replace recaptch with hcaptcha

2025-04-24 17:22:35 +02:00 · 2021-12-03 12:04:00 -06:00 · 2021-12-03 12:04:00 -06:00 · bc0addb27b
commit bc0addb27b
parent 6d87c80df1
14 changed files with 46 additions and 63 deletions
--- a/2
+++ b/2
@ -81,5 +81,5 @@ group :test do
  gem 'mock_redis'
  gem 'simplecov',                      require: nil
  gem 'm'
-  gem 'apparition'
+  gem 'apparition', github: 'twalpole/apparition', ref: 'ca86be4d54af835d531dbcd2b86e7b2c77f85f34'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -10,6 +10,15 @@ GIT
      rack (>= 1.6)
      uuidtools (~> 2.1.1)

+GIT
+  remote: https://github.com/twalpole/apparition.git
+  revision: ca86be4d54af835d531dbcd2b86e7b2c77f85f34
+  ref: ca86be4d54af835d531dbcd2b86e7b2c77f85f34
+  specs:
+    apparition (0.6.0)
+      capybara (~> 3.13, < 4)
+      websocket-driver (>= 0.6.5)
+
 GEM
  remote: https://rubygems.org/
  specs:
@ -26,20 +35,18 @@ GEM
    annoy (0.5.6)
      highline (>= 1.5.0)
    ansi (1.5.0)
-    apparition (0.5.0)
-      capybara (~> 3.13, < 4)
-      websocket-driver (>= 0.6.5)
    base32 (0.3.2)
    bcrypt (3.1.13)
    builder (3.2.3)
    byebug (11.0.1)
-    capybara (3.32.2)
+    capybara (3.36.0)
      addressable
+      matrix
      mini_mime (>= 0.1.3)
      nokogiri (~> 1.8)
      rack (>= 1.6.0)
      rack-test (>= 0.6.3)
-      regexp_parser (~> 1.5)
+      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    certified (1.0.0)
    climate_control (0.2.0)
@ -128,13 +135,14 @@ GEM
      ffi (>= 0.6.3)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
+    matrix (0.4.2)
    maxmind-db (1.0.0)
    metaclass (0.0.4)
    method_source (0.9.2)
    mime-types (3.3)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2019.0904)
-    mini_mime (1.0.2)
+    mini_mime (1.1.2)
    mini_portile2 (2.5.3)
    minitest (5.11.3)
    minitest-reporters (1.3.8)
@ -178,7 +186,7 @@ GEM
    public_suffix (4.0.6)
    puma (5.5.1)
      nio4r (~> 2.0)
-    racc (1.5.2)
+    racc (1.6.0)
    rack (2.2.3)
    rack-cache (1.9.0)
      rack (>= 0.4)
@ -196,7 +204,7 @@ GEM
    redis (3.3.5)
    redis-namespace (1.6.0)
      redis (>= 3.0.4)
-    regexp_parser (1.7.1)
+    regexp_parser (2.1.1)
    rest-client (2.1.0)
      http-accept (>= 1.7.0, < 2.0)
      http-cookie (>= 1.0.2, < 2.0)
@ -278,7 +286,7 @@ GEM
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    will_paginate (3.1.8)
@ -296,7 +304,7 @@ DEPENDENCIES
  acme-client (~> 2.0.0)
  activesupport
  addressable (>= 2.8.0)
-  apparition
+  apparition!
  base32
  bcrypt
  capybara
--- a/app.rb
+++ b/app.rb
@ -25,7 +25,7 @@ helpers do
  def hcaptcha_input
    %{
      <script src="https://hcaptcha.com/1/api.js" async defer></script>
-      <div class="h-captcha" data-sitekey="#{$config['hcaptcha_site_key']}"></div>
+      <div id="captcha_input" class="h-captcha" data-sitekey="#{$config['hcaptcha_site_key']}"></div>
    }
  end
 end
@ -89,7 +89,7 @@ after do
 end

 #after do
-  #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com; frame-src https://www.google.com/recaptcha/ https://js.stripe.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: }
+  #response.headers['Content-Security-Policy'] = %{block-all-mixed-content; default-src 'self'; connect-src 'self' https://api.stripe.com https://assets.hcaptcha.com; frame-src https://assets.hcaptcha.com https://js.stripe.com; script-src 'self' 'unsafe-inline' https://js.stripe.com https://hcaptcha.com https://assets.hcaptcha.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: }
 #end

 not_found do
--- a/app/create.rb
+++ b/app/create.rb
@ -12,11 +12,12 @@ post '/create_validate_all' do
  site = Site.new fields

  if site.valid?
-    return [].to_json if education_whitelisted? || params[:'g-recaptcha-response'] || self.class.test?
-    return [['captcha', 'Please complete the captcha.']].to_json
+    return [].to_json if education_whitelisted?
  end

-  site.errors.collect {|e| [e.first, e.last.first]}.to_json
+  resp = site.errors.collect {|e| [e.first, e.last.first]}
+  resp << ['captcha', 'Please complete the captcha.'] if params[:'h-captcha-response'].empty? && !self.class.test?
+  resp.to_json
 end

 post '/create_validate' do
@ -65,7 +66,7 @@ post '/create' do
  if education_whitelisted?
    @site.email_confirmed = true
  else
-    if !recaptcha_valid?
+    if !hcaptcha_valid?
      flash[:error] = 'The captcha was not valid, please try again.'
      return {result: 'error'}.to_json
    end
--- a/app_helpers.rb
+++ b/app_helpers.rb
@ -118,24 +118,6 @@ def flash_display(opts={})
  erb :'_flash', layout: false, locals: {opts: opts}
 end

-def recaptcha_valid?
-  return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS']
-  return false unless params[:'g-recaptcha-response']
-  resp = Net::HTTP.get URI(
-    'https://www.google.com/recaptcha/api/siteverify?'+
-    Rack::Utils.build_query(
-      secret: $config['recaptcha_private_key'],
-      response: params[:'g-recaptcha-response']
-    )
-  )
-
-  if JSON.parse(resp)['success'] == true
-    true
-  else
-    false
-  end
-end
-
 def hcaptcha_valid?
  return true if ENV['RACK_ENV'] == 'test' || ENV['TRAVIS']
  return false unless params[:'h-captcha-response']
--- a/config.yml.template
+++ b/config.yml.template
@ -3,10 +3,8 @@ development:
  database_pool: 1
  redis_url: "redis://localhost"
  session_secret: "SECRET GOES HERE"
-  recaptcha_public_key: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"
-  recaptcha_private_key: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
-  hcaptcha_site_key: sitekey
-  hcaptcha_secret_key: secret
+  hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+  hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"
  sidekiq_user: "ENTER USER HERE"
  sidekiq_pass: "ENTER PASS HERE"
  stripe_publishable_key: "ENTER KEY HERE"
@ -32,8 +30,8 @@ test:
  database: 'postgres://localhost/neocities_test'
  database_pool: 1
  session_secret: "SECRET GOES HERE"
-  recaptcha_public_key: "ENTER PUBLIC KEY HERE"
-  recaptcha_private_key: "ENTER PRIVATE KEY HERE"
+  hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+  hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"
  sidekiq_user: "ENTER USER HERE"
  sidekiq_pass: "ENTER PASS HERE"
  stripe_publishable_key: "ENTER KEY HERE"
--- a/config.yml.travis
+++ b/config.yml.travis
@ -1,8 +1,6 @@
 database: 'postgres://postgres@localhost/travis_ci_test'
 database_pool: 1
 session_secret: 's3cr3t'
-recaptcha_public_key: '1234'
-recaptcha_private_key: '5678'
 email_unsubscribe_token: "somethingrandomderrrrp"
 paypal_api_username: derp
 paypal_api_password: ing
@ -21,5 +19,5 @@ screenshot_urls:
 cache_control_ips:
  - 1.2.3.4
  - 4.5.6.7
-hcaptcha_site_key: sitekey
-hcaptcha_secret_key: secret
+hcaptcha_site_key: "10000000-ffff-ffff-ffff-000000000001"
+hcaptcha_secret_key: "0x0000000000000000000000000000000000000000"
--- a/sass/_project-sass/_project-Main.scss
+++ b/sass/_project-sass/_project-Main.scss
@ -2288,3 +2288,8 @@ pre, code {
  position: fixed!important;
  top: 105px!important;
 }
+
+.h-captcha iframe {
+  width: 90% !important;
+  border-radius: 10px;
+}
--- a/sass/_tidy.scss
+++ b/sass/_tidy.scss
@ -33,10 +33,4 @@ textarea {

 input[type=submit] {
  margin-top: 10px;
-}
-
-.recaptcha {
-  background: #fff;
-  width: 440px;
-  overflow: auto;
 }
--- a/tests/acceptance/password_reset_tests.rb
+++ b/tests/acceptance/password_reset_tests.rb
@ -73,13 +73,13 @@ describe '/password_reset' do

    visit "/password_reset_confirm?#{Rack::Utils.build_query username: @site.username, token: @site.reload.password_reset_token}"

-    page.current_url.must_match /.+\/settings$/
+    page.current_url.must_match /.+\/settings#password/

    fill_in 'new_password', with: 'n3wp4s$'
    fill_in 'new_password_confirm', with: 'n3wp4s$'
    click_button 'Change Password'

-    page.current_url.must_match /.+\/settings$/
+    page.current_url.must_match /.+\/settings#password/
    page.must_have_content 'Successfully changed password'
    Site.valid_login?(@site.username, 'n3wp4s$').must_equal true
    page.get_rack_session['id'].must_equal @site.id
--- a/views/_index_signup_script.erb
+++ b/views/_index_signup_script.erb
@ -15,8 +15,9 @@
      } else {
        for(var i=0; i<errors.length;i++) {
          if(errors[i][0] == 'captcha') {
-            var captchaDiv = $('#captcha-input')
+            var captchaDiv = $('#captcha_input')
            captchaDiv.attr('data-original-title', errors[i][1])
+            captchaDiv.attr('data-placement', 'left')
            captchaDiv.tooltip('show')
          } else {
            var ele = $('input[name='+errors[i][0]+']')
--- a/views/dmca.erb
+++ b/views/dmca.erb
@ -1,5 +1,3 @@
-<script src='https://www.google.com/recaptcha/api.js'></script>
-
 <div class="header-Outro">
  <div class="row content single-Col">
  <h1>DMCA Takedown Contact</h1>
--- a/views/index.erb
+++ b/views/index.erb
@ -53,7 +53,7 @@
  <div class="col intro">
    <h2 class="section-header">Create your own free website.<br>Unlimited creativity, zero ads.</h2>
    <p class="intro-text">
-     Neocities is a social network of <a href="/browse"><%= @sites_count.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse %> web sites</a> that are bringing back the lost individual creativity of the web. We offer free static web hosting and tools that allow you to create your own web site. Join us!
+      Neocities is a social network of <a href="/browse"><%= @sites_count.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse %> web sites</a> that are bringing back the lost individual creativity of the web. We offer free static web hosting and tools that allow you to create your own web site. Join us!
    </p>
    <ul class="intro-List">
      <li class="intro-Tools">
@ -61,6 +61,7 @@
        <h3 class="delta">Powerful features to help you build</h3>
        <p class="base">
          We’ve made it easy to build your web site and explore other sites. Neocities features an in-browser HTML editor, a <a href="/cli">command line tool</a>, custom domain support, fast site performance, easy file uploading, RSS feeds, folder support, and so much more.
+        </p>
      </li>

      <li class="intro-Social">
@ -126,14 +127,11 @@
                     autocorrect="off" autocomplete="off" />
            </div>

-            <div class="col col-50" style="padding-left:0;">
+            <div class="col col-50" style="padding-left:0">
              <label>
                Confirm you are human
              </label>
-              <div id="captcha-input" class="g-recaptcha"
-                   data-sitekey="<%= $config['recaptcha_public_key'] %>"
-                   data-theme="dark" data-placement="left" data-trigger="manual">
-              </div>
+              <%== hcaptcha_input %>
            </div>

            <div class="col col-50">
@ -142,6 +140,7 @@
              </div>
            </div>
          </div>
+
        </fieldset>
      </form>

--- a/views/index_layout.erb
+++ b/views/index_layout.erb
@ -37,7 +37,6 @@
  <![endif]-->

  <script src="/js/jquery-1.11.0.min.js"></script>
-  <script src='https://www.google.com/recaptcha/api.js'></script>
 </head>

 <%== yield %>