Implement optional reCAPTCHA for registrations

cydrobolt · May 17, 2017 · 6e28bf8 · 6e28bf8
1 parent 3c669ee
commit 6e28bf8
Show file tree

Hide file tree

Showing 8 changed files with 119 additions and 3 deletions.
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php
@@ -102,6 +102,10 @@ public static function performSetup(Request $request) {
             ]);
         }
 
+        $polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha');
+        $polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key');
+        $polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key');
+
         $acct_username = $request->input('acct:username');
         $acct_email = $request->input('acct:email');
         $acct_password = $request->input('acct:password');
@@ -154,12 +158,15 @@ public static function performSetup(Request $request) {
             'ST_PUBLIC_INTERFACE' => $st_public_interface,
             'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation,
             'POLR_ACCT_ACTIVATION' => $polr_acct_activation,
+            'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha,
             'ST_SHORTEN_PERMISSION' => $st_shorten_permission,
             'ST_INDEX_REDIRECT' => $st_index_redirect,
             'ST_REDIRECT_404' => $st_redirect_404,
             'ST_PASSWORD_RECOV' => $st_password_recov,
             'ST_RESTRICT_EMAIL_DOMAIN' => $st_restrict_email_domain,
             'ST_ALLOWED_EMAIL_DOMAINS' => $st_allowed_email_domains,
+            'POLR_RECAPTCHA_SITE_KEY' => $polr_recaptcha_site_key,
+            'POLR_RECAPTCHA_SECRET' => $polr_recaptcha_secret_key,
 
             'MAIL_ENABLED' => $mail_enabled,
             'MAIL_HOST' => $mail_host,

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -57,6 +57,18 @@ public function performSignup(Request $request) {
             return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.');
         }
 
+        if (env('POLR_ACCT_CREATION_RECAPTCHA')) {
+            // Verify reCAPTCHA if setting is enabled
+            $gRecaptchaResponse = $request->input('g-recaptcha-response');
+
+            $recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY'));
+            $recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip());
+
+            if (!$recaptcha_resp->isSuccess()) {
+                return redirect(route('signup'))->with('error', 'You must complete the reCAPTCHA to register.');
+            }
+        }
+
         // Validate signup form data
         $this->validate($request, [
             'username' => 'required|alpha_dash',

diff --git a/composer.json b/composer.json
@@ -14,7 +14,8 @@
         "torann/geoip": "^1.0",
         "geoip2/geoip2": "^2.4",
         "nesbot/carbon": "^1.22",
-        "doctrine/dbal": "^2.5"
+        "doctrine/dbal": "^2.5",
+        "google/recaptcha": "~1.1"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.0",

diff --git a/composer.lock b/composer.lock
diff --git a/public/css/signup.css b/public/css/signup.css
@@ -17,3 +17,7 @@
 .login-prompt {
     padding-top: 15px;
 }
+
+.g-recaptcha {
+    margin-bottom: 2em;
+}
diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php
@@ -51,6 +51,11 @@
 # Set to true to require activation by email (e.g true/false)
 POLR_ACCT_ACTIVATION={{$POLR_ACCT_ACTIVATION}}
 
+# Set to true to require reCAPTCHAs on sign up pages
+# If this setting is enabled, you must also provide your reCAPTCHA keys
+# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY
+POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}}
+
 # Set to true to require users to be logged in before shortening URLs
 SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}}
 
@@ -86,6 +91,12 @@
 # A comma-separated list of permitted email domains
 SETTING_ALLOWED_EMAIL_DOMAINS={{$ST_ALLOWED_EMAIL_DOMAINS}}
 
+# reCAPTCHA site key
+POLR_RECAPTCHA_SITE_KEY={{$POLR_RECAPTCHA_SITE_KEY}}
+
+# reCAPTCHA secret key
+POLR_RECAPTCHA_SECRET_KEY={{$POLR_RECAPTCHA_SECRET}}
+
 # Set each to blank to disable mail
 @if($MAIL_ENABLED)
 MAIL_DRIVER=smtp

diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php
@@ -207,6 +207,34 @@
                 Please ensure SMTP is properly set up before enabling password recovery.
             </p>
 
+            <p>
+                Require reCAPTCHA for Registrations
+                <setup-tooltip content="You must provide your reCAPTCHA keys to use this feature."></setup-tooltip>
+            </p>
+            <select name='setting:acct_registration_recaptcha' class='form-control'>
+                <option value='false'>Do not require reCAPTCHA for registration</option>
+                <option value='true'>Require reCATPCHA for registration</option>
+            </select>
+
+            <p>
+                reCAPTCHA Configuration:
+                <setup-tooltip content="You must provide reCAPTCHA keys if you intend to use any reCAPTCHA-dependent features."></setup-tooltip>
+            </p>
+
+            <p>
+                reCAPTCHA Site Key
+            </p>
+            <input type='text' class='form-control' name='setting:recaptcha_site_key'>
+
+            <p>
+                reCAPTCHA Secret Key
+            </p>
+            <input type='text' class='form-control' name='setting:recaptcha_secret_key'>
+
+            <p class='text-muted'>
+                You can obtain reCAPTCHA keys from <a href="https://www.google.com/recaptcha/admin">Google's reCAPTCHA website</a>.
+            </p>
+
             <p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p>
             <select name='app:stylesheet' class='form-control'>
                 <option value=''>Modern (default)</option>

diff --git a/resources/views/signup.blade.php b/resources/views/signup.blade.php
@@ -12,6 +12,11 @@
         Username: <input type='text' name='username' class='form-control form-field' placeholder='Username' />
         Password: <input type='password' name='password' class='form-control form-field' placeholder='Password' />
         Email: <input type='email' name='email' class='form-control form-field' placeholder='Email' />
+
+        @if (env('POLR_ACCT_CREATION_RECAPTCHA'))
+        <div class="g-recaptcha" data-sitekey="{{env('POLR_RECAPTCHA_SITE_KEY')}}"></div>
+        @endif
+
         <input type="hidden" name='_token' value='{{csrf_token()}}' />
         <input type="submit" class="btn btn-default btn-success" value="Register"/>
         <p class='login-prompt'>
@@ -34,6 +39,9 @@
         <h4>Email</h4>
         <p>The email you will use to verify your account or to recover your account.</p>
     </p>
-
 </div>
 @endsection
+
+@section('js')
+<script src="https://www.google.com/recaptcha/api.js" async defer></script>
+@endsection