-
diff --git a/src/users/jinja2/users/signup.jinja2 b/src/users/jinja2/users/signup.jinja2
index 17846a72..58a80033 100644
--- a/src/users/jinja2/users/signup.jinja2
+++ b/src/users/jinja2/users/signup.jinja2
@@ -1,8 +1,23 @@
{% extends '/core/arviewer.jinja2' %}
-{% block content %}
- {# FIXME: maybe this can be improved #}
+{% block extra_css%}
+{% endblock %}
+
+{% block extra_js%}
+
+ {% if recaptcha_enabled %}
+
+
+ {% endif %}
+{% endblock %}
+
+{% block content %}
diff --git a/src/users/services/email_service.py b/src/users/services/email_service.py
index 815d56e0..fd23ec18 100644
--- a/src/users/services/email_service.py
+++ b/src/users/services/email_service.py
@@ -9,14 +9,15 @@ class EmailService:
def __init__(self, email_message):
self.smtp_server = settings.SMTP_SERVER
self.smtp_port = settings.SMTP_PORT
- self.jandig_email = settings.SMTP_EMAIL
- self.jandig_email_password = settings.SMTP_PASSWORD
+ self.smtp_user = settings.SMTP_USER
+ self.smtp_password = settings.SMTP_PASSWORD
+ self.jandig_email = settings.SMTP_SENDER_MAIL
self.email_message = email_message
def send_email_to_recover_password(self, multipart_message):
email_server = smtplib.SMTP(self.smtp_server, self.smtp_port)
email_server.starttls()
- email_server.login(self.jandig_email, self.jandig_email_password)
+ email_server.login(self.smtp_user, self.smtp_password)
email_server.sendmail(
multipart_message["From"],
multipart_message["To"],
diff --git a/src/users/services/recaptcha_service.py b/src/users/services/recaptcha_service.py
new file mode 100644
index 00000000..41a0a943
--- /dev/null
+++ b/src/users/services/recaptcha_service.py
@@ -0,0 +1,70 @@
+import logging
+
+import requests
+from django.conf import settings
+
+# The minimum score threshold to consider the action as legitimate.
+BOT_SCORE = 0.5
+
+logger = logging.getLogger(__name__)
+
+
+def create_assessment(token: str, recaptcha_action: str):
+ """Create an assessment to analyze the risk of a UI action.
+ Args:
+ project_id: Your Google Cloud Project ID.
+ recaptcha_key: The reCAPTCHA key associated with the site/app
+ token: The generated token obtained from the client.
+ recaptcha_action: Action name corresponding to the token.
+ """
+ if not token:
+ logger.error(
+ "The token is missing. Recaptcha may be enabled but not configured correctly."
+ )
+ return
+
+ payload = {
+ "event": {
+ "token": token,
+ "expectedAction": recaptcha_action,
+ "siteKey": settings.RECAPTCHA_SITE_KEY,
+ }
+ }
+
+ response = requests.post(
+ f"https://recaptchaenterprise.googleapis.com/v1/projects/{settings.RECAPTCHA_PROJECT_ID}/assessments?key={settings.RECAPTCHA_GCLOUD_API_KEY}",
+ json=payload,
+ )
+ response_data = response.json()
+ logger.info(response.json())
+
+ # Check if the token is valid.
+ if not response_data["tokenProperties"]["valid"]:
+ logger.info(
+ "The CreateAssessment call failed because the token was "
+ + "invalid for the following reasons: "
+ + str(response_data["tokenProperties"]["invalidReason"])
+ )
+ return
+
+ # Check if the expected action was executed.
+ if response_data["tokenProperties"]["action"] != recaptcha_action:
+ logger.info(
+ "The action attribute in your reCAPTCHA tag does"
+ + "not match the action you are expecting to score"
+ )
+ return
+ else:
+ # Get the risk score and the reason(s).
+ # For more information on interpreting the assessment, see:
+ # https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
+ for reason in response_data["riskAnalysis"]["reasons"]:
+ logger.info(reason)
+ logger.info(
+ "The reCAPTCHA score for this token is: "
+ + str(response_data["riskAnalysis"]["score"])
+ )
+ # Get the assessment name (id). Use this to annotate the assessment.
+ assessment_name = response_data["name"].split("/")[-1]
+ logger.info(f"Assessment name: {assessment_name}")
+ return response_data
diff --git a/src/users/views.py b/src/users/views.py
index 27404008..fb60ecf7 100644
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -1,7 +1,7 @@
import json
import logging
-from core.models import Artwork, Exhibit, Marker, Object
+from django.conf import settings
from django.contrib.auth import (
authenticate,
get_user_model,
@@ -15,6 +15,8 @@
from django.views.decorators.cache import cache_page
from django.views.decorators.http import require_http_methods
+from core.models import Artwork, Exhibit, Marker, Object
+
from .forms import (
ArtworkForm,
ExhibitForm,
@@ -29,13 +31,23 @@
from .models import Profile
from .services.email_service import EmailService
from .services.encrypt_service import EncryptService
+from .services.recaptcha_service import BOT_SCORE, create_assessment
from .services.user_service import UserService
-log = logging.getLogger("ej")
+log = logging.getLogger(__file__)
def signup(request):
if request.method == "POST":
+ if settings.RECAPTCHA_ENABLED:
+ recaptcha_token = request.POST.get("g-recaptcha-response")
+ assessment = create_assessment(
+ token=recaptcha_token, recaptcha_action="sign_up"
+ )
+ score = assessment.get("riskAnalysis", {}).get("score", -1)
+ if score <= BOT_SCORE:
+ return redirect("home")
+
form = SignupForm(request.POST)
if form.is_valid():
@@ -49,7 +61,15 @@ def signup(request):
else:
form = SignupForm()
- return render(request, "users/signup.jinja2", {"form": form})
+ return render(
+ request,
+ "users/signup.jinja2",
+ {
+ "form": form,
+ "recaptcha_enabled": settings.RECAPTCHA_ENABLED,
+ "recaptcha_site_key": settings.RECAPTCHA_SITE_KEY,
+ },
+ )
User = get_user_model()
@@ -57,6 +77,15 @@ def signup(request):
def recover_password(request):
if request.method == "POST":
+ if settings.RECAPTCHA_ENABLED:
+ recaptcha_token = request.POST.get("g-recaptcha-response")
+ assessment = create_assessment(
+ token=recaptcha_token, recaptcha_action="recover_password"
+ )
+ score = assessment.get("riskAnalysis", {}).get("score", -1)
+ if score <= BOT_SCORE:
+ return redirect("home")
+
recover_password_form = RecoverPasswordForm(request.POST)
if recover_password_form.is_valid():
@@ -85,7 +114,13 @@ def recover_password(request):
recover_password_form = RecoverPasswordForm()
return render(
- request, "users/recover-password.jinja2", {"form": recover_password_form}
+ request,
+ "users/recover-password.jinja2",
+ {
+ "form": recover_password_form,
+ "recaptcha_enabled": settings.RECAPTCHA_ENABLED,
+ "recaptcha_site_key": settings.RECAPTCHA_SITE_KEY,
+ },
)
diff --git a/tasks.py b/tasks.py
index a46bf42f..589bb5c6 100644
--- a/tasks.py
+++ b/tasks.py
@@ -39,38 +39,16 @@ def run(ctx, ssl=False, gunicorn=False):
manage(ctx, "runserver 0.0.0.0:8000")
-@task
-def db(ctx, make=False):
- """
- Run migrations
- """
- if make:
- manage(ctx, "makemigrations")
- manage(ctx, "migrate")
- else:
- manage(ctx, "migrate")
-
-
-@task
-def collect(ctx):
- """
- Collect static files
- """
- manage(ctx, "collectstatic --no-input --clear")
-
-
#
# Translations
#
@task
-def i18n(ctx, compile=False, edit=False, lang="pt_BR", keep_pot=False):
+def i18n(ctx, edit=False, lang="pt_BR", keep_pot=False):
"""
Extract messages for translation.
"""
if edit:
ctx.run(f"poedit locale/{lang}/LC_MESSAGES/django.po")
- elif compile:
- ctx.run(f"{python} etc/scripts/compilemessages.py")
else:
print("Collecting messages")
robust_manage(ctx, "makemessages", keep_pot=True, locale=lang)
@@ -91,8 +69,3 @@ def i18n(ctx, compile=False, edit=False, lang="pt_BR", keep_pot=False):
if not keep_pot:
print("Cleaning up")
ctx.run("rm ./locale/*.pot")
-
-
-@task
-def docs(ctx):
- ctx.run("sphinx-build docs/ build/")
 }}){kind=icon}