Add Recaptcha support to the register action to help prevent spammers.

diff --git a/stemmaweb/Makefile.PL b/stemmaweb/Makefile.PL
index 8462a43..7c833af 100644 (file)
--- a/stemmaweb/Makefile.PL
+++ b/stemmaweb/Makefile.PL
@@ -25,6 +25,7 @@ requires 'Catalyst::Plugin::Session';
 requires 'Catalyst::Plugin::Session::Store::File';
 requires 'Catalyst::Plugin::Session::State::Cookie';
 requires 'CatalystX::Controller::Auth';
+requires 'Catalyst::TraitFor::Controller::reCAPTCHA';
 requires 'LWP::Protocol::https';
 ##
 requires 'Moose';

diff --git a/stemmaweb/lib/stemmaweb.pm b/stemmaweb/lib/stemmaweb.pm
index 1f06638..4563222 100644 (file)
--- a/stemmaweb/lib/stemmaweb.pm
+++ b/stemmaweb/lib/stemmaweb.pm
@@ -112,6 +112,11 @@ __PACKAGE__->config(
     'View::Email::Template' => {
         stash_key => 'email_template',
     },
+
+    recaptcha => {
+        pub_key => '',
+        priv_key => '',
+    },
 );
 
 # Start the application

diff --git a/stemmaweb/lib/stemmaweb/Controller/Users.pm b/stemmaweb/lib/stemmaweb/Controller/Users.pm
index 71ee603..8a5c6ac 100644 (file)
--- a/stemmaweb/lib/stemmaweb/Controller/Users.pm
+++ b/stemmaweb/lib/stemmaweb/Controller/Users.pm
@@ -3,6 +3,7 @@ use Moose;
 use namespace::autoclean;
 
 BEGIN {extends 'CatalystX::Controller::Auth'; }
+with 'Catalyst::TraitFor::Controller::reCAPTCHA';
 
 =head1 NAME
 
@@ -10,7 +11,13 @@ stemmaweb::Controller::Users - Catalyst Controller
 
 =head1 DESCRIPTION
 
-Catalyst Controller.
+The Users controller is based on L<CatalystX::Controller::Auth>, see
+there for most of the functionality. Any localised parts are described
+below.
+
+This controller uses L<Catalyst::TraitFor::Controller::reCAPTCHA> to
+create and check a reCaptcha form shown on the C<register> form to
+help prevent spam signups.
 
 =head1 METHODS
 
@@ -25,6 +32,8 @@ sub base :Chained('/') :PathPart('') :CaptureArgs(0)
 
 =head2 index
 
+The index action is not currently used.
+
 =cut
 
 sub index :Path :Args(0) {
@@ -33,12 +42,50 @@ sub index :Path :Args(0) {
     $c->response->body('Matched stemmaweb::Controller::Users in Users.');
 }
 
+=head2 login with openid
+
+Logging in with openid/google requires two passes through the login
+action, on the 2nd pass the C<openid-check> value is passed in when
+the openid providing webserver links the user back to the stemmaweb
+site. This adaption to the C<login> action sets the realm we are
+authenticating against to be C<openid> in this case.
+
+=cut
+
 before login => sub {
   my($self, $c) = @_;
   $c->req->param( realm => 'openid')
     if $c->req->param('openid-check');
 };
 
+=head2 register with recaptcha
+
+This adapts the C<register> action to add the recaptcha HTML to the
+page, and verify the recaptcha info entered is correct when the form
+is submitted. If the recaptcha is not correct, we just redisplay the
+form with an error message.
+
+=cut
+
+before register => sub {
+    my ($self, $c) = @_;
+
+    ## Puts HTML into stash in "recaptcha" key.
+    $c->forward('captcha_get');
+
+    ## When submitting, check recaptcha passes, else re-draw form
+    if($c->req->method eq 'POST') {
+        if(!$c->forward('captcha_check')) {
+            
+            ## Need these two lines to detach, so end can draw the correct template again:
+            my $form = $self->form_handler->new( active => [ $self->login_id_field, 'password', 'confirm_password' ] );
+            $c->stash( template => $self->register_template, form => $form );
+
+            $c->detach();
+        }
+    }
+};
+
 =head1 AUTHOR
 
 A clever guy

diff --git a/stemmaweb/root/src/auth/register.tt b/stemmaweb/root/src/auth/register.tt
index ebd6771..2f91791 100644 (file)
--- a/stemmaweb/root/src/auth/register.tt
+++ b/stemmaweb/root/src/auth/register.tt
@@ -21,6 +21,11 @@
        [% form.field('password').render %]
        [% form.field('confirm_password').render %]
 
+    [% IF recaptcha_error %]
+          <p class="error">[% recaptcha_error | html %]</p>
+    [% END %]
+    [% recaptcha %]
+
        [% form.field('submit').render %]
 
        </form>
\ No newline at end of file