diff --git a/Gemfile b/Gemfile index e0e432f0..ec146b7e 100644 --- a/Gemfile +++ b/Gemfile @@ -81,5 +81,5 @@ group :test do gem 'mock_redis' gem 'simplecov', require: nil gem 'm' - gem 'apparition' + gem 'apparition', github: 'twalpole/apparition', ref: 'ca86be4d54af835d531dbcd2b86e7b2c77f85f34' end diff --git a/Gemfile.lock b/Gemfile.lock index e9e0a7c0..142cca59 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,6 +10,15 @@ GIT rack (>= 1.6) uuidtools (~> 2.1.1) +GIT + remote: https://github.com/twalpole/apparition.git + revision: ca86be4d54af835d531dbcd2b86e7b2c77f85f34 + ref: ca86be4d54af835d531dbcd2b86e7b2c77f85f34 + specs: + apparition (0.6.0) + capybara (~> 3.13, < 4) + websocket-driver (>= 0.6.5) + GEM remote: https://rubygems.org/ specs: @@ -26,20 +35,18 @@ GEM annoy (0.5.6) highline (>= 1.5.0) ansi (1.5.0) - apparition (0.5.0) - capybara (~> 3.13, < 4) - websocket-driver (>= 0.6.5) base32 (0.3.2) bcrypt (3.1.13) builder (3.2.3) byebug (11.0.1) - capybara (3.32.2) + capybara (3.36.0) addressable + matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.5) + regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) certified (1.0.0) climate_control (0.2.0) @@ -128,13 +135,14 @@ GEM ffi (>= 0.6.3) mail (2.7.1) mini_mime (>= 0.1.1) + matrix (0.4.2) maxmind-db (1.0.0) metaclass (0.0.4) method_source (0.9.2) mime-types (3.3) mime-types-data (~> 3.2015) mime-types-data (3.2019.0904) - mini_mime (1.0.2) + mini_mime (1.1.2) mini_portile2 (2.5.3) minitest (5.11.3) minitest-reporters (1.3.8) @@ -178,7 +186,7 @@ GEM public_suffix (4.0.6) puma (5.5.1) nio4r (~> 2.0) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-cache (1.9.0) rack (>= 0.4) @@ -196,7 +204,7 @@ GEM redis (3.3.5) redis-namespace (1.6.0) redis (>= 3.0.4) - regexp_parser (1.7.1) + regexp_parser (2.1.1) rest-client (2.1.0) http-accept (>= 1.7.0, < 2.0) http-cookie (>= 1.0.2, < 2.0) @@ -278,7 +286,7 @@ GEM addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff - websocket-driver (0.7.2) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) will_paginate (3.1.8) @@ -296,7 +304,7 @@ DEPENDENCIES acme-client (~> 2.0.0) activesupport addressable (>= 2.8.0) - apparition + apparition! base32 bcrypt capybara diff --git a/app.rb b/app.rb index 946613cf..2d7f7331 100644 --- a/app.rb +++ b/app.rb @@ -25,7 +25,7 @@ helpers do def hcaptcha_input %{ -
+
} end end @@ -89,7 +89,7 @@ after do end #after do - #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com; frame-src https://www.google.com/recaptcha/ https://js.stripe.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: } + #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com https://assets.hcaptcha.com; frame-src https://assets.hcaptcha.com https://js.stripe.com; script-src 'self' 'unsafe-inline' https://js.stripe.com https://hcaptcha.com https://assets.hcaptcha.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: } #end not_found do diff --git a/app/create.rb b/app/create.rb index 3338ab7b..101633bd 100644 --- a/app/create.rb +++ b/app/create.rb @@ -12,11 +12,12 @@ post '/create_validate_all' do site = Site.new fields if site.valid? - return [].to_json if education_whitelisted? || params[:'g-recaptcha-response'] || self.class.test? - return [['captcha', 'Please complete the captcha.']].to_json + return [].to_json if education_whitelisted? end - site.errors.collect {|e| [e.first, e.last.first]}.to_json + resp = site.errors.collect {|e| [e.first, e.last.first]} + resp << ['captcha', 'Please complete the captcha.'] if params[:'h-captcha-response'].empty? && !self.class.test? + resp.to_json end post '/create_validate' do @@ -65,7 +66,7 @@ post '/create' do if education_whitelisted? @site.email_confirmed = true else - if !recaptcha_valid? + if !hcaptcha_valid? flash[:error] = 'The captcha was not valid, please try again.' return {result: 'error'}.to_json end diff --git a/app_helpers.rb b/app_helpers.rb index 3cd08ff1..acbbbd53 100644 --- a/app_helpers.rb +++ b/app_helpers.rb @@ -118,24 +118,6 @@ def flash_display(opts={}) erb :'_flash', layout: false, locals: {opts: opts} end -def recaptcha_valid? - return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS'] - return false unless params[:'g-recaptcha-response'] - resp = Net::HTTP.get URI( - 'https://www.google.com/recaptcha/api/siteverify?'+ - Rack::Utils.build_query( - secret: $config['recaptcha_private_key'], - response: params[:'g-recaptcha-response'] - ) - ) - - if JSON.parse(resp)['success'] == true - true - else - false - end -end - def hcaptcha_valid? return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS'] return false unless params[:'h-captcha-response'] diff --git a/config.yml.template b/config.yml.template index 6b8551a5..be470036 100644 --- a/config.yml.template +++ b/config.yml.template @@ -3,10 +3,8 @@ development: database_pool: 1 redis_url: "redis://localhost" session_secret: "SECRET GOES HERE" - recaptcha_public_key: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI" - recaptcha_private_key: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe" - hcaptcha_site_key: sitekey - hcaptcha_secret_key: secret + hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001" + hcaptcha_secret_key: "0x0000000000000000000000000000000000000000" sidekiq_user: "ENTER USER HERE" sidekiq_pass: "ENTER PASS HERE" stripe_publishable_key: "ENTER KEY HERE" @@ -32,8 +30,8 @@ test: database: 'postgres://localhost/neocities_test' database_pool: 1 session_secret: "SECRET GOES HERE" - recaptcha_public_key: "ENTER PUBLIC KEY HERE" - recaptcha_private_key: "ENTER PRIVATE KEY HERE" + hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001" + hcaptcha_secret_key: "0x0000000000000000000000000000000000000000" sidekiq_user: "ENTER USER HERE" sidekiq_pass: "ENTER PASS HERE" stripe_publishable_key: "ENTER KEY HERE" diff --git a/config.yml.travis b/config.yml.travis index 173757c3..a92bca0d 100644 --- a/config.yml.travis +++ b/config.yml.travis @@ -1,8 +1,6 @@ database: 'postgres://postgres@localhost/travis_ci_test' database_pool: 1 session_secret: 's3cr3t' -recaptcha_public_key: '1234' -recaptcha_private_key: '5678' email_unsubscribe_token: "somethingrandomderrrrp" paypal_api_username: derp paypal_api_password: ing @@ -21,5 +19,5 @@ screenshot_urls: cache_control_ips: - 1.2.3.4 - 4.5.6.7 -hcaptcha_site_key: sitekey -hcaptcha_secret_key: secret \ No newline at end of file +hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001" +hcaptcha_secret_key: "0x0000000000000000000000000000000000000000" \ No newline at end of file diff --git a/sass/_project-sass/_project-Main.scss b/sass/_project-sass/_project-Main.scss index 4cf3ba08..9fb1f546 100644 --- a/sass/_project-sass/_project-Main.scss +++ b/sass/_project-sass/_project-Main.scss @@ -2288,3 +2288,8 @@ pre, code { position: fixed!important; top: 105px!important; } + +.h-captcha iframe { + width: 90% !important; + border-radius: 10px; +} \ No newline at end of file diff --git a/sass/_tidy.scss b/sass/_tidy.scss index 0457f2b1..59b7355b 100644 --- a/sass/_tidy.scss +++ b/sass/_tidy.scss @@ -33,10 +33,4 @@ textarea { input[type=submit] { margin-top: 10px; -} - -.recaptcha { - background: #fff; - width: 440px; - overflow: auto; } \ No newline at end of file diff --git a/tests/acceptance/password_reset_tests.rb b/tests/acceptance/password_reset_tests.rb index 91075249..1cdb9b0d 100644 --- a/tests/acceptance/password_reset_tests.rb +++ b/tests/acceptance/password_reset_tests.rb @@ -73,13 +73,13 @@ describe '/password_reset' do visit "/password_reset_confirm?#{Rack::Utils.build_query username: @site.username, token: @site.reload.password_reset_token}" - page.current_url.must_match /.+\/settings$/ + page.current_url.must_match /.+\/settings#password/ fill_in 'new_password', with: 'n3wp4s$' fill_in 'new_password_confirm', with: 'n3wp4s$' click_button 'Change Password' - page.current_url.must_match /.+\/settings$/ + page.current_url.must_match /.+\/settings#password/ page.must_have_content 'Successfully changed password' Site.valid_login?(@site.username, 'n3wp4s$').must_equal true page.get_rack_session['id'].must_equal @site.id diff --git a/views/_index_signup_script.erb b/views/_index_signup_script.erb index 0b192827..def586f1 100644 --- a/views/_index_signup_script.erb +++ b/views/_index_signup_script.erb @@ -15,8 +15,9 @@ } else { for(var i=0; i -

DMCA Takedown Contact

diff --git a/views/index.erb b/views/index.erb index 0852f0c5..4adeffed 100644 --- a/views/index.erb +++ b/views/index.erb @@ -53,7 +53,7 @@

Create your own free website.
Unlimited creativity, zero ads.

- Neocities is a social network of <%= @sites_count.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse %> web sites that are bringing back the lost individual creativity of the web. We offer free static web hosting and tools that allow you to create your own web site. Join us! + Neocities is a social network of <%= @sites_count.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse %> web sites that are bringing back the lost individual creativity of the web. We offer free static web hosting and tools that allow you to create your own web site. Join us!

  • @@ -61,6 +61,7 @@

    Powerful features to help you build

    We’ve made it easy to build your web site and explore other sites. Neocities features an in-browser HTML editor, a command line tool, custom domain support, fast site performance, easy file uploading, RSS feeds, folder support, and so much more. +

  • @@ -126,14 +127,11 @@ autocorrect="off" autocomplete="off" />
-
+
-
-
+ <%== hcaptcha_input %>
@@ -142,6 +140,7 @@
+ diff --git a/views/index_layout.erb b/views/index_layout.erb index fd597031..ea608b9b 100644 --- a/views/index_layout.erb +++ b/views/index_layout.erb @@ -37,7 +37,6 @@ - <%== yield %>