From 75f48f4979d2c3f250bbd10aa096ff0940c81190 Mon Sep 17 00:00:00 2001
From: farhatahmad <35435341+farhatahmad@users.noreply.github.com>
Date: Tue, 7 May 2019 09:21:04 -0400
Subject: [PATCH] GRN2-125: Added a configurable reCAPTCHA on sign up (#502)

* Added a configurable reCAPTCHA on sign up

* Added missing code
---
 Gemfile                             |  3 +++
 Gemfile.lock                        |  3 +++
 app/controllers/users_controller.rb | 11 +++++++++--
 app/helpers/users_helper.rb         |  3 +++
 app/views/users/new.html.erb        |  7 ++++++-
 config/application.rb               |  3 +++
 config/locales/en.yml               |  4 ++++
 sample.env                          |  8 ++++++++
 8 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index 5ce666f0..fbf7845a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -119,3 +119,6 @@ gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'coveralls', require: false
 
 gem 'random_password'
+
+# Adds helpers for the Google reCAPTCHA API
+gem "recaptcha"
diff --git a/Gemfile.lock b/Gemfile.lock
index 88d24127..3bcd53c3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -220,6 +220,8 @@ GEM
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
+    recaptcha (4.14.0)
+      json
     redcarpet (3.4.0)
     redis (3.3.5)
     remote_syslog_logger (1.0.4)
@@ -363,6 +365,7 @@ DEPENDENCIES
   rails (~> 5.0.7)
   rails-controller-testing
   random_password
+  recaptcha
   redcarpet
   redis (~> 3.0)
   remote_syslog_logger
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index a7517e01..2e1039dc 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,8 +31,15 @@ class UsersController < ApplicationController
     @user = User.new(user_params)
     @user.provider = @user_domain
 
-    # Handle error on user creation.
-    render(:new) && return unless @user.save
+    # Add validation errors to model if they exist
+    valid_user = @user.valid?
+    valid_captcha = config.recaptcha_enabled ? verify_recaptcha(model: @user) : true
+
+    if valid_user && valid_captcha
+      @user.save
+    else
+      render(:new) && return
+    end
 
     # Sign in automatically if email verification is disabled.
     login(@user) && return unless Rails.configuration.enable_email_verification
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 4a354368..e2cae8e6 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -17,4 +17,7 @@
 # with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
 
 module UsersHelper
+  def recaptcha_enabled?
+    config.recaptcha_enabled
+  end
 end
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index 7dc5589c..4aa6cec4 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -70,8 +70,13 @@
               </div>
             <% end %>
             <div class="card-footer px-0 pb-0">
+              <% if recaptcha_enabled? %>
+                <div class="form-group">
+                  <%= recaptcha_tags %>
+                  <div class="invalid-feedback d-block"><%= @user.errors.full_messages_for(:base).first %></div>
+                </div>
+              <% end %>
               <%= f.submit t("signup.title"), class: "btn btn-primary btn-block signin-button" %>
-              <%= link_to t("cancel"), root_path, class: "btn btn-secondary btn-block signin-button" %>
             </div>
           <% end %>
         </div>
diff --git a/config/application.rb b/config/application.rb
index b089a47c..ac71d331 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -108,5 +108,8 @@ module Greenlight
 
     # Number of rows to display per page
     config.pagination_rows = ENV['NUMBER_OF_ROWS'].to_i.zero? ? 10 : ENV['NUMBER_OF_ROWS'].to_i
+
+    # Whether the user has defined the variables required for recaptcha
+    config.recaptcha_enabled = ENV['RECAPTCHA_SITE_KEY'].present? && ENV['RECAPTCHA_SECRET_KEY'].present?
   end
 end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 3e9da6f8..cbb77336 100755
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -210,6 +210,10 @@ en:
     google: Google
     microsoft_office365: Office 365
     twitter: Twitter
+  recaptcha:
+    errors:
+      recaptcha_unreachable: Oops, we failed to validate your reCAPTCHA response. Please try again.
+      verification_failed: reCAPTCHA verification failed, please try again.
   recording:
     all_recordings: All Recordings
     email: Email Recording
diff --git a/sample.env b/sample.env
index 45394ec9..59c80baf 100644
--- a/sample.env
+++ b/sample.env
@@ -78,6 +78,14 @@ LDAP_PASSWORD=
 #
 ALLOW_GREENLIGHT_ACCOUNTS=true
 
+# To enable reCaptcha on the user sign up, define these 2 keys
+# You can obtain these keys by registering your domain using the following url: 
+#
+#  https://www.google.com/recaptcha/admin
+#
+RECAPTCHA_SITE_KEY=
+RECAPTCHA_SECRET_KEY=
+
 # Set this to true if you want GreenLight to send verification emails upon
 # the creation of a new account
 #