replace recaptch with hcaptcha

Gemfile

@@ -81,5 +81,5 @@ group :test do
   gem 'mock_redis'
   gem 'simplecov',                      require: nil
   gem 'm'
-  gem 'apparition'
+  gem 'apparition', github: 'twalpole/apparition', ref: 'ca86be4d54af835d531dbcd2b86e7b2c77f85f34'
 end

Gemfile.lock

@@ -10,6 +10,15 @@ GIT
       rack (>= 1.6)
       uuidtools (~> 2.1.1)
 
+GIT
+  remote: https://github.com/twalpole/apparition.git
+  revision: ca86be4d54af835d531dbcd2b86e7b2c77f85f34
+  ref: ca86be4d54af835d531dbcd2b86e7b2c77f85f34
+  specs:
+    apparition (0.6.0)
+      capybara (~> 3.13, < 4)
+      websocket-driver (>= 0.6.5)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -26,20 +35,18 @@ GEM
     annoy (0.5.6)
       highline (>= 1.5.0)
     ansi (1.5.0)
-    apparition (0.5.0)
-      capybara (~> 3.13, < 4)
-      websocket-driver (>= 0.6.5)
     base32 (0.3.2)
     bcrypt (3.1.13)
     builder (3.2.3)
     byebug (11.0.1)
-    capybara (3.32.2)
+    capybara (3.36.0)
       addressable
+      matrix
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      regexp_parser (~> 1.5)
+      regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     certified (1.0.0)
     climate_control (0.2.0)
@@ -128,13 +135,14 @@ GEM
       ffi (>= 0.6.3)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
+    matrix (0.4.2)
     maxmind-db (1.0.0)
     metaclass (0.0.4)
     method_source (0.9.2)
     mime-types (3.3)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0904)
-    mini_mime (1.0.2)
+    mini_mime (1.1.2)
     mini_portile2 (2.5.3)
     minitest (5.11.3)
     minitest-reporters (1.3.8)
@@ -178,7 +186,7 @@ GEM
     public_suffix (4.0.6)
     puma (5.5.1)
       nio4r (~> 2.0)
-    racc (1.5.2)
+    racc (1.6.0)
     rack (2.2.3)
     rack-cache (1.9.0)
       rack (>= 0.4)
@@ -196,7 +204,7 @@ GEM
     redis (3.3.5)
     redis-namespace (1.6.0)
       redis (>= 3.0.4)
-    regexp_parser (1.7.1)
+    regexp_parser (2.1.1)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -278,7 +286,7 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     will_paginate (3.1.8)
@@ -296,7 +304,7 @@ DEPENDENCIES
   acme-client (~> 2.0.0)
   activesupport
   addressable (>= 2.8.0)
-  apparition
+  apparition!
   base32
   bcrypt
   capybara

app.rb

@@ -25,7 +25,7 @@ helpers do
   def hcaptcha_input
     %{
       <script src="https://hcaptcha.com/1/api.js" async defer></script>
-      <div class="h-captcha" data-sitekey="#{$config['hcaptcha_site_key']}"></div>
+      <div id="captcha_input" class="h-captcha" data-sitekey="#{$config['hcaptcha_site_key']}"></div>
     }
   end
 end
@@ -89,7 +89,7 @@ after do
 end
 
 #after do
-  #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com; frame-src https://www.google.com/recaptcha/ https://js.stripe.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: }
+  #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com https://assets.hcaptcha.com; frame-src https://assets.hcaptcha.com https://js.stripe.com; script-src 'self' 'unsafe-inline' https://js.stripe.com https://hcaptcha.com https://assets.hcaptcha.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: }
 #end
 
 not_found do

app/create.rb

@@ -12,11 +12,12 @@ post '/create_validate_all' do
   site = Site.new fields
 
   if site.valid?
-    return [].to_json if education_whitelisted? || params[:'g-recaptcha-response'] || self.class.test?
-    return [['captcha', 'Please complete the captcha.']].to_json
+    return [].to_json if education_whitelisted?
   end
 
-  site.errors.collect {|e| [e.first, e.last.first]}.to_json
+  resp = site.errors.collect {|e| [e.first, e.last.first]}
+  resp << ['captcha', 'Please complete the captcha.'] if params[:'h-captcha-response'].empty? && !self.class.test?
+  resp.to_json
 end
 
 post '/create_validate' do
@@ -65,7 +66,7 @@ post '/create' do
   if education_whitelisted?
     @site.email_confirmed = true
   else
-    if !recaptcha_valid?
+    if !hcaptcha_valid?
       flash[:error] = 'The captcha was not valid, please try again.'
       return {result: 'error'}.to_json
     end

app_helpers.rb

@@ -118,24 +118,6 @@ def flash_display(opts={})
   erb :'_flash', layout: false, locals: {opts: opts}
 end
 
-def recaptcha_valid?
-  return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS']
-  return false unless params[:'g-recaptcha-response']
-  resp = Net::HTTP.get URI(
-    'https://www.google.com/recaptcha/api/siteverify?'+
-    Rack::Utils.build_query(
-      secret: $config['recaptcha_private_key'],
-      response: params[:'g-recaptcha-response']
-    )
-  )
-
-  if JSON.parse(resp)['success'] == true
-    true
-  else
-    false
-  end
-end
-
 def hcaptcha_valid?
   return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS']
   return false unless params[:'h-captcha-response']

config.yml.template

@@ -3,10 +3,8 @@ development:
   database_pool: 1
   redis_url: "redis://localhost"
   session_secret: "SECRET GOES HERE"
-  recaptcha_public_key: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
-  recaptcha_private_key: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
-  hcaptcha_site_key: sitekey
-  hcaptcha_secret_key: secret
+  hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+  hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"
   sidekiq_user: "ENTER USER HERE"
   sidekiq_pass: "ENTER PASS HERE"
   stripe_publishable_key: "ENTER KEY HERE"
@@ -32,8 +30,8 @@ test:
   database: 'postgres://localhost/neocities_test'
   database_pool: 1
   session_secret: "SECRET GOES HERE"
-  recaptcha_public_key: "ENTER PUBLIC KEY HERE"
-  recaptcha_private_key: "ENTER PRIVATE KEY HERE"
+  hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+  hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"
   sidekiq_user: "ENTER USER HERE"
   sidekiq_pass: "ENTER PASS HERE"
   stripe_publishable_key: "ENTER KEY HERE"

config.yml.travis

@@ -1,8 +1,6 @@
 database: 'postgres://postgres@localhost/travis_ci_test'
 database_pool: 1
 session_secret: 's3cr3t'
-recaptcha_public_key: '1234'
-recaptcha_private_key: '5678'
 email_unsubscribe_token: "somethingrandomderrrrp"
 paypal_api_username: derp
 paypal_api_password: ing
@@ -21,5 +19,5 @@ screenshot_urls:
 cache_control_ips:
   - 1.2.3.4
   - 4.5.6.7
-hcaptcha_site_key: sitekey
-hcaptcha_secret_key: secret
+hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"

sass/_project-sass/_project-Main.scss

@@ -2288,3 +2288,8 @@ pre, code {
   position: fixed!important;
   top: 105px!important;
 }
+
+.h-captcha iframe {
+  width: 90% !important;
+  border-radius: 10px;
+}

sass/_tidy.scss

@@ -34,9 +34,3 @@ textarea {
 input[type=submit] {
   margin-top: 10px;
 }
-
-.recaptcha {
-  background: #fff;
-  width: 440px;
-  overflow: auto;
-}

tests/acceptance/password_reset_tests.rb

@@ -73,13 +73,13 @@ describe '/password_reset' do
 
     visit "/password_reset_confirm?#{Rack::Utils.build_query username: @site.username, token: @site.reload.password_reset_token}"
 
-    page.current_url.must_match /.+\/settings$/
+    page.current_url.must_match /.+\/settings#password/
 
     fill_in 'new_password', with: 'n3wp4s$'
     fill_in 'new_password_confirm', with: 'n3wp4s$'
     click_button 'Change Password'
 
-    page.current_url.must_match /.+\/settings$/
+    page.current_url.must_match /.+\/settings#password/
     page.must_have_content 'Successfully changed password'
     Site.valid_login?(@site.username, 'n3wp4s$').must_equal true
     page.get_rack_session['id'].must_equal @site.id

views/_index_signup_script.erb

@@ -15,8 +15,9 @@
       } else {
         for(var i=0; i<errors.length;i++) {
           if(errors[i][0] == 'captcha') {
-            var captchaDiv = $('#captcha-input')
+            var captchaDiv = $('#captcha_input')
             captchaDiv.attr('data-original-title', errors[i][1])
+            captchaDiv.attr('data-placement', 'left')
             captchaDiv.tooltip('show')
           } else {
             var ele = $('input[name='+errors[i][0]+']')

views/dmca.erb

@@ -1,5 +1,3 @@
-<script src='https://www.google.com/recaptcha/api.js'></script>
-
 <div class="header-Outro">
   <div class="row content single-Col">
   <h1>DMCA Takedown Contact</h1>

views/index.erb

@@ -61,6 +61,7 @@
         <h3 class="delta">Powerful features to help you build</h3>
         <p class="base">
           We’ve made it easy to build your web site and explore other sites. Neocities features an in-browser HTML editor, a <a href="/cli">command line tool</a>, custom domain support, fast site performance, easy file uploading, RSS feeds, folder support, and so much more.
+        </p>
       </li>
 
       <li class="intro-Social">
@@ -126,14 +127,11 @@
                      autocorrect="off" autocomplete="off" />
             </div>
 
-            <div class="col col-50" style="padding-left:0;">
+            <div class="col col-50" style="padding-left:0">
               <label>
                 Confirm you are human
               </label>
-              <div id="captcha-input" class="g-recaptcha"
-                   data-sitekey="<%= $config['recaptcha_public_key'] %>"
-                   data-theme="dark" data-placement="left" data-trigger="manual">
-              </div>
+              <%== hcaptcha_input %>
             </div>
 
             <div class="col col-50">
@@ -142,6 +140,7 @@
               </div>
             </div>
           </div>
+
         </fieldset>
       </form>
 

views/index_layout.erb

@@ -37,7 +37,6 @@
   <![endif]-->
 
   <script src="/js/jquery-1.11.0.min.js"></script>
-  <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>
 
 <%== yield %>