Merge pull request #40 from HackAssistant/recaptcha

Recaptcha

Author: Casassarnau

app/settings.py

@@ -48,6 +48,7 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'captcha',
     'django_tables2',
     'django_filters',
     'django_jwt',
@@ -219,9 +220,16 @@
     message_constants.ERROR: 'danger',
 }
 
-# Google recaptcha
-GOOGLE_RECAPTCHA_SECRET_KEY = os.environ.get('GOOGLE_RECAPTCHA_SECRET_KEY', '')
-GOOGLE_RECAPTCHA_SITE_KEY = os.environ.get('GOOGLE_RECAPTCHA_SITE_KEY', '')
+# Google Recaptcha configuration
+RECAPTCHA_PUBLIC_KEY = os.environ.get('RECAPTCHA_PUBLIC_KEY', '')
+RECAPTCHA_PRIVATE_KEY = os.environ.get('RECAPTCHA_PRIVATE_KEY', '')
+RECAPTCHA_WIDGET = os.environ.get('RECAPTCHA_WIDGET', 'ReCaptchaV2Checkbox')
+RECAPTCHA_REGISTER = True
+RECAPTCHA_LOGIN = False
+try:
+    RECAPTCHA_REQUIRED_SCORE = float(os.environ.get('RECAPTCHA_REQUIRED_SCORE', "0.85"))
+except ValueError:
+    RECAPTCHA_REQUIRED_SCORE = 0.85
 
 # Login tries
 LOGIN_TRIES = 1000 if DEBUG else 4

app/static/css/main.css

@@ -139,3 +139,7 @@ footer {
     background-color: #f7f8f9;
     color: black;
 }
+
+.g-recaptcha {
+    display: inline-block;
+}

requirements.txt

@@ -18,6 +18,7 @@ django-filter==22.1
 django-ipware==4.0.2
 django-jwt-oidc==0.3.9
 django-libsass==0.9
+django-recaptcha==3.0.0
 django-tables2==2.4.1
 flake8==4.0.1
 idna==3.3

review/views.py

@@ -121,8 +121,9 @@ def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         application = self.get_application()
         if application is not None:
-            details = {_('Full Name'): application.user.get_full_name(), _('Status'): application.get_status_display(),
-                       _('Promotion'): application.promotional_code.name}
+            details = {_('Full Name'): application.user.get_full_name(), _('Status'): application.get_status_display()}
+            if application.promotional_code:
+                details[_('Promotion')] = application.promotional_code.name
             ApplicationForm = self.get_form(application.type)
             for name, value in application.form_data.items():
                 if isinstance(value, FileField):

user/forms.py

@@ -1,5 +1,7 @@
 import re
 
+from captcha.fields import ReCaptchaField
+from captcha import widgets as captcha_widgets
 from django import forms
 from django.conf import settings
 from django.contrib.auth import password_validation
@@ -8,10 +10,34 @@
 from django.utils.safestring import mark_safe
 
 from app.mixins import BootstrapFormMixin
+from app.utils import get_theme
 from user.models import User
 from django.utils.translation import gettext_lazy as _
 
 
+class RecaptchaForm(forms.Form):
+    @classmethod
+    def active(cls):
+        return getattr(settings, 'RECAPTCHA_PUBLIC_KEY', False) and getattr(settings, 'RECAPTCHA_PRIVATE_KEY', False)
+
+    def __init__(self, *args, **kwargs):
+        request = kwargs.pop('request', None)
+        widget_setting = getattr(settings, 'RECAPTCHA_WIDGET', 'ReCaptchaV2Checkbox')
+        widget_class = getattr(captcha_widgets, widget_setting, captcha_widgets.ReCaptchaV2Checkbox)
+        if widget_class == captcha_widgets.ReCaptchaBase or not issubclass(widget_class, captcha_widgets.ReCaptchaBase):
+            widget_class = captcha_widgets.ReCaptchaV2Checkbox
+        theme = get_theme(request) if request is not None else 'light'
+        self.base_fields['captcha'] = ReCaptchaField(
+            widget=widget_class(attrs={'data-theme': theme}),
+            error_messages={'required': _('You must pass the reCAPTCHA challenge!')})
+        super().__init__(*args, **kwargs)
+
+    captcha = ReCaptchaField(
+        widget=captcha_widgets.ReCaptchaV2Checkbox(),
+        error_messages={'required': _('You must pass the reCAPTCHA challenge!')}
+    )
+
+
 class LoginForm(BootstrapFormMixin, forms.Form):
     bootstrap_field_info = {'': {'fields': [{'name': 'email', 'space': 12}, {'name': 'password', 'space': 12}]}}
 

user/templates/auth.html

@@ -13,14 +13,14 @@
                         {% csrf_token %}
                         <div class="content p-4">
                             {% include 'components/bootstrap5_form.html' %}
-                            {% if auth == 'register' %}
-                                {% if captcha_site_key %}
-                                    <script src='https://www.google.com/recaptcha/api.js'></script>
-                                    <div class="g-recaptcha" data-sitekey="{{ captcha_site_key }}"></div>
-                                {% endif %}
-                            {% else %}
+                            {% if auth != 'register' %}
                                 <p><a class="text-{% if theme == 'dark' %}white{% else %}black{% endif %}" style="text-decoration: none" href="{% url 'forgot_password' %}">{% translate 'Forgot your password?' %}</a></p>
                             {% endif %}
+                            {% for field in recaptcha_form %}
+                                <div class="text-center mb-1">
+                                    {{ field }}
+                                </div>
+                            {% endfor %}
                             <div class="row justify-content-around">
                                 <div class="col-12 col-lg-6 d-grid d-md-block">
                                     <button type="submit" class="btn btn-primary col-12">{{ auth|title }}</button>
@@ -35,7 +35,6 @@
                             <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
                         </div>
                     </div>
-
                 {% endif %}
             </div>
         </div>

user/views.py

@@ -2,6 +2,7 @@
 from axes.helpers import get_client_ip_address, get_cool_off
 from axes.models import AccessAttempt
 from axes.utils import reset_request
+from django.conf import settings
 from django.contrib import auth, messages
 from django.shortcuts import redirect
 from django.urls import reverse, resolve
@@ -13,7 +14,7 @@
 from app.mixins import TabsViewMixin
 from user import emails
 from user.forms import LoginForm, UserProfileForm, ForgotPasswordForm, SetPasswordForm, \
-    RegistrationForm
+    RegistrationForm, RecaptchaForm
 from user.mixins import LoginRequiredMixin, EmailNotVerifiedMixin
 from user.models import User
 from user.tokens import AccountActivationTokenGenerator
@@ -58,8 +59,18 @@ def get_form(self):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context.update({'form': self.get_form(), 'auth': self.names.get(self.get_url_name, 'register')})
+        if getattr(settings, 'RECAPTCHA_%s' % self.get_url_name.upper(), False) and RecaptchaForm.active():
+            context.update({'recaptcha_form': RecaptchaForm(request=self.request)})
         return context
 
+    def forms_are_valid(self, form, context):
+        if getattr(settings, 'RECAPTCHA_%s' % self.get_url_name.upper(), False) and RecaptchaForm.active():
+            recaptcha_form = RecaptchaForm(self.request.POST, request=self.request)
+            if not recaptcha_form.is_valid():
+                context.update({'recaptcha_form': recaptcha_form})
+                return False
+        return form.is_valid()
+
 
 class Login(AuthTemplateViews):
     def add_axes_context(self, context):
@@ -79,7 +90,7 @@ def get_context_data(self, **kwargs):
     def post(self, request, **kwargs):
         form = LoginForm(request.POST)
         context = self.get_context_data(**kwargs)
-        if form.is_valid():
+        if self.forms_are_valid(form, context):
             email = form.cleaned_data['email']
             password = form.cleaned_data['password']
             user = auth.authenticate(email=email, password=password, request=request)
@@ -100,19 +111,21 @@ def post(self, request, **kwargs):
 class Register(Login):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        context.update({'form': RegistrationForm(), 'auth': 'register'})
         context.pop("blocked_message", None)
         return context
 
     def post(self, request, **kwargs):
+        context = self.get_context_data(**kwargs)
         form = RegistrationForm(request.POST)
-        if form.is_valid() and request.recaptcha_is_valid:
+        recaptcha = RecaptchaForm(request.POST, request=request)
+        if self.forms_are_valid(form, context):
             user = form.save()
             auth.login(request, user)
             emails.send_verification_email(request=request, user=user)
             messages.success(request, _('Successfully registered!'))
             return self.redirect_successful()
-        context = self.get_context_data(**kwargs)
-        context.update({'form': form})
+        context.update({'form': form, 'recaptcha_form': recaptcha})
         return self.render_to_response(context)