From 7abcaec2103a7998a0af4f1a67f821ffa13ac63d Mon Sep 17 00:00:00 2001
From: Alex Kotov <kotovalexarian@gmail.com>
Date: Fri, 14 Dec 2018 07:13:49 +0500
Subject: [PATCH] Add reCAPTCHA

---
 Gemfile                                      |  3 +++
 Gemfile.lock                                 |  3 +++
 app/controllers/users/sessions_controller.rb | 23 ++++++++++++++------
 app/helpers/application_helper.rb            |  2 +-
 app/views/users/sessions/new.html.erb        |  4 ++++
 config/credentials.yml.enc                   |  2 +-
 config/initializers/recaptcha.rb             | 11 ++++++++++
 config/settings/recaptcha.yml                |  9 ++++++++
 8 files changed, 48 insertions(+), 9 deletions(-)
 create mode 100644 config/initializers/recaptcha.rb
 create mode 100644 config/settings/recaptcha.yml

diff --git a/Gemfile b/Gemfile
index e2d525c..f88beda 100644
--- a/Gemfile
+++ b/Gemfile
@@ -110,6 +110,9 @@ gem 'telegram-bot', '~> 0.14'
 # Virtus types for Telegram Bot API.
 gem 'telegram-bot-types', '~> 0.6'
 
+# Helpers for the reCAPTCHA API.
+gem 'recaptcha', '~> 4.13'
+
 group :development, :test do
   # factory_bot provides a framework and DSL for defining and using factories.
   gem 'factory_bot_rails', '~> 4.10'
diff --git a/Gemfile.lock b/Gemfile.lock
index 713d957..ca084c4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -296,6 +296,8 @@ GEM
     rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
+    recaptcha (4.13.1)
+      json
     redis (4.0.3)
     regexp_parser (1.3.0)
     responders (2.4.0)
@@ -466,6 +468,7 @@ DEPENDENCIES
   rails (~> 5.2.1)
   rails-erd (~> 1.5)
   rails-i18n (~> 5.1)
+  recaptcha (~> 4.13)
   redis (~> 4.0)
   rest-client (~> 2.0)
   rolify (~> 5.2)
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 1065539..0f4b36c 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -4,6 +4,8 @@ class Users::SessionsController < Devise::SessionsController
   skip_after_action :verify_authorized
   skip_after_action :verify_policy_scoped
 
+  prepend_before_action :check_captcha, only: :create
+
   # before_action :configure_sign_in_params, only: [:create]
 
   # GET /resource/sign_in
@@ -12,19 +14,26 @@ class Users::SessionsController < Devise::SessionsController
   # end
 
   # POST /resource/sign_in
-  # def create
-  #   super
-  # end
+  def create
+    super
+  end
 
   # DELETE /resource/sign_out
-  # def destroy
-  #   super
-  # end
+  def destroy
+    super
+  end
 
-  # protected
+protected
 
   # If you have extra params to permit, append them to the sanitizer.
   # def configure_sign_in_params
   #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
   # end
+
+  def check_captcha
+    return if verify_recaptcha
+
+    self.resource = resource_class.new sign_in_params
+    render :new
+  end
 end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 2dcab44..971ee0c 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -5,7 +5,7 @@ module ApplicationHelper
     case flash_type
     when 'success'
       'alert-success'
-    when 'error'
+    when 'error', 'recaptcha_error'
       'alert-danger'
     when 'alert'
       'alert-warning'
diff --git a/app/views/users/sessions/new.html.erb b/app/views/users/sessions/new.html.erb
index 83236d6..1557110 100644
--- a/app/views/users/sessions/new.html.erb
+++ b/app/views/users/sessions/new.html.erb
@@ -13,6 +13,10 @@
                   input_html: { autocomplete: 'current-password' } %>
 
       <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
+
+      <div class="mb-3">
+        <%= recaptcha_tags %>
+      </div>
     </div>
 
     <div class="form-actions">
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
index 0bd23df..15d81e6 100644
--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@@ -1 +1 @@
-XpjR8j+qN8qPyleTAB7MJb+CYhXulqQwWpNW9O6XEqgveOqMui3gG3kjcYF1SGag3Lyb37JE4vKWgsAQbPh6YYRvVKhr/UEAnpOlll56DLyOl62lu0U038lbQ/LgSHmzX0TDzCw6HlXzugytzLLJWFZzarh3giA03JpjwJi9p0uGWCAzyt9oZaUxxgrxcJI0N3S88OiDeCJ+ndlmc8GXeBFArs86O3jHui2P/drTHhSDIRjiPKu2XOTK+iqC9qZVL+FclZj+Rwi6Bw/Ob1TsXGwuSr8s3v6AxdZoHZhbJcr+3eMtwRecxuNI+f/LrZdd1oRpfUgXlVGJVeXMyZohbSCxDo6XWMlvaJF8NZxtyLmACCrxW3OwghZijyJK1YvZOOu2hnGDNiqaauy/ayopF8z4pYnnHr2Uty8XNtCyWCbj4/BE59FHDkO97O+0Gk6ivjGoTylyqvXeaeoFixGYyZhRwXm7aBdZQVf1tQdKJ5f2aRzLxym76MCUdk0DZeBbu1xWW0ORcnPFZihgYwq4EVo1c0UZg+wdiPM2VsqauvSuSWVpEA37yarlSxPUiwHsep/RXQcypAhQGgJpS+Y83354h4d39mnNKVVY7Dp6MPmolAmMmuOuSg8IPgbm1t0WIUvZzDuOwDcaOw+vskjVuG1UXmYDowiLgiw7q13RrNPKNzBmxqmTzYNgX0R0NbRnbyCYPUeL4bHT0X6gykYGRTSU96osr3jHdU6OWpZKUoz4qci7XxzxpWRLeeyNt2m9FF72oNdBmy8XBtI/2+N7xGfbQ7HIBb1qJcR0vALp6y7Oe+VMaokLrbmUOmgSOKcBDO75zCPV1cT2V6TOWyeT15ZDA9xJVeyn3v27a+tAb8VH0dmEdhP9qKGUPwPynwe8bt97FHnF0cWLgPQ6iPRKynC3jDKa9Q/UGISlUMnM9w6rJYgS/RfP6+CJuHGEUUtOgDaGWoeLfb3Zf16xrX6YElMR62V48vC9+N36cjxRT2HAi07Fm+dSpmXME8TX0fHDkbOqjHUnL1UUNDtS/zQ3zB0JnhHH3kCBVqEPqGcrlwZ41SItjlKOmf5QueooMIDkt+nrlqq8MH8H7X1PwiffoKGOKxGSe5av4Wht7oTfLXwaJul/Klv+rzqoxXlE1MJad32uIqxHM+OEsmkIZV7Mp8+2P0FA1WG8oNKFGR9+pDJIB5HNNt4lZiBbpRBrogtOr1+cNsPUIIqurca1rHY3OV2+RWb5TOuTbb8lX1mAfRBpoFV8ubkwqZrgAcY2--NOzfEQFtoa3MHjU8--B7qrAiWb5qaFoUtH3M90Fg==
\ No newline at end of file
+C5sE9RF/MHXPhzxvn6bbbEnMZcjzjliu7nlWM4qpI02K9z4WVQc2tU5i9arLmv5RyowQLtnjTouX4qzXTJDMmdiE5A0iv2RcD7ZTPeQ+fc5pvGOjTRTrqi2UdNZjuEtlaklanUDd0g95I5ZV16bwm1Sua2Gb5rlrjWjVCrB3DuTw9qyu4rrnIDbkyJrpOEf8MvcVCl1KJsAE9eYg3xeaaGMDb4bIURAP3hG8rsqnk1yNjW4zmPvnUzoxlENUEv3LhT3/HeHI4kUg7M53PcfPo2Pee0czOq24nndJ/eYzgpwvqHCIFd37rFgtUlE8RKkDIMRuJK6in//TjepO+J8pV/tWiQEBWfPH1dUKQvswN94PZx9rDwf3rK3ZTysTALhf23HY+peQDdE+wV1ZFKaklbFR1hW/T+bxrXu2u3x8yUpf8l39vi/tcl5ntsAYi4es6lnIcht2LUw0YIfCPwSQ8Ozc6AxuA5z1+LLGNTlEaIls7Pl55xJd5OqErcZiR+nUxGQU8JdSxv+5QDswWGHaWlCppz3nNiT3t372q1IpY/Mr5I5BZq+3omYNfdqRhUWCxJeh4v9XfbnuxN37Br8lheMi+u9fT6S2zqCt+ucESqqTjNVHXMyFoZy+bvO9UuUvpz+72DOihlTo6lG1oJDFXhvCDMTlg4e5UbxjAGDQjNGhnqlvGlX+1jkw3aFxh7l9yXxmzlSdEmZHj3m43wqFwOalK3IvlJPtL8VT+B2+qcGjGrvJl4tYPqqnUCqalXLRig3erLxyBouF7UiGsptsEFrxqwrjUbz7+11+8dp7wzBKjNauHb572yXf4BdG7rAa4ivppf2XAiJiRMf4+Ks0/hlUIe8Lisxy0nPoGKTyvp9Y2rrN/XDl09DMFcAlZR16bBZrX0L1UGDH1B/rR9JWrVetM3XR1g1G4lkAz5OmrhkpFLBp9X8OCRObHLnhcnw8k7jGCWiHEBnH1Ez9g51mS+CJ0nKwpKHO5zq1nxPrb6J8AC6DzZWNf9oKZOPXZXq05fjxIL+judVvNAW39bC924N7nD1b+w+BXjduoZUFITmYjDVenNpmToUgsqlso7/SIIHicniI2jM8oeQXRMbgRJEf787x/kgUvC7BAZWk2ChqhuyKQfYSUV3019bGmlSSIKpFQLSaBDxJyKoS/RGaZcAqQx5z5t/nos7uOHuRAiNKH/cJfVrfN5WFAMMAsG9l7WtiVNjqJs3Ha/5OMgCzNoDFxVPiKVUTm3NHvFNZbXsobDxLF5HbUUhh2m3lK/lKatHSwfbAU/ca00HZ48RibOqFmruK+20X+8py6L7R1jOgTVaveSAsbJHlSrSKZRR3k24JGNqK3+wD3A1r--IE3qv5uCCzLe4X1g--cuMLzKt35nIvWXL8LzRrLQ==
\ No newline at end of file
diff --git a/config/initializers/recaptcha.rb b/config/initializers/recaptcha.rb
new file mode 100644
index 0000000..bc86adf
--- /dev/null
+++ b/config/initializers/recaptcha.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+# Be sure to restart your server when you modify this file.
+
+Rails.application.settings(:recaptcha).presence.try do |settings|
+  Recaptcha.configure do |config|
+    config.site_key        = settings[:site_key]
+    config.secret_key      = settings[:secret_key]
+    config.skip_verify_env = %w[development test cucumber]
+  end
+end
diff --git a/config/settings/recaptcha.yml b/config/settings/recaptcha.yml
new file mode 100644
index 0000000..55af9ed
--- /dev/null
+++ b/config/settings/recaptcha.yml
@@ -0,0 +1,9 @@
+default: &default
+  site_key: 6LdgbIEUAAAAANMCKgv_eVOViQt4oQHlBpVxqguZ
+  secret_key: <%= Rails.application.credentials.recaptcha_secret_key %>
+
+development:
+  <<: *default
+
+production:
+  <<: *default