Merge branch 'master' into ssl-opt

Gemfile

@@ -44,6 +44,9 @@ gem 'omniauth-openid'
 gem 'omniauth-google-oauth2'
 gem 'omniauth-github'
 
+# Bot-filtering
+gem 'recaptcha', require: 'recaptcha/rails'
+
 # as authorization framework
 gem 'cancancan'
 
@@ -182,6 +185,10 @@ gem 'cloudinary'
 # for setting app configuration in the environment
 gem 'dotenv-rails'
 
+# configurable toggles for functionality
+# https://github.com/mgsnova/feature
+gem 'feature'
+
 # For countable.js
 gem "countable-rails", "~> 0.0.1"
 

Gemfile.lock

@@ -179,6 +179,7 @@ GEM
       multipart-post (>= 1.2, < 3)
     fastimage (2.0.0)
       addressable (~> 2)
+    feature (1.4.0)
     ffi (1.9.18)
     font-awesome-rails (4.7.0.2)
       railties (>= 3.2, < 5.2)
@@ -420,6 +421,8 @@ GEM
       loggability (~> 0.12)
       rdoc (~> 5.0)
       yajl-ruby (~> 1.3)
+    recaptcha (4.6.2)
+      json
     redcarpet (3.2.3)
     referer-parser (0.2.1)
     request_store (1.1.0)
@@ -589,6 +592,7 @@ DEPENDENCIES
   dotenv-rails
   factory_girl_rails
   faker
+  feature
   font-awesome-rails
   formtastic (~> 3.1.1)
   formtastic-bootstrap
@@ -636,6 +640,7 @@ DEPENDENCIES
   rails-i18n (~> 4.0.0)
   rails_12factor
   rdoc-generator-fivefish
+  recaptcha
   redcarpet
   responders (~> 2.0)
   rolify

app/assets/stylesheets/osem.css.scss

@@ -1,3 +1,5 @@
+@import "bootstrap/mixins";
+
 html {
   position: relative;
   min-height: 100%;
@@ -104,3 +106,12 @@ p.comment-body {
 .qr-image{
   margin-left: 120px;
 }
+
+.g-recaptcha {
+    @include clearfix;
+    padding-bottom: 12px;
+    
+    div {
+        float: right;
+    }
+}

app/controllers/registrations_controller.rb

@@ -1,5 +1,5 @@
 class RegistrationsController < Devise::RegistrationsController
-  before_action :configure_permitted_parameters, if: :devise_controller?
+  prepend_before_action :check_captcha, only: [:create]
 
   def edit
     @openids = Openid.where(user_id: current_user.id).order(:provider)
@@ -21,14 +21,34 @@ class RegistrationsController < Devise::RegistrationsController
     edit_user_registration_path(resource)
   end
 
-  def configure_permitted_parameters
-    devise_parameter_sanitizer.permit(:account_update) do |u|
-      u
-          .permit(:email, :password, :password_confirmation, :current_password, :username, :email_public)
-    end
-    devise_parameter_sanitizer.permit(:sign_up) do |u|
-      u
-          .permit(:email, :password, :password_confirmation, :name, :username)
+  private
+
+  def sign_up_params
+    params.require(:user).permit(
+      :email,
+      :password,
+      :password_confirmation,
+      :name,
+      :username
+    )
+  end
+
+  def account_update_params
+    params.require(:user).permit(
+      :email,
+      :password,
+      :password_confirmation,
+      :current_password,
+      :username,
+      :email_public
+    )
+  end
+
+  def check_captcha
+    unless Feature.inactive?(:recaptcha) || verify_recaptcha
+      self.resource = resource_class.new sign_up_params
+      resource.validate # Look for any other validation errors besides Recaptcha
+      respond_with_navigational(resource) { render :new }
     end
   end
 end

app/views/devise/registrations/new.html.haml

@@ -12,6 +12,8 @@
             = f.input :name, input_html: { required: true }, hint: 'This is your real name'
             = f.input :password, input_html: { required: true }
             = f.input :password_confirmation, input_html: { required: true }
+            - Feature.with(:recaptcha) do
+              = recaptcha_tags
             %p.text-right
               = f.action :submit, as: :button, label: 'Sign Up', button_html: { class: 'btn btn-success' }
 

config/initializers/feature.rb

@@ -0,0 +1,10 @@
+require 'feature'
+
+repo = Feature::Repository::SimpleRepository.new
+
+# configure features here
+unless(ENV['RECAPTCHA_SITE_KEY'].blank? || ENV['RECAPTCHA_SECRET_KEY'].blank?)
+  repo.add_active_feature :recaptcha
+end
+
+Feature.set_repository repo

dotenv.example

@@ -66,3 +66,7 @@ OSEM_ICHAIN_ENABLED=false
 
 # enable this to force SSL
 # FORCE_SSL="1"
+
+# ReCAPTCHA keys
+RECAPTCHA_SITE_KEY=""
+RECAPTCHA_SECRET_KEY=""