kallithea Changeset - 44f7f73da4a6

Changeset - 44f7f73da4a6

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Patrick Vane - 8 years ago 2018-04-03 16:20:05
patrick_vane@lowentry.com

recaptcha: Update to Google recaptcha API v2 (Issue #313)

Recaptcha stopped working. It was using google recaptcha v1, and
https://developers.google.com/recaptcha/docs/faq says: "Any calls to the v1 API
will not work after March 31, 2018."

Note:

1) Not using 'async defer' - it's not used anywhere else, plus I have no idea
of what exactly it does.

2) The recaptcha div has an ID so the label for="recaptcha_field" can reference
it (although I'm not certain a div can technically have a label, but it's
better than removing the label, or the for="").

4 files changed with 34 insertions and 56 deletions:

kallithea/controllers/login.py

kallithea/lib/recaptcha.py

kallithea/templates/password_reset.html

kallithea/templates/register.html

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -133,11 +133,10 @@ class LoginController(BaseController): @@
                 if c.captcha_active:
                     from kallithea.lib.recaptcha import submit
                     response = submit(request.POST.get('recaptcha_challenge_field'),
                                       request.POST.get('recaptcha_response_field'),
                     response = submit(request.POST.get('g-recaptcha-response'),
                                       private_key=captcha_private_key,
                                       remoteip=request.ip_addr)
-                    if c.captcha_active and not response.is_valid:
                     if not response.is_valid:
                         _value = form_result
                         _msg = _('Bad captcha')
                         error_dict = {'recaptcha_field': _msg}
@@ @@ -179,11 +178,10 @@ class LoginController(BaseController): @@
                 form_result = password_reset_form.to_python(dict(request.POST))
                 if c.captcha_active:
                     from kallithea.lib.recaptcha import submit
                     response = submit(request.POST.get('recaptcha_challenge_field'),
                                       request.POST.get('recaptcha_response_field'),
                     response = submit(request.POST.get('g-recaptcha-response'),
                                       private_key=captcha_private_key,
                                       remoteip=request.ip_addr)
-                    if c.captcha_active and not response.is_valid:
                     if not response.is_valid:
                         _value = form_result
                         _msg = _('Bad captcha')
                         error_dict = {'recaptcha_field': _msg}

kallithea/lib/recaptcha.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 import urllib
 import urllib2
 API_SSL_SERVER = "https://www.google.com/recaptcha/api"
 API_SERVER = "http://www.google.com/recaptcha/api"
 VERIFY_SERVER = "www.google.com"
 import json
 class RecaptchaResponse(object):
@@ @@ -16,23 +13,17 @@ class RecaptchaResponse(object): @@
         return '<RecaptchaResponse:%s>' % (self.is_valid)
 def submit(recaptcha_challenge_field, recaptcha_response_field, private_key,
            remoteip):
 def submit(g_recaptcha_response, private_key, remoteip):
     """
     Submits a reCAPTCHA request for verification. Returns RecaptchaResponse
     for the request
     Submits a reCAPTCHA request for verification. Returns RecaptchaResponse for the request
     recaptcha_challenge_field -- The value of recaptcha_challenge_field from the form
     recaptcha_response_field -- The value of recaptcha_response_field from the form
     g_recaptcha_response -- The value of g_recaptcha_response from the form
     private_key -- your reCAPTCHA private key
     remoteip -- the user's IP address
     """
     if not (recaptcha_response_field and recaptcha_challenge_field and
                 len(recaptcha_response_field) and len(
             recaptcha_challenge_field)):
         return RecaptchaResponse(is_valid=False,
                                  error_code='incorrect-captcha-sol')
     if not (g_recaptcha_response and len(g_recaptcha_response)):
         return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')
     def encode_if_necessary(s):
         if isinstance(s, unicode):
@@ @@ -40,14 +31,13 @@ def submit(recaptcha_challenge_field, re @@
         return s
     params = urllib.urlencode({
-        'privatekey': encode_if_necessary(private_key),
+        'secret': encode_if_necessary(private_key),
         'remoteip': encode_if_necessary(remoteip),
         'challenge': encode_if_necessary(recaptcha_challenge_field),
         'response': encode_if_necessary(recaptcha_response_field),
         'response': encode_if_necessary(g_recaptcha_response),
     })
     req = urllib2.Request(
-        url="http://%s/recaptcha/api/verify" % VERIFY_SERVER,
+        url="https://www.google.com/recaptcha/api/siteverify",
         data=params,
         headers={
             "Content-type": "application/x-www-form-urlencoded",
@@ @@ -56,13 +46,14 @@ def submit(recaptcha_challenge_field, re @@
+    )
     httpresp = urllib2.urlopen(req)
     return_values = httpresp.read().splitlines()
     return_values = json.loads(httpresp.read())
     httpresp.close()
     return_code = return_values[0]
     if return_code == "true":
     if not (isinstance(return_values, dict)):
         return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')
     elif (("success" in return_values) and ((return_values["success"] == True) or (return_values["success"] == "true"))):
         return RecaptchaResponse(is_valid=True)
     elif (("error-codes" in return_values) and isinstance(return_values["error-codes"], list) and (len(return_values["error-codes"]) > 0)):
         return RecaptchaResponse(is_valid=False, error_code=return_values["error-codes"][0])
     else:
-        return RecaptchaResponse(is_valid=False, error_code=return_values[1])
+        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

kallithea/templates/password_reset.html

➞

Show inline comments

@@ @@ -5,6 +5,12 @@ @@
     ${_('Password Reset')}
 </%block>
 <%block name="js_extra">
     %if c.captcha_active:
         <script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>
     %endif
 </%block>
 <%include file="/base/flash_msg.html"/>
 <div class="container">
 <div class="row">
@@ @@ -31,8 +37,7 @@ @@
                 <div class="form-group">
                     <label class="control-label" for="recaptcha_field">${_('Captcha')}:</label>
                     <div>
                         ${h.hidden('recaptcha_field')}
                         <div id="recaptcha"></div>
                         <div id="recaptcha_field" class="g-recaptcha" data-sitekey="${c.captcha_public_key}"></div>
                     </div>
                 </div>
                 %endif
@@ @@ -48,19 +53,9 @@ @@
                 </div>
         </div>
         ${h.end_form()}
         %if c.captcha_active:
         <script type="text/javascript" src="https://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
         %endif
         <script type="text/javascript">
          $(document).ready(function(){
             $('#email').focus();
             %if c.captcha_active:
             Recaptcha.create(${h.js(c.captcha_public_key)}, "recaptcha",
+                {
                   theme: "white"
+                }
             );
             %endif
          });
         </script>
     </div>

kallithea/templates/register.html

➞

Show inline comments

@@ @@ -5,6 +5,12 @@ @@
     ${_('Sign Up')}
 </%block>
 <%block name="js_extra">
     %if c.captcha_active:
         <script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>
     %endif
 </%block>
 <%include file="/base/flash_msg.html"/>
 <div class="container">
@@ @@ -67,8 +73,7 @@ @@
                 <div class="form-group">
                     <label class="control-label" for="recaptcha_field">${_('Captcha')}:</label>
                     <div>
                         ${h.hidden('recaptcha_field')}
                         <div id="recaptcha"></div>
                         <div id="recaptcha_field" class="g-recaptcha" data-sitekey="${c.captcha_public_key}"></div>
                     </div>
                 </div>
                 %endif
@@ @@ -85,20 +90,9 @@ @@
                 </div>
         </div>
         ${h.end_form()}
         %if c.captcha_active:
         <script type="text/javascript" src="https://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
         %endif
         <script type="text/javascript">
         $(document).ready(function(){
             $('#username').focus();
             %if c.captcha_active:
             Recaptcha.create(${h.js(c.captcha_public_key)}, "recaptcha",
+                {
                   theme: "white"
+                }
             );
             %endif
         });
         </script>
     </div>

0 comments (0 inline, 0 general)