Merge branch 'feature/recaptcha_settings' into 'master'

Makes reCAPTCHA configurable through Application Settings screen Following the work made by @stanhu here: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/2216, made it configurable without needing to restart Gitlab See merge request !2231
2015-12-29 09:39:54 +00:00 · 2015-12-29 09:39:54 +00:00 · 58bc4b72d5
commit 58bc4b72d5
parent f0ecd69be5 e619d0b615
13 changed files with 84 additions and 71 deletions
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@ -75,6 +75,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
      :metrics_pool_size,
      :metrics_timeout,
      :metrics_method_call_threshold,
+      :recaptcha_enabled,
+      :recaptcha_site_key,
+      :recaptcha_private_key,
      restricted_visibility_levels: [],
      import_sources: []
    )
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
  end

  def create
-    if !Gitlab.config.recaptcha.enabled || verify_recaptcha
+    if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
      super
    else
      flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController
  prepend_before_action :authenticate_with_two_factor, only: [:create]
  prepend_before_action :store_redirect_path, only: [:new]
  before_action :auto_sign_in_with_provider, only: [:new]
+  before_action :load_recaptcha

  def new
    if Gitlab.config.ldap.enabled
@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController
    AuditEventService.new(user, user, options).
      for_authentication.security_event
  end
+
+  def load_recaptcha
+    Gitlab::Recaptcha.load_configurations!
+  end
 end
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@ -44,24 +44,32 @@ class ApplicationSetting < ActiveRecord::Base
  attr_accessor :restricted_signup_domains_raw

  validates :session_expire_delay,
-    presence: true,
-    numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+            presence: true,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :home_page_url,
-    allow_blank: true,
-    url: true,
-    if: :home_page_url_column_exist
+            allow_blank: true,
+            url: true,
+            if: :home_page_url_column_exist

  validates :after_sign_out_path,
-    allow_blank: true,
-    url: true
+            allow_blank: true,
+            url: true

  validates :admin_notification_email,
-    allow_blank: true,
-    email: true
+            allow_blank: true,
+            email: true

  validates :two_factor_grace_period,
-    numericality: { greater_than_or_equal_to: 0 }
+            numericality: { greater_than_or_equal_to: 0 }
+
+  validates :recaptcha_site_key,
+            presence: true,
+            if: :recaptcha_enabled
+
+  validates :recaptcha_private_key,
+            presence: true,
+            if: :recaptcha_enabled

  validates_each :restricted_visibility_levels do |record, attr, value|
    unless value.nil?
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@ -209,5 +209,27 @@
          A method call is only tracked when it takes longer to complete than
          the given amount of milliseconds.

+  %fieldset
+    %legend Spam and Anti-bot Protection
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :recaptcha_enabled do
+            = f.check_box :recaptcha_enabled
+            Enable reCAPTCHA
+          %span.help-block#recaptcha_help_block Helps preventing bots from creating accounts
+
+    .form-group
+      = f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_site_key, class: 'form-control'
+        .help-block
+          Generate site and private keys here:
+          %a{ href: 'http://www.google.com/recaptcha', target: 'blank'} http://www.google.com/recaptcha
+    .form-group
+      = f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_private_key, class: 'form-control'
+
  .form-actions
    = f.submit 'Save', class: 'btn btn-primary'
--- a/app/views/devise/shared/_signup_box.html.haml
+++ b/app/views/devise/shared/_signup_box.html.haml
@ -19,7 +19,7 @@
      .form-group.append-bottom-20#password-strength
        = f.password_field :password, class: "form-control bottom", value: user[:password], id: "user_password_sign_up", placeholder: "Password", required: true
      %div
-      - if Gitlab.config.recaptcha.enabled
+      - if current_application_settings.recaptcha_enabled
        = recaptcha_tags
      %div
        = f.submit "Sign up", class: "btn-create btn"
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@ -346,12 +346,6 @@ production: &base
    # cas3:
    #   session_duration: 28800

-  # reCAPTCHA settings. See: http://www.google.com/recaptcha
-  recaptcha:
-    enabled: false
-    public_key: 'YOUR_PUBLIC_KEY'
-    private_key: 'YOUR_PRIVATE_KEY'
-
  # Shared file storage settings
  shared:
    # path: /mnt/gitlab # Default: shared
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@ -131,12 +131,6 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
 Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
 Settings.omniauth.session_tickets['cas3'] = 'ticket'

-# ReCAPTCHA settings
-Settings['recaptcha'] ||= Settingslogic.new({})
-Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
-Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
-Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
-

 Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
--- a/config/initializers/recaptcha.rb
+++ b/config/initializers/recaptcha.rb
@ -1,6 +0,0 @@
-if Gitlab.config.recaptcha.enabled
-  Recaptcha.configure do |config|
-    config.public_key  = Gitlab.config.recaptcha['public_key']
-    config.private_key = Gitlab.config.recaptcha['private_key']
-  end
-end
--- a/db/migrate/20151228175719_add_recaptcha_to_application_settings.rb
+++ b/db/migrate/20151228175719_add_recaptcha_to_application_settings.rb
@ -0,0 +1,9 @@
+class AddRecaptchaToApplicationSettings < ActiveRecord::Migration
+  def change
+    change_table :application_settings do |t|
+      t.boolean :recaptcha_enabled, default: false
+      t.string :recaptcha_site_key
+      t.string :recaptcha_private_key
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20151228150906) do
+ActiveRecord::Schema.define(version: 20151228175719) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -60,6 +60,9 @@ ActiveRecord::Schema.define(version: 20151228150906) do
    t.integer  "metrics_pool_size",                             default: 16
    t.integer  "metrics_timeout",                               default: 10
    t.integer  "metrics_method_call_threshold",                 default: 10
+    t.boolean  "recaptcha_enabled",                 default: false
+    t.string   "recaptcha_site_key"
+    t.string   "recaptcha_private_key"
  end

  create_table "audit_events", force: :cascade do |t|
--- a/doc/integration/recaptcha.md
+++ b/doc/integration/recaptcha.md
@ -6,51 +6,18 @@ to confirm that a real user, not a bot, is attempting to create an account.

 ## Configuration

-To use reCAPTCHA, first you must create a public and private key.
+To use reCAPTCHA, first you must create a site and private key.

 1. Go to the URL: https://www.google.com/recaptcha/admin

-1. Fill out the form necessary to obtain reCAPTCHA keys.
+2. Fill out the form necessary to obtain reCAPTCHA keys.

-1. On your GitLab server, open the configuration file.
+3. Login to your GitLab server, with administrator credentials.

-    For omnibus package:
+4. Go to Applications Settings on Admin Area (`admin/application_settings`)

-    ```sh
-      sudo editor /etc/gitlab/gitlab.rb
-    ```
+5. Fill all recaptcha fields with keys from previous steps

-    For installations from source:
+6. Check the `Enable reCAPTCHA` checkbox

-    ```sh
-      cd /home/git/gitlab
-
-      sudo -u git -H editor config/gitlab.yml
-    ```
-
-1.  Enable reCAPTCHA and add the settings:
-
-    For omnibus package:
-
-    ```ruby
-      gitlab_rails['recaptcha_enabled'] = true
-      gitlab_rails['recaptcha_public_key'] = 'YOUR_PUBLIC_KEY'
-      gitlab_rails['recaptcha_private_key'] = 'YOUR_PUBLIC_KEY'
-    ```
-
-    For installation from source:
-
-    ```
-      recaptcha:
-        enabled: true
-        public_key: 'YOUR_PUBLIC_KEY'
-        private_key: 'YOUR_PRIVATE_KEY'
-    ```
-
-1.  Change 'YOUR_PUBLIC_KEY' to the public key from step 2.
-
-1.  Change 'YOUR_PRIVATE_KEY' to the private key from step 2.
-
-1.  Save the configuration file.
-
-1.  Restart GitLab.
+7.  Save the configuration.
--- a/lib/gitlab/recaptcha.rb
+++ b/lib/gitlab/recaptcha.rb
@ -0,0 +1,14 @@
+module Gitlab
+  module Recaptcha
+    def self.load_configurations!
+      if current_application_settings.recaptcha_enabled
+        ::Recaptcha.configure do |config|
+          config.public_key  = current_application_settings.recaptcha_site_key
+          config.private_key = current_application_settings.recaptcha_private_key
+        end
+
+        true
+      end
+    end
+  end
+end