Merge branch 'feature/recaptcha_settings' into 'master'

Makes reCAPTCHA configurable through Application Settings screen

Following the work made by @stanhu here: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/2216, made it configurable without needing to restart Gitlab

See merge request !2231

app/controllers/admin/application_settings_controller.rb

@@ -75,6 +75,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :metrics_pool_size,
       :metrics_timeout,
       :metrics_method_call_threshold,
+      :recaptcha_enabled,
+      :recaptcha_site_key,
+      :recaptcha_private_key,
       restricted_visibility_levels: [],
       import_sources: []
     )

app/controllers/registrations_controller.rb

@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
   end
 
   def create
-    if !Gitlab.config.recaptcha.enabled || verify_recaptcha
+    if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
       super
     else
       flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."

app/controllers/sessions_controller.rb

@@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController
   prepend_before_action :authenticate_with_two_factor, only: [:create]
   prepend_before_action :store_redirect_path, only: [:new]
   before_action :auto_sign_in_with_provider, only: [:new]
+  before_action :load_recaptcha
 
   def new
     if Gitlab.config.ldap.enabled
@@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController
     AuditEventService.new(user, user, options).
       for_authentication.security_event
   end
+
+  def load_recaptcha
+    Gitlab::Recaptcha.load_configurations!
+  end
 end

app/models/application_setting.rb

@@ -44,24 +44,32 @@ class ApplicationSetting < ActiveRecord::Base
   attr_accessor :restricted_signup_domains_raw
 
   validates :session_expire_delay,
-    presence: true,
-    numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+            presence: true,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
 
   validates :home_page_url,
-    allow_blank: true,
-    url: true,
-    if: :home_page_url_column_exist
+            allow_blank: true,
+            url: true,
+            if: :home_page_url_column_exist
 
   validates :after_sign_out_path,
-    allow_blank: true,
-    url: true
+            allow_blank: true,
+            url: true
 
   validates :admin_notification_email,
-    allow_blank: true,
-    email: true
+            allow_blank: true,
+            email: true
 
   validates :two_factor_grace_period,
-    numericality: { greater_than_or_equal_to: 0 }
+            numericality: { greater_than_or_equal_to: 0 }
+
+  validates :recaptcha_site_key,
+            presence: true,
+            if: :recaptcha_enabled
+
+  validates :recaptcha_private_key,
+            presence: true,
+            if: :recaptcha_enabled
 
   validates_each :restricted_visibility_levels do |record, attr, value|
     unless value.nil?

app/views/admin/application_settings/_form.html.haml

@@ -209,5 +209,27 @@
           A method call is only tracked when it takes longer to complete than
           the given amount of milliseconds.
 
+  %fieldset
+    %legend Spam and Anti-bot Protection
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :recaptcha_enabled do
+            = f.check_box :recaptcha_enabled
+            Enable reCAPTCHA
+          %span.help-block#recaptcha_help_block Helps preventing bots from creating accounts
+
+    .form-group
+      = f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_site_key, class: 'form-control'
+        .help-block
+          Generate site and private keys here:
+          %a{ href: 'http://www.google.com/recaptcha', target: 'blank'} http://www.google.com/recaptcha
+    .form-group
+      = f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_private_key, class: 'form-control'
+
   .form-actions
     = f.submit 'Save', class: 'btn btn-primary'

app/views/devise/shared/_signup_box.html.haml

@@ -19,7 +19,7 @@
       .form-group.append-bottom-20#password-strength
         = f.password_field :password, class: "form-control bottom", value: user[:password], id: "user_password_sign_up", placeholder: "Password", required: true
       %div
-      - if Gitlab.config.recaptcha.enabled
+      - if current_application_settings.recaptcha_enabled
         = recaptcha_tags
       %div
         = f.submit "Sign up", class: "btn-create btn"

config/gitlab.yml.example

@@ -346,12 +346,6 @@ production: &base
     # cas3:
     #   session_duration: 28800
 
-  # reCAPTCHA settings. See: http://www.google.com/recaptcha
-  recaptcha:
-    enabled: false
-    public_key: 'YOUR_PUBLIC_KEY'
-    private_key: 'YOUR_PRIVATE_KEY'
-
   # Shared file storage settings
   shared:
     # path: /mnt/gitlab # Default: shared

config/initializers/1_settings.rb

@@ -131,12 +131,6 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
 Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
 Settings.omniauth.session_tickets['cas3'] = 'ticket'
 
-# ReCAPTCHA settings
-Settings['recaptcha'] ||= Settingslogic.new({})
-Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
-Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
-Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
-
 
 Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)

config/initializers/recaptcha.rb

-if Gitlab.config.recaptcha.enabled
-  Recaptcha.configure do |config|
-    config.public_key  = Gitlab.config.recaptcha['public_key']
-    config.private_key = Gitlab.config.recaptcha['private_key']
-  end
-end

db/migrate/20151228175719_add_recaptcha_to_application_settings.rb

+class AddRecaptchaToApplicationSettings < ActiveRecord::Migration
+  def change
+    change_table :application_settings do |t|
+      t.boolean :recaptcha_enabled, default: false
+      t.string :recaptcha_site_key
+      t.string :recaptcha_private_key
+    end
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20151228150906) do
+ActiveRecord::Schema.define(version: 20151228175719) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -60,6 +60,9 @@ ActiveRecord::Schema.define(version: 20151228150906) do
     t.integer  "metrics_pool_size",                             default: 16
     t.integer  "metrics_timeout",                               default: 10
     t.integer  "metrics_method_call_threshold",                 default: 10
+    t.boolean  "recaptcha_enabled",                 default: false
+    t.string   "recaptcha_site_key"
+    t.string   "recaptcha_private_key"
   end
 
   create_table "audit_events", force: :cascade do |t|

doc/integration/recaptcha.md

@@ -6,51 +6,18 @@ to confirm that a real user, not a bot, is attempting to create an account.
 
 ## Configuration
 
-To use reCAPTCHA, first you must create a public and private key.
+To use reCAPTCHA, first you must create a site and private key.
 
 1. Go to the URL: https://www.google.com/recaptcha/admin
 
-1. Fill out the form necessary to obtain reCAPTCHA keys.
+2. Fill out the form necessary to obtain reCAPTCHA keys.
 
-1. On your GitLab server, open the configuration file.
+3. Login to your GitLab server, with administrator credentials.
 
-    For omnibus package:
+4. Go to Applications Settings on Admin Area (`admin/application_settings`)
 
-    ```sh
-      sudo editor /etc/gitlab/gitlab.rb
-    ```
+5. Fill all recaptcha fields with keys from previous steps
 
-    For installations from source:
+6. Check the `Enable reCAPTCHA` checkbox
 
-    ```sh
-      cd /home/git/gitlab
-
-      sudo -u git -H editor config/gitlab.yml
-    ```
-
-1.  Enable reCAPTCHA and add the settings:
-
-    For omnibus package:
-
-    ```ruby
-      gitlab_rails['recaptcha_enabled'] = true
-      gitlab_rails['recaptcha_public_key'] = 'YOUR_PUBLIC_KEY'
-      gitlab_rails['recaptcha_private_key'] = 'YOUR_PUBLIC_KEY'
-    ```
-
-    For installation from source:
-
-    ```
-      recaptcha:
-        enabled: true
-        public_key: 'YOUR_PUBLIC_KEY'
-        private_key: 'YOUR_PRIVATE_KEY'
-    ```
-
-1.  Change 'YOUR_PUBLIC_KEY' to the public key from step 2.
-
-1.  Change 'YOUR_PRIVATE_KEY' to the private key from step 2.
-
-1.  Save the configuration file.
-
-1.  Restart GitLab.
+7.  Save the configuration.

lib/gitlab/recaptcha.rb

+module Gitlab
+  module Recaptcha
+    def self.load_configurations!
+      if current_application_settings.recaptcha_enabled
+        ::Recaptcha.configure do |config|
+          config.public_key  = current_application_settings.recaptcha_site_key
+          config.private_key = current_application_settings.recaptcha_private_key
+        end
+
+        true
+      end
+    end
+  end
+end