From 9d5d36f059c1b20ea1fee407e8ade4df1a001018 Mon Sep 17 00:00:00 2001 From: Steven Miers Date: Mon, 5 Jan 2015 17:01:28 -0600 Subject: [PATCH] VRFS-2540 : Clean out some existing recaptcha scaffolding. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Current recaptcha gem only works within controllers, so pass flag down the stack when recaptcha fails. Respect application config for “recaptcha_enable” at all levels higher than user level. Allows usage of existing mechanism for attribute validation and passing subsequent errors back to the UI for reporting. --- ruby/lib/jam_ruby/models/user.rb | 7 +++++++ web/Gemfile | 2 +- web/app/controllers/users_controller.rb | 19 +++++++++---------- web/config/application.rb | 6 +++++- web/config/initializers/recaptcha.rb | 24 ------------------------ web/lib/music_session_manager.rb | 4 ---- web/lib/user_manager.rb | 14 +++----------- 7 files changed, 25 insertions(+), 51 deletions(-) delete mode 100644 web/config/initializers/recaptcha.rb diff --git a/ruby/lib/jam_ruby/models/user.rb b/ruby/lib/jam_ruby/models/user.rb index 1df38f5bb..63890f2e7 100644 --- a/ruby/lib/jam_ruby/models/user.rb +++ b/ruby/lib/jam_ruby/models/user.rb @@ -909,6 +909,7 @@ module JamRuby fb_signup = options[:fb_signup] signup_confirm_url = options[:signup_confirm_url] affiliate_referral_id = options[:affiliate_referral_id] + recaptcha_failed = options[:recaptcha_failed] user = User.new @@ -1031,6 +1032,12 @@ module JamRuby UserMailer.confirm_email(user, signup_confirm_url.nil? ? nil : (signup_confirm_url + "/" + user.signup_token) ).deliver end end + + if recaptcha_failed + user.errors.add "recaptcha", "verification failed" + raise ActiveRecord::Rollback + end + end return user diff --git a/web/Gemfile b/web/Gemfile index 1443a1822..eda57ee0a 100644 --- a/web/Gemfile +++ b/web/Gemfile @@ -50,7 +50,6 @@ gem 'signet', '0.5.0' gem 'twitter' gem 'fb_graph', '2.5.9' gem 'sendgrid', '1.2.0' -gem 'recaptcha', '0.3.4' gem 'filepicker-rails', '0.1.0' gem 'aws-sdk' #, '1.29.1' gem 'aasm', '3.0.16' @@ -66,6 +65,7 @@ gem 'postgres-copy' #end gem 'geokit-rails' gem 'postgres_ext' +gem 'recaptcha', '0.3.6' gem 'resque' gem 'resque-retry' gem 'resque-failed-job-mailer' diff --git a/web/app/controllers/users_controller.rb b/web/app/controllers/users_controller.rb index c2d92c062..407b9a4c0 100644 --- a/web/app/controllers/users_controller.rb +++ b/web/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- require 'builder' +require 'recaptcha/rails' class Slide attr_accessor :img_url, :header, :vid_url @@ -133,14 +134,7 @@ class UsersController < ApplicationController @invited_user = load_invited_user(params) @signup_postback = load_postback(@invited_user, @fb_signup) - @user = User.new - - # check recaptcha; if any errors seen, contribute it to the model - unless verify_recaptcha(:model => @user, :message => "recaptcha") - render 'new', :layout => 'web' - return - end - + instruments = fixup_instruments(params[:jam_ruby_user][:instruments]) birth_date = fixup_birthday(params[:jam_ruby_user]["birth_date(2i)"], params[:jam_ruby_user]["birth_date(3i)"], params[:jam_ruby_user]["birth_date(1i)"]) @@ -148,6 +142,10 @@ class UsersController < ApplicationController terms_of_service = params[:jam_ruby_user][:terms_of_service].nil? || params[:jam_ruby_user][:terms_of_service] == "0"? false : true musician = params[:jam_ruby_user][:musician] + if Rails.application.config.recaptcha_enable + recaptcha_failed = verify_recaptcha(:private_key=>Rails.application.config.recaptcha_private_key, :timeout=>10) + end + @user = UserManager.new.signup(remote_ip: request.remote_ip, first_name: params[:jam_ruby_user][:first_name], last_name: params[:jam_ruby_user][:last_name], @@ -159,11 +157,12 @@ class UsersController < ApplicationController birth_date: birth_date, location: location, musician: musician, + recaptcha_failed: recaptcha_failed, invited_user: @invited_user, fb_signup: @fb_signup, signup_confirm_url: ApplicationHelper.base_uri(request) + "/confirm", affiliate_referral_id: AffiliatePartner.coded_id(self.affiliate_code)) - + # check for errors if @user.errors.any? # render any @user.errors on error @@ -486,5 +485,5 @@ JS else signup_path end - end + end end diff --git a/web/config/application.rb b/web/config/application.rb index 9666609f1..f795e74ad 100644 --- a/web/config/application.rb +++ b/web/config/application.rb @@ -95,7 +95,11 @@ if defined?(Bundler) config.filepicker_upload_dir = 'avatars' config.fp_secret = 'FTDL4TYDENBWZKK3UZCFIQWXS4' - config.recaptcha_enable = false + config.recaptcha_enable = true + # created using seth@jamkazam.com; can't see way to delegate + config.recaptcha_public_key = '6Let8dgSAAAAAFheKGWrs6iaq_hIlPOZ2f3Bb56B' + config.recaptcha_private_key = '6Let8dgSAAAAAJzFxL9w2QR5auxjk0ol1_xAtOGO' + # create one user per real jamkazam employee? config.bootstrap_dev_users = true diff --git a/web/config/initializers/recaptcha.rb b/web/config/initializers/recaptcha.rb deleted file mode 100644 index b7c4fd0f6..000000000 --- a/web/config/initializers/recaptcha.rb +++ /dev/null @@ -1,24 +0,0 @@ -# this gem turns recaptcha verification off during tests by default. -# The public key/private keys shown below valid for all jamkazam.com domains -# note that all recaptcha keys work on localhost/127.0.0.1 -# the keys are created at https://www.google.com/recaptcha/admin/create -Recaptcha.configure do |config| - # created using seth@jamkazam.com; can't see way to delegate - config.public_key = '6Let8dgSAAAAAFheKGWrs6iaq_hIlPOZ2f3Bb56B' - config.private_key = '6Let8dgSAAAAAJzFxL9w2QR5auxjk0ol1_xAtOGO' - - if Rails.application.config.recaptcha_enable - # mirrors default behavior, but it's nice to see it without digging in recaptcha gem source - config.skip_verify_env = ['test', 'cucumber'] - else - # disabled in all environments at the moment - config.skip_verify_env = ['test', 'cucumber', 'development', 'production'] - end - # other config options available with this gem: - #nonssl_api_server_url, - #ssl_api_server_url, - #verify_url, - #skip_verify_env, - #proxy, - #handle_timeouts_gracefully -end \ No newline at end of file diff --git a/web/lib/music_session_manager.rb b/web/lib/music_session_manager.rb index 96a64dd66..d016afa09 100644 --- a/web/lib/music_session_manager.rb +++ b/web/lib/music_session_manager.rb @@ -1,8 +1,4 @@ -require 'recaptcha' -class MusicSessionManager < BaseManager - - include Recaptcha::Verify def initialize(options={}) super(options) diff --git a/web/lib/user_manager.rb b/web/lib/user_manager.rb index 7da708c73..a694af94c 100644 --- a/web/lib/user_manager.rb +++ b/web/lib/user_manager.rb @@ -1,8 +1,5 @@ -require 'recaptcha' class UserManager < BaseManager - include Recaptcha::Verify - def initialize(options={}) super(options) @log = Logging.logger[self] @@ -27,7 +24,7 @@ class UserManager < BaseManager fb_signup = options[:fb_signup] signup_confirm_url = options[:signup_confirm_url] affiliate_referral_id = options[:affiliate_referral_id] - + recaptcha_failed = Rails.application.config.recaptcha_enable && options[:recaptcha_failed] user = User.new # check if we have disabled open signup for this site. open == invited users can still get in @@ -46,13 +43,6 @@ class UserManager < BaseManager loc[:country] = location[:country] end - # TODO: figure out why can't user verify_recaptcha here - # ALSO: make sure we dont do the recaptcha stuff if used facebook. - - # check recaptcha; if any errors seen, contribute it to the model - #unless verify_recaptcha(:model => user, :message => "recaptcha") - # return user # user.errors.any? is true now - #else # sends email to email account for confirmation user = User.signup(first_name: first_name, last_name: last_name, @@ -65,11 +55,13 @@ class UserManager < BaseManager birth_date: birth_date, musician: musician, photo_url: photo_url, + recaptcha_failed: recaptcha_failed, invited_user: invited_user, fb_signup: fb_signup, signup_confirm_url: signup_confirm_url, affiliate_referral_id: affiliate_referral_id) + return user #end end