From: Jess Robinson Date: Mon, 9 Jul 2012 15:23:13 +0000 (+0000) Subject: Add Recaptcha support to the register action to help prevent spammers. X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=b74843e50e3c2c01f3ae8c3592fbedcbeb1cd858;p=scpubgit%2Fstemmaweb.git Add Recaptcha support to the register action to help prevent spammers. --- diff --git a/Makefile.PL b/Makefile.PL index 8462a43..7c833af 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -25,6 +25,7 @@ requires 'Catalyst::Plugin::Session'; requires 'Catalyst::Plugin::Session::Store::File'; requires 'Catalyst::Plugin::Session::State::Cookie'; requires 'CatalystX::Controller::Auth'; +requires 'Catalyst::TraitFor::Controller::reCAPTCHA'; requires 'LWP::Protocol::https'; ## requires 'Moose'; diff --git a/lib/stemmaweb.pm b/lib/stemmaweb.pm index 1f06638..4563222 100644 --- a/lib/stemmaweb.pm +++ b/lib/stemmaweb.pm @@ -112,6 +112,11 @@ __PACKAGE__->config( 'View::Email::Template' => { stash_key => 'email_template', }, + + recaptcha => { + pub_key => '', + priv_key => '', + }, ); # Start the application diff --git a/lib/stemmaweb/Controller/Users.pm b/lib/stemmaweb/Controller/Users.pm index 71ee603..8a5c6ac 100644 --- a/lib/stemmaweb/Controller/Users.pm +++ b/lib/stemmaweb/Controller/Users.pm @@ -3,6 +3,7 @@ use Moose; use namespace::autoclean; BEGIN {extends 'CatalystX::Controller::Auth'; } +with 'Catalyst::TraitFor::Controller::reCAPTCHA'; =head1 NAME @@ -10,7 +11,13 @@ stemmaweb::Controller::Users - Catalyst Controller =head1 DESCRIPTION -Catalyst Controller. +The Users controller is based on L, see +there for most of the functionality. Any localised parts are described +below. + +This controller uses L to +create and check a reCaptcha form shown on the C form to +help prevent spam signups. =head1 METHODS @@ -25,6 +32,8 @@ sub base :Chained('/') :PathPart('') :CaptureArgs(0) =head2 index +The index action is not currently used. + =cut sub index :Path :Args(0) { @@ -33,12 +42,50 @@ sub index :Path :Args(0) { $c->response->body('Matched stemmaweb::Controller::Users in Users.'); } +=head2 login with openid + +Logging in with openid/google requires two passes through the login +action, on the 2nd pass the C value is passed in when +the openid providing webserver links the user back to the stemmaweb +site. This adaption to the C action sets the realm we are +authenticating against to be C in this case. + +=cut + before login => sub { my($self, $c) = @_; $c->req->param( realm => 'openid') if $c->req->param('openid-check'); }; +=head2 register with recaptcha + +This adapts the C action to add the recaptcha HTML to the +page, and verify the recaptcha info entered is correct when the form +is submitted. If the recaptcha is not correct, we just redisplay the +form with an error message. + +=cut + +before register => sub { + my ($self, $c) = @_; + + ## Puts HTML into stash in "recaptcha" key. + $c->forward('captcha_get'); + + ## When submitting, check recaptcha passes, else re-draw form + if($c->req->method eq 'POST') { + if(!$c->forward('captcha_check')) { + + ## Need these two lines to detach, so end can draw the correct template again: + my $form = $self->form_handler->new( active => [ $self->login_id_field, 'password', 'confirm_password' ] ); + $c->stash( template => $self->register_template, form => $form ); + + $c->detach(); + } + } +}; + =head1 AUTHOR A clever guy diff --git a/root/src/auth/register.tt b/root/src/auth/register.tt index ebd6771..2f91791 100644 --- a/root/src/auth/register.tt +++ b/root/src/auth/register.tt @@ -21,6 +21,11 @@ [% form.field('password').render %] [% form.field('confirm_password').render %] + [% IF recaptcha_error %] +

[% recaptcha_error | html %]

+ [% END %] + [% recaptcha %] + [% form.field('submit').render %] \ No newline at end of file