Added recaptcha to reset password if enabled (#2475)

2021-01-26 19:44:23 -05:00
parent b8575bd512
commit 6ee92c839b
4 changed files with 60 additions and 10 deletions
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@ -23,22 +23,22 @@ class PasswordResetsController < ApplicationController
  before_action :find_user, only: [:edit, :update]
  before_action :check_expiration, only: [:edit, :update]

-  # POST /password_resets/new
+  # GET /password_resets/new
  def new
  end

  # POST /password_resets
  def create
-    begin
-      # Check if user exists and throw an error if he doesn't
-      @user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
+    return redirect_to new_password_reset_path, flash: { alert: I18n.t("reset_password.captcha") } unless valid_captcha

-      send_password_reset_email(@user, @user.create_reset_digest)
-      redirect_to root_path
-    rescue
-      # User doesn't exist
-      redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
-    end
+    # Check if user exists and throw an error if he doesn't
+    @user = User.find_by!(email: params[:password_reset][:email].downcase, provider: @user_domain)
+
+    send_password_reset_email(@user, @user.create_reset_digest)
+    redirect_to root_path
+  rescue
+    # User doesn't exist
+    redirect_to root_path, flash: { success: I18n.t("email_sent", email_type: t("reset_password.subtitle")) }
  end

  # GET /password_resets/:id/edit
@ -84,4 +84,10 @@ class PasswordResetsController < ApplicationController
  def disable_password_reset
    redirect_to '/404'
  end
+
+  # Checks that the captcha passed is valid
+  def valid_captcha
+    return true unless Rails.configuration.recaptcha_enabled
+    verify_recaptcha
+  end
 end