Commit 9f7d379c authored by Stan Hu's avatar Stan Hu

Add support for Google reCAPTCHA in user registration to prevent spammers

parent a5274664
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.4.0 (unreleased) v 8.4.0 (unreleased)
- Add support for Google reCAPTCHA in user registration to prevent spammers (Stan Hu)
- Implement new UI for group page - Implement new UI for group page
- Implement search inside emoji picker - Implement search inside emoji picker
- Add API support for looking up a user by username (Stan Hu) - Add API support for looking up a user by username (Stan Hu)
......
...@@ -35,6 +35,9 @@ gem 'omniauth-twitter', '~> 1.2.0' ...@@ -35,6 +35,9 @@ gem 'omniauth-twitter', '~> 1.2.0'
gem 'omniauth_crowd' gem 'omniauth_crowd'
gem 'rack-oauth2', '~> 1.2.1' gem 'rack-oauth2', '~> 1.2.1'
# reCAPTCHA protection
gem 'recaptcha', require: 'recaptcha/rails'
# Two-factor authentication # Two-factor authentication
gem 'devise-two-factor', '~> 2.0.0' gem 'devise-two-factor', '~> 2.0.0'
gem 'rqrcode-rails3', '~> 0.1.7' gem 'rqrcode-rails3', '~> 0.1.7'
......
...@@ -566,6 +566,8 @@ GEM ...@@ -566,6 +566,8 @@ GEM
trollop trollop
rdoc (3.12.2) rdoc (3.12.2)
json (~> 1.4) json (~> 1.4)
recaptcha (1.0.2)
json
redcarpet (3.3.3) redcarpet (3.3.3)
redis (3.2.2) redis (3.2.2)
redis-actionpack (4.0.1) redis-actionpack (4.0.1)
...@@ -924,6 +926,7 @@ DEPENDENCIES ...@@ -924,6 +926,7 @@ DEPENDENCIES
raphael-rails (~> 2.1.2) raphael-rails (~> 2.1.2)
rblineprof rblineprof
rdoc (~> 3.6) rdoc (~> 3.6)
recaptcha
redcarpet (~> 3.3.3) redcarpet (~> 3.3.3)
redis-namespace redis-namespace
redis-rails (~> 4.0.0) redis-rails (~> 4.0.0)
......
class RegistrationsController < Devise::RegistrationsController class RegistrationsController < Devise::RegistrationsController
before_action :signup_enabled? before_action :signup_enabled?
include Recaptcha::Verify
def new def new
redirect_to(new_user_session_path) redirect_to(new_user_session_path)
end end
def create
if !Gitlab.config.recaptcha.enabled || verify_recaptcha
super
else
flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
flash.delete :recaptcha_error
render action: 'new'
end
end
def destroy def destroy
DeleteUserService.new(current_user).execute(current_user) DeleteUserService.new(current_user).execute(current_user)
...@@ -38,4 +49,16 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -38,4 +49,16 @@ class RegistrationsController < Devise::RegistrationsController
def sign_up_params def sign_up_params
params.require(:user).permit(:username, :email, :name, :password, :password_confirmation) params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
end end
def resource_name
:user
end
def resource
@resource ||= User.new
end
def devise_mapping
@devise_mapping ||= Devise.mappings[:user]
end
end end
class SessionsController < Devise::SessionsController class SessionsController < Devise::SessionsController
include AuthenticatesWithTwoFactor include AuthenticatesWithTwoFactor
include Recaptcha::ClientHelper
prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :authenticate_with_two_factor, only: [:create]
prepend_before_action :store_redirect_path, only: [:new] prepend_before_action :store_redirect_path, only: [:new]
......
...@@ -17,6 +17,9 @@ ...@@ -17,6 +17,9 @@
= f.email_field :email, class: "form-control middle", placeholder: "Email", required: true = f.email_field :email, class: "form-control middle", placeholder: "Email", required: true
.form-group.append-bottom-20#password-strength .form-group.append-bottom-20#password-strength
= f.password_field :password, class: "form-control bottom", id: "user_password_sign_up", placeholder: "Password", required: true = f.password_field :password, class: "form-control bottom", id: "user_password_sign_up", placeholder: "Password", required: true
%div
- if Gitlab.config.recaptcha.enabled
= recaptcha_tags
%div %div
= f.submit "Sign up", class: "btn-create btn" = f.submit "Sign up", class: "btn-create btn"
......
...@@ -346,6 +346,12 @@ production: &base ...@@ -346,6 +346,12 @@ production: &base
# cas3: # cas3:
# session_duration: 28800 # session_duration: 28800
# reCAPTCHA settings. See: http://www.google.com/recaptcha
recaptcha:
enabled: false
public_key: 'YOUR_PUBLIC_KEY'
private_key: 'YOUR_PRIVATE_KEY'
# Shared file storage settings # Shared file storage settings
shared: shared:
# path: /mnt/gitlab # Default: shared # path: /mnt/gitlab # Default: shared
......
...@@ -131,6 +131,13 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours ...@@ -131,6 +131,13 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket' Settings.omniauth.session_tickets['cas3'] = 'ticket'
# ReCAPTCHA settings
Settings['recaptcha'] ||= Settingslogic.new({})
Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
Settings['shared'] ||= Settingslogic.new({}) Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
......
if Gitlab.config.recaptcha.enabled
Recaptcha.configure do |config|
config.public_key = Gitlab.config.recaptcha['public_key']
config.private_key = Gitlab.config.recaptcha['private_key']
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment