Add reCAPTCHA.

Closes: aptos-labs#898
defigeneration · May 10, 2022 · 4e3338e · 4e3338e
1 parent d38c712
commit 4e3338e
Show file tree

Hide file tree

Showing 9 changed files with 103 additions and 95 deletions.
diff --git a/ecosystem/platform/server/.env.example b/ecosystem/platform/server/.env.example
@@ -16,6 +16,13 @@ COMMUNITY_DB_PORT=
 # What is the external domain of this site? Used for email links, oauth, etc
 SITE_DOMAIN=localhost
 
+# ReCAPTCHA
+RECAPTCHA_SITE_KEY=
+RECAPTCHA_SECRET_KEY=
+
+# Google Analytics
+GOOGLE_ANALYTICS_ID="G-CWW2TW4HSD"
+
 RAILS_ENV=dev
 
 SECRET_KEY_BASE=18ff7d41b9da02d394434e2eb140611516707334b7d7a7e15cf8b567061f30e9400a82e61aa772b9e6ccb72853932769d03bbbb9d78f62333c8f7adb95cc727d
diff --git a/ecosystem/platform/server/Gemfile b/ecosystem/platform/server/Gemfile
@@ -105,3 +105,5 @@ group :test do
   gem 'selenium-webdriver'
   gem 'webdrivers'
 end
+
+gem "recaptcha", "~> 5.10"
diff --git a/ecosystem/platform/server/Gemfile.lock b/ecosystem/platform/server/Gemfile.lock
@@ -163,6 +163,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
+    json (2.6.1)
     jwt (2.3.0)
     kaminari (1.2.2)
       activesupport (>= 4.1.0)
@@ -282,6 +283,8 @@ GEM
       activerecord (>= 6.0.4)
       activesupport (>= 6.0.4)
       i18n
+    recaptcha (5.10.0)
+      json
     regexp_parser (2.3.1)
     reline (0.3.1)
       io-console (~> 0.5)
@@ -408,6 +411,7 @@ DEPENDENCIES
   rack-cors
   rails (~> 7.0.2, >= 7.0.2.3)
   rails_state_machine
+  recaptcha (~> 5.10)
   rspec-rails
   rubocop
   rubocop-rails

diff --git a/ecosystem/platform/server/app/controllers/it1_profiles_controller.rb b/ecosystem/platform/server/app/controllers/it1_profiles_controller.rb
@@ -21,23 +21,19 @@ def create
     params[:user] = current_user
     @it1_profile = It1Profile.new(params)
 
-    respond_to do |format|
-      if @it1_profile.save
-        format.html { redirect_to overview_index_path, notice: 'IT1 application was successfully created.' }
-      else
-        format.html { render :new, status: :unprocessable_entity }
-      end
+    if verify_recaptcha(model: @it1_profile) && @it1_profile.save
+      redirect_to overview_index_path, notice: 'IT1 application was successfully created.'
+    else
+      render :new, status: :unprocessable_entity
     end
   end
 
   # PATCH/PUT /it1_profiles/1 or /it1_profiles/1.json
   def update
-    respond_to do |format|
-      if @it1_profile.update(it1_profile_params)
-        format.html { redirect_to overview_index_path, notice: 'IT1 application was successfully updated.' }
-      else
-        format.html { render :edit, status: :unprocessable_entity }
-      end
+    if verify_recaptcha(model: @it1_profile) && @it1_profile.update(it1_profile_params)
+      redirect_to overview_index_path, notice: 'IT1 application was successfully updated.'
+    else
+      render :edit, status: :unprocessable_entity
     end
   end
 

diff --git a/ecosystem/platform/server/app/controllers/onboarding_controller.rb b/ecosystem/platform/server/app/controllers/onboarding_controller.rb
@@ -9,7 +9,7 @@ def email; end
 
   def email_update
     email_params = params.require(:user).permit(:email)
-    if current_user.update(email_params)
+    if verify_recaptcha(model: current_user) && current_user.update(email_params)
       current_user.send_confirmation_instructions
       redirect_to overview_index_path
     else

diff --git a/ecosystem/platform/server/app/views/it1_profiles/_form.html.erb b/ecosystem/platform/server/app/views/it1_profiles/_form.html.erb
@@ -1,4 +1,4 @@
-<%= form_with(model: it1_profile, class: "contents") do |form| %>
+<%= form_with(model: it1_profile, class: "contents", data: {turbo: false}) do |form| %>
   <% if it1_profile.errors.any? %>
     <div id="error_explanation" class="bg-red-50 text-red-500 px-3 py-2 font-medium rounded-lg mt-3">
       <h2><%= pluralize(it1_profile.errors.count, "error") %> prohibited this it1_profile from being saved:</h2>
@@ -48,6 +48,7 @@
     <%= form.label :terms %>
     <%= form.check_box :terms, required: true %>
     </p>
+    <%= recaptcha_tags %>
   </div>
 
   <div class="inline">

diff --git a/ecosystem/platform/server/app/views/layouts/_google_analytics.html.erb b/ecosystem/platform/server/app/views/layouts/_google_analytics.html.erb
@@ -1,9 +1,9 @@
 <!-- Global site tag (gtag.js) - Google Analytics -->
-<script async src="https://www.googletagmanager.com/gtag/js?id=G-CWW2TW4HSD"></script>
+<script async src="https://www.googletagmanager.com/gtag/js?id=<%= ENV.fetch('GOOGLE_ANALYTICS_ID', '') %>"></script>
 <script>
   window.dataLayer = window.dataLayer || [];
   function gtag(){dataLayer.push(arguments);}
   gtag('js', new Date());
 
-  gtag('config', 'G-CWW2TW4HSD', <%= {debug_mode: !Rails.env.production?}.to_json.html_safe %>);
+  gtag('config', "<%= ENV.fetch('GOOGLE_ANALYTICS_ID', '') %>", <%= {debug_mode: !Rails.env.production?}.to_json.html_safe %>);
 </script>
diff --git a/ecosystem/platform/server/app/views/onboarding/email.html.erb b/ecosystem/platform/server/app/views/onboarding/email.html.erb
@@ -13,12 +13,14 @@
   </div>
 <% end %>
 
-<%= form_with(model: current_user, url: onboarding_email_path, method: :post) do |f| %>
+<%= form_with(model: current_user, url: onboarding_email_path, method: :post, data: {turbo: false}) do |f| %>
   <div class="field">
     <%= f.label :email %><br />
     <%= f.email_field :email, autofocus: true, autocomplete: "email", value: current_user.email || @oauth_email %>
   </div>
 
+  <%= recaptcha_tags %>
+
   <div class="actions">
     <%= f.submit "Send email" %>
   </div>

diff --git a/ecosystem/platform/server/db/schema.rb b/ecosystem/platform/server/db/schema.rb