New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Recaptcha functionality to Gitea #4044

Merged
merged 30 commits into from Jul 5, 2018

Conversation

8 participants
@ghost

ghost commented May 25, 2018

This PR adds recaptcha functionality to Gitea.

Old captcha functionality remains the same, this just gives options to the user
recaptcha

Fluf Monster and others added some commits May 25, 2018

Fluf
Fluf
Fluf

@bkcsoft bkcsoft added the lgtm/need 1 label May 25, 2018

@codecov-io

This comment has been minimized.

codecov-io commented May 25, 2018

Codecov Report

Merging #4044 into master will decrease coverage by 0.02%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4044      +/-   ##
==========================================
- Coverage   20.09%   20.06%   -0.03%     
==========================================
  Files         153      153              
  Lines       30728    30766      +38     
==========================================
  Hits         6174     6174              
- Misses      23611    23649      +38     
  Partials      943      943
Impacted Files Coverage Δ
routers/user/auth.go 0% <0%> (ø) ⬆️
routers/user/auth_openid.go 0% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 54fedd4...1812cd0. Read the comment docs.

@techknowlogick techknowlogick added this to the 1.5.0 milestone May 25, 2018

@@ -299,7 +299,12 @@ ENABLE_NOTIFY_MAIL = false
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = true
ENABLE_CAPTCHA = false

This comment has been minimized.

@lafriks

lafriks May 25, 2018

Member

Do not change default as this way it will be breaking change

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

The default value is actually false but the documentation is wrong

This comment has been minimized.

@ghost

ghost May 25, 2018

Hi. Yes false is the default, and I changed it to be correct like @JonasFranzDEV said.

This comment has been minimized.

@lunny

lunny Jul 4, 2018

Member

I would like you use a captcha type and currently you have three options: disabled, image and recaptcha and default is disabled.

@@ -186,6 +186,12 @@ func NewFuncMap() []template.FuncMap {
"ParseDeadline": func(deadline string) []string {
return strings.Split(deadline, "|")
},
"EnableRecaptcha": func() bool {

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Why do you need a helper function for that? Please use ctx.Data.

@@ -760,6 +767,16 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
return
}
if setting.Service.EnableRecaptcha {
ctx.Req.ParseForm()
valid, _ := recaptcha.Verify(ctx.Req.Form.Get("g-recaptcha-response"))

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Add g-recaptcha-response as form field to form.

@@ -887,6 +910,16 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo
return
}
if setting.Service.EnableRecaptcha {
ctx.Req.ParseForm()
valid, _ := recaptcha.Verify(ctx.Req.Form.Get("g-recaptcha-response"))

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Add g-recaptcha-response as form field to auth.RegisterForm.

@@ -341,6 +346,16 @@ func RegisterOpenIDPost(ctx *context.Context, cpt *captcha.Captcha, form auth.Si
return
}
if setting.Service.EnableRecaptcha {
ctx.Req.ParseForm()
valid, _ := recaptcha.Verify(ctx.Req.Form.Get("g-recaptcha-response"))

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Same as above.

@@ -40,6 +40,13 @@
</div>
{{end}}
{{if .EnableRecaptcha}}
<div class="inline field required">
<div class="g-recaptcha" data-sitekey="{{ .RecaptchaSitekey }}" style="margin: 0 auto; width: 304px; padding-left: 30px"></div>

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Do not use inline css. Please add the style to the .less files.

{{if .EnableRecaptcha}}
<div class="inline field required">
<div class="g-recaptcha" data-sitekey="{{ .RecaptchaSitekey }}" style="margin: 0 auto; width: 304px; padding-left: 30px"></div>
<script src="https://www.google.com/recaptcha/api.js" async></script>

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Scripts should be placed in footer.

{{if .EnableRecaptcha}}
<div class="inline field required">
<div class="g-recaptcha" data-sitekey="{{ .RecaptchaSitekey }}" style="margin: 0 auto; width: 304px; padding-left: 30px"></div>
<script src="https://www.google.com/recaptcha/api.js" async></script>

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Same as above.

}
return jsonResponse.Success, nil

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

Remove empty line

if err != nil {
return false, fmt.Errorf("Failed to read CAPTCHA response: %s", err)
}
jsonResponse := Response{Success: false} // set a default of fail for CAPTCHA

This comment has been minimized.

@JonasFranzDEV

JonasFranzDEV May 25, 2018

Member

The default value of Success is false => No need for initializing it.

Fluf and others added some commits May 25, 2018

Fluf
Fluf
Fluf
Fluf
Fluf
Fluf
Fluf
Fluf
flufmonster
Fluf
Fluf
flufmonster

@lunny lunny modified the milestones: 1.5.0, 1.x.x May 25, 2018

@ghost

This comment has been minimized.

ghost commented May 25, 2018

Hi @lafriks and @JonasFranzDEV I made changes as requested. When you have chance please review. Thank you.

@techknowlogick techknowlogick modified the milestones: 1.x.x, 1.6.0 May 25, 2018

@JonasFranzDEV

This comment has been minimized.

Member

JonasFranzDEV commented May 25, 2018

Please run make generate-stylesheets and commit the result.
The position of the reCAPTCHA is not inline with the other fields. And on mobile devices it overlaps.
bildschirmfoto vom 2018-05-25 um 21 26 34
screenshot-2018-5-25 gitea git with a cup of tea

Fluf
Fluf
@ghost

This comment has been minimized.

ghost commented May 25, 2018

Thank you @JonasFranzDEV I've updated the CSS ta make it responsive for recaptcha. Please see the following screenshots:

recaptchabig
recaptchasmall

@ghost

This comment has been minimized.

ghost commented May 26, 2018

Thank you for feedback @cezar97. This only shows on sign up page, not on login.

@JonasFranzDEV

LGTM, but this PR could just be merged after the 1.5.0 release because we're in feature freeze currently. It also requires the approval of @lafriks .

@bkcsoft bkcsoft added lgtm/done and removed lgtm/need 1 labels May 26, 2018

@axifive

This comment has been minimized.

Member

axifive commented May 26, 2018

Maybe need to use compact size option for mobile view?

Fluf
@techknowlogick

This comment has been minimized.

Member

techknowlogick commented Jul 3, 2018

@flufmonster please resolve conflict.

@@ -299,7 +299,12 @@ ENABLE_NOTIFY_MAIL = false
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = true
ENABLE_CAPTCHA = false

This comment has been minimized.

@lunny

lunny Jul 4, 2018

Member

I would like you use a captcha type and currently you have three options: disabled, image and recaptcha and default is disabled.

Fluf and others added some commits Jul 4, 2018

Fluf
Fluf
Fluf
flufmonster
Fluf
@ghost

This comment has been minimized.

ghost commented Jul 4, 2018

@lunny to keep backwards compatibility for people who have ENABLE_CAPTCHA=true I add another option to change type of recaptcha instead of being able to have both at same time.

Fluf added some commits Jul 4, 2018

Fluf
Fluf

@lafriks lafriks added the changelog label Jul 4, 2018

@@ -755,12 +762,21 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
return
}
if setting.Service.EnableCaptcha && !cpt.VerifyReq(ctx.Req) {
if setting.Service.EnableCaptcha && setting.Service.CaptchaType == "image" && !cpt.VerifyReq(ctx.Req) {

This comment has been minimized.

@lunny

lunny Jul 5, 2018

Member

Could you save "image" and "recaptcha" as a const strings and only reference the const variables?

This comment has been minimized.

@ghost

ghost Jul 5, 2018

ok. I changed this.

flufmonster and others added some commits Jul 5, 2018

flufmonster
Fluf
@lunny

lunny approved these changes Jul 5, 2018

@techknowlogick techknowlogick merged commit f035dcd into go-gitea:master Jul 5, 2018

2 checks passed

approvals/lgtm this commit looks good
continuous-integration/drone/pr the build was successful
Details

aswild added a commit to aswild/gitea that referenced this pull request Oct 24, 2018

Merge tag 'v1.6.0-rc1'
Prepare for wild/v1.6 branch

* BREAKING
  * Respect email privacy option in user search via API (go-gitea#4512)
  * Simply remove tidb and deps (go-gitea#3993)
  * Swagger.v1.json template (go-gitea#3572)
* FEATURE
  * Pull request review/approval and comment on code (go-gitea#3748)
  * Added dependencies for issues (go-gitea#2196) (go-gitea#2531)
  * Add the ability to have built in themes in Gitea and provide dark theme arc-green (go-gitea#4198)
  * Add sudo functionality to the API (go-gitea#4809)
  * Add oauth providers via cli (go-gitea#4591)
  * Disable merging a WIP Pull request (go-gitea#4529)
  * Force user to change password (go-gitea#4489)
  * Add letsencrypt to Gitea (go-gitea#4189)
  * Add push webhook support for mirrored repositories (go-gitea#4127)
  * Add csv file render support defaultly (go-gitea#4105)
  * Add Recaptcha functionality to Gitea (go-gitea#4044)
* BUGFIXES
  * Fix release creation via API (go-gitea#5076)
  * Remove links from topics in edit mode  (go-gitea#5026)
  * Fix missing AppSubUrl in few more templates (fixup) (go-gitea#5021)
  * Fix missing AppSubUrl in some templates (go-gitea#5020)
  * Hide outdated comments in file view (go-gitea#5017)
  * Upgrade gopkg.in/testfixtures.v2 (go-gitea#4999)
  * Disable debug routes unless PPROF is enabled in configuration (go-gitea#4995)
  * Fix user menu item styling (go-gitea#4985)
  * Fix layout of the topics editing form (go-gitea#4971)
  * Fix null pointer dereference in ParseCommitWithSignature (go-gitea#4962)
  * Fix url in discord webhook (go-gitea#4953)
  * Detect charset and convert non UTF-8 files for display (go-gitea#4950)
  * Make sure to catch the right error so it is displayed on the UI (go-gitea#4945)
  * Fix(topics): don't redirect to explore page. (go-gitea#4938)
  * Fix bug forget to remove Stopwatch when remove repository (go-gitea#4928)
  * Fix bug when repo remained bare if multiple branches pushed in single push (go-gitea#4923)
  * Fix: Let's Encrypt configuration settings (go-gitea#4911)
  * Fix: Crippled diff (go-gitea#4726) (go-gitea#4900)
  * Fix trimming of markup section names (go-gitea#4863)
  * Issues api allow pulls and fix go-gitea#4832 (go-gitea#4852)
  * Do not autocreate directory for new users/orgs (go-gitea#4828) (go-gitea#4849)
  * Fix redirect with non-ascii branch names (go-gitea#4764) (go-gitea#4810)
  * Fix missing release title in webhook (go-gitea#4783) (go-gitea#4796)
  * User shouldn't be able to approve or reject his/her own PR (go-gitea#4729)
  * Make sure to reset commit count in the cache on mirror syncing (go-gitea#4720)
  * Fixed bug where team with admin privelege type doesn't get any unit  (go-gitea#4719)
  * Fix incorrect caption of webhook setting (go-gitea#4701) (go-gitea#4717)
  * Allow WIP marker to contains < or > (go-gitea#4709)
  * Hide org/create menu item in Dashboard if user has no rights (go-gitea#4678) (go-gitea#4680)
  * Site admin could create repos even MAX_CREATION_LIMIT=0 (go-gitea#4645)
  * Fix custom templates being ignored (go-gitea#4638)
  * Fix starring icon after semantic ui update (go-gitea#4628)
  * Fix Split-View line adjustment (go-gitea#4622)
  * Fix integer constant overflows in tests (go-gitea#4616)
  * Push whitelist now doesn't apply to branch deletion (go-gitea#4601) (go-gitea#4607)
  * Fix bugs when too many IN variables (go-gitea#4594)
  * Fix failure on creating pull request with assignees (go-gitea#4419) (go-gitea#4583)
  * Fix panic issue on update avatar email (go-gitea#4580) (go-gitea#4581)
  * Fix status code label for a successful webhook (go-gitea#4540)
  * An inactive user shouldn't be able to be added as a collaborator (go-gitea#4535)
  * Don't fail silently if trying to add a collaborator twice (go-gitea#4533)
  * Fix incorrect MergeWhitelistTeamIDs check in CanUserMerge function (go-gitea#4519) (go-gitea#4525)
  * Fix out-of-transaction query in removeOrgUser (go-gitea#4521) (go-gitea#4522)
  * Fix migration from older releases (go-gitea#4495)
  * Accept 'Data:' in commit graph (go-gitea#4487)
  * Update xorm to latest version and fix correct `user` table referencing in sql (go-gitea#4473)
  * Relative URLs for LibreJS page (go-gitea#4460)
  * Redirect to correct page after using scratch token (go-gitea#4458)
  * Fix column droping for MSSQL that need new transaction for that (go-gitea#4440)
  * Replace src with raw to fix image paths (go-gitea#4377)
  * Add default merge options when creating new repository (go-gitea#4369)
  * Fix docker build (go-gitea#4358)
  * Fixes repo membership check in API (go-gitea#4341)
  * Dep upgrade mysql lib (go-gitea#4161)
  * Fix some issues with special chars in branch names (go-gitea#3767)
  * Responsive design fixes (go-gitea#4508)
* ENHANCEMENT
  * Fix milestones sorted wrongly (go-gitea#4987)
  * Allow api to create tags for releases if they don't exist (go-gitea#4890)
  * Fix go-gitea#4877 to follow the OpenID Connect Audiences spec (go-gitea#4878)
  * Enforce token on api routes [fixed critical security issue go-gitea#4357] (go-gitea#4840)
  * Update legacy branch and tag URLs in dashboard to new format (go-gitea#4812)
  * Slack webhook channel name cannot be empty or just contain an hashtag (go-gitea#4786)
  * Add whitespace handling to PR-comparsion (go-gitea#4683)
  * Make reverse proxy auth optional (go-gitea#4643)
  * MySQL TLS (go-gitea#4642)
  * Make sure to set PR split view when creating/previewing a pull request  (go-gitea#4617)
  * Log user in after a successful sign up (go-gitea#4615)
  * Fix typo IsPullReuqestBroken -> IsPullRequestBroken (go-gitea#4578)
  * Allow admin toggle forcing a password change for newly created users (go-gitea#4563)
  * Update jQuery to v1.12.4 (go-gitea#4551)
  * Env var GITEA_PUSHER_EMAIL (go-gitea#4516)
  * Feat(repo): support search repository by topic name (go-gitea#4505)
  * Small improvements to dependency UI (go-gitea#4503)
  * Make max commits in graph configurable (go-gitea#4498)
  * Add valid for lfs oid (go-gitea#4461)
  * Add shortcut to save wiki page (go-gitea#4452)
  * Allow administrator to create repository for any organization (go-gitea#4368)
  * Fix repository last updated time update when delete a user who watched the repo (go-gitea#4363)
  * Switch plaintext scratch tokens to use hash instead (go-gitea#4331)
  * Increase default TOTP secret size to 320 bits (go-gitea#4287)
  * Keep preseeded database password (go-gitea#4284)
  * Implemented hover text showing user FullName (go-gitea#4261)
  * Add ability to delete a token (go-gitea#4235)
  * Fix typos in i18n variable names. (go-gitea#4080)
  * Api: repos/search: add parameters to control the sort order (go-gitea#3964)
  * Add missing path in the Docker app.ini template (go-gitea#2181)
  * Add file name and branch to page title (go-gitea#4902)
  * Offline use of google fonts (go-gitea#4872)
  * Add missing History link to directory listings v2 (go-gitea#4829)
  * Locale for Edit and Remove due date issue (go-gitea#4802)
  * Disable 'May Import Local Repository' when is disabled by setting (Is… (go-gitea#4780)
  * API /admin/users/{username} missing parameter (go-gitea#4775)
  * Display error when adding a user to a team twice (go-gitea#4746)
  * Remove UsePrivilegeSeparation from the Docker sshd_config, see go-gitea#2876 (go-gitea#4722)
  * Focus title input when clicking helper link (go-gitea#4696)
  * Add vendor to user reserved words and format words list according alphabet (go-gitea#4685)
  * Add gitea/issues link to 500 page (go-gitea#4654)
  * Hide home button when landing page is not set to home (go-gitea#4651)
  * Remove link to GitHub issues in 404 template (go-gitea#4639)
  * Cmd/serve: pprof cpu and memory profile dumps to disk (go-gitea#4560)
  * Add flash message after an account has been successfully activated (go-gitea#4510)
  * Prevent html entity escaping on delete branch (go-gitea#4471)
  * Locale for button Edit on protected branch (go-gitea#4442)
  * Update notification icon (go-gitea#4343)
  * Added front-end topics validation (go-gitea#4316)
  * Don't display buttons if there are no system notifications (go-gitea#4280)
  * Issue due date api (go-gitea#3890)
* SECURITY
  * Improve URL validation for external wiki  and external issues (go-gitea#4710)
  * Make cookies HttpOnly and obey COOKIE_SECURE flag (go-gitea#4706)
  * Don't disclose emails of all users when sending out emails (go-gitea#4664)
  * Check that repositories can only be migrated to own user or organizations (go-gitea#4366)
* TRANSLATION
  * Fix punctuation in English translation (go-gitea#4958)
  * Fix translation (go-gitea#4355)

HoffmannP pushed a commit to HoffmannP/gitea that referenced this pull request Nov 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment