||||||
desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, may prevent your instance from being listed as having open registrations, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns.
|
desc_html: Configure hCaptcha integration, relying on third-party scripts. This may have security and privacy implications.
|
||||||
title: Require new users to go through a CAPTCHA to sign up
|
email-confirmation:
|
||||||
|
desc_html: Require new users to go through hCaptcha at the e-mail validation step. Bots will not be deterred from creating accounts, but they may be prevented from confirming them, leaving them to be automatically cleaned up after a couple days. This does not interfere with app-based registrations.
|
||||||
|
title: CAPTCHA on email validation
|
||||||
|
disabled:
|
||||||
|
desc_html: Do not require a CAPTCHA
|
||||||
|
title: Disabled
|
||||||
|
registration-form:
|
||||||
|
desc_html: Require new users to go through hCaptcha on the registration form, so that CAPTCHA requirement is immediately apparent to them. This disables app-based registrations and may prevent your instance from being listed as having open registrations.
|
||||||
|
title: CAPTCHA on registration forms
|
||||||
|
title: CAPTCHA configuration
|
||||||
enable_keybase:
|
enable_keybase:
|
||||||
desc_html: Allow your users to prove their identity via keybase
|
desc_html: Allow your users to prove their identity via keybase
|
||||||
title: Enable keybase integration
|
title: Enable keybase integration
|
||||||
|
@ -20,6 +29,8 @@ en:
|
||||||
show_replies_in_public_timelines:
|
show_replies_in_public_timelines:
|
||||||
desc_html: In addition to public self-replies (threads), show public replies in local and public timelines.
|
desc_html: In addition to public self-replies (threads), show public replies in local and public timelines.
|
||||||
title: Show replies in public timelines
|
title: Show replies in public timelines
|
||||||
|
auth:
|
||||||
|
confirm_captcha: User verification
|
||||||
generic:
|
generic:
|
||||||
use_this: Use this
|
use_this: Use this
|
||||||
settings:
|
settings:
|
||||||
|
|
|
@ -44,6 +44,7 @@ Rails.application.routes.draw do
|
||||||
resource :setup, only: [:show, :update], controller: :setup
|
resource :setup, only: [:show, :update], controller: :setup
|
||||||
resource :challenge, only: [:create], controller: :challenges
|
resource :challenge, only: [:create], controller: :challenges
|
||||||
get 'sessions/security_key_options', to: 'sessions#webauthn_options'
|
get 'sessions/security_key_options', to: 'sessions#webauthn_options'
|
||||||
|
post 'captcha_confirmation', to: 'confirmations#confirm_captcha', as: :captcha_confirmation
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -77,7 +77,7 @@ defaults: &defaults
|
||||||
show_domain_blocks_rationale: 'disabled'
|
show_domain_blocks_rationale: 'disabled'
|
||||||
outgoing_spoilers: ''
|
outgoing_spoilers: ''
|
||||||
require_invite_text: false
|
require_invite_text: false
|
||||||
captcha_enabled: false
|
captcha_mode: 'disabled'
|
||||||
|
|
||||||
development:
|
development:
|
||||||
<<: *defaults
|
<<: *defaults
|
||||||
|
|
Loading…
Reference in a new issue