Add reCAPTCHA support

Kwpolska · Kwpolska · commit f75f305f0884 · 2015-08-08T10:19:20.000+02:00
Signed-off-by: Chris Warrick &lt;kwpolska@gmail.com&gt;
diff --git a/coil/data/templates/jinja/coil_login.tmpl b/coil/data/templates/jinja/coil_login.tmpl
@@ -1,5 +1,11 @@
 {#  -*- coding: utf-8 -*- #}
 {% extends 'base.tmpl' %}
+{% block extra_head %}
+    {{ super() }}
+    {% if captcha['enabled'] %}
+        <script src='https://www.google.com/recaptcha/api.js'></script>
+    {% endif %}
+{% endblock %}
 {% block content %}
 {% if alert %}
 <div class="alert alert-{{ alert_status }}" role="alert">{{ alert }}</div>
@@ -11,6 +17,9 @@
         <input name="username" type="text" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
         <label for="inputPassword" class="sr-only">Password</label>
         <input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
+        {% if captcha['enabled'] %}
+            <div class="g-recaptcha" data-sitekey="{{ captcha['site_key'] }}"></div>
+        {% endif %}
         <div class="checkbox">
           <label>
             <input type="checkbox" name="remember" value="remember"> Remember me
diff --git a/coil/data/templates/mako/coil_login.tmpl b/coil/data/templates/mako/coil_login.tmpl
@@ -1,5 +1,11 @@
 ## -*- coding: utf-8 -*-
 <%inherit file="base.tmpl"/>
+<%block name="extra_head">
+    ${parent.extra_head()}
+    % if captcha['enabled']:
+        <script src='https://www.google.com/recaptcha/api.js'></script>
+    % endif
+</%block>
 <%block name="content">
 % if alert:
 <div class="alert alert-${alert_status}" role="alert">${alert}</div>
@@ -11,6 +17,9 @@
         <input name="username" type="text" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
         <label for="inputPassword" class="sr-only">Password</label>
         <input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
+        % if captcha['enabled']:
+            <div class="g-recaptcha" data-sitekey="${captcha['site_key']}"></div>
+        % endif
         <div class="checkbox">
           <label>
             <input type="checkbox" name="remember" value="remember"> Remember me
diff --git a/coil/web.py b/coil/web.py
@@ -36,6 +36,7 @@
 import redis
 import rq
 import operator
+import requests
 import coil.tasks
 from nikola.utils import (unicode_str, get_logger, ColorfulStderrHandler,
                           write_metadata, TranslatableSetting)
@@ -119,6 +120,9 @@ def configure_site():
 
     app.secret_key = _site.config.get('COIL_SECRET_KEY')
     app.config['COIL_URL'] = _site.config.get('COIL_URL')
+    app.config['COIL_LOGIN_CAPTCHA'] = _site.config.get(
+        'COIL_LOGIN_CAPTCHA',
+        {'enabled': False, 'site_key': '', 'secret_key': ''})
     app.config['COIL_LIMITED'] = _site.config.get('COIL_LIMITED', False)
     app.config['REDIS_URL'] = _site.config.get('COIL_REDIS_URL',
                                                'redis://localhost:6379/0')
@@ -543,14 +547,28 @@ def login():
     alert = None
     alert_status = 'danger'
     code = 200
+    captcha = app.config['COIL_LOGIN_CAPTCHA']
     form = LoginForm()
     if request.method == 'POST':
         if form.validate():
             user = find_user_by_name(request.form['username'])
             if not user:
                 alert = 'Invalid credentials.'
                 code = 401
-            else:
+            if captcha['enabled']:
+                r = requests.post('https://www.google.com/recaptcha/api/siteverify',
+                                  data={'secret': captcha['secret_key'],
+                                        'response': request.form['g-recaptcha-response'],
+                                        'remoteip': request.remote_addr})
+                if r.status_code != 200:
+                    alert = 'Cannot check CAPTCHA response.'
+                    code = 500
+                else:
+                    rj = r.json()
+                    if not rj['success']:
+                        alert = 'Invalid CAPTCHA response. Please try again.'
+                        code = 401
+            if code == 200:
                 try:
                     pwd_ok = check_password(user.password,
                                             request.form['password'])
@@ -584,7 +602,8 @@ def login():
             alert_status = 'success'
     return render('coil_login.tmpl', {'title': 'Login', 'alert': alert, 'form':
                                       form, 'alert_status': alert_status,
-                                      'pwdchange_skip': True},
+                                      'pwdchange_skip': True,
+                                      'captcha': captcha},
                   code)
 
 
diff --git a/docs/admin/setup.rst b/docs/admin/setup.rst
@@ -53,6 +53,10 @@ Then, you must make some changes to the config:
    **Store it in a safe place** — git is not one!  You can use
    ``os.urandom(24)`` to generate something good.
  * ``COIL_URL`` — the URL under which Coil can be accessed.
+ * ``COIL_LOGIN_CAPTCHA`` — if you want reCAPTCHA to appear on the login page
+   (aimed at plugic environments, eg. the demo site), set this to a dict of
+   ``{'enabled': True, 'site_key': '', 'secret_key': ''}`` and fill in your data.
+   If you don’t want a CAPTCHA, don’t set this setting.
  * ``_MAKO_DISABLE_CACHING = True``
  * Modify ``POSTS`` and ``PAGES``, replacing ``.txt`` with ``.html``.
  * You must set the mode (Limited vs Full) and configure it accordingly — see
diff --git a/requirements.txt b/requirements.txt
@@ -13,6 +13,7 @@ pyinotify==0.9.5
 python-bcrypt==0.3.1
 pytz==2015.2
 redis==2.10.3
+requests==2.7.0
 rq==0.5.3
 six==1.9.0
 webassets==0.10.1
diff --git a/setup.py b/setup.py
@@ -7,7 +7,7 @@
     dependencies = [l.strip() for l in fh]
 
 setup(name='coil',
-      version='1.3.3',
+      version='1.3.4-alpha.1',
       description='A user-friendly CMS frontend for Nikola.',
       keywords='coil,nikola,cms',
       author='Chris Warrick, Roberto Alsina, Henry Hirsch et al.',
