Add support for recaptcha during the create account flow

If the feature is enabled and recaptcha keys are given in config, then a recaptcha box is displayed in the UI when creating a user and a recaptcha response code *must* be sent with the create API call for it to succeed.
2016-12-17 02:13:36 -05:00 · 2016-12-17 02:13:36 -05:00 · 3eb17b7caa
commit 3eb17b7caa
parent e58e04b0e9
12 changed files with 88 additions and 1 deletions
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -2,6 +2,7 @@

 import logging
 import json
+import recaptcha2

 from flask import request, abort
 from flask_login import logout_user
@ -183,6 +184,10 @@ class User(ApiResource):
          'type': 'string',
          'description': 'The optional invite code',
        },
+        'recaptcha_response': {
+          'type': 'string',
+          'description': 'The (may be disabled) recaptcha response code for verification',
+        },
      }
    },
    'UpdateUser': {
@ -382,6 +387,19 @@ class User(ApiResource):
      abort(404)

    user_data = request.get_json()
+
+    # If recaptcha is enabled, then verify the user is a human.
+    if features.RECAPTCHA:
+      recaptcha_response = user_data.get('recaptcha_response', '')
+      result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'],
+                                 recaptcha_response,
+                                 request.remote_addr)
+
+      if not result['success']:
+        return {
+          'message': 'Are you a bot? If not, please revalidate the captcha.'
+        }, 400
+
    invite_code = user_data.get('invite_code', '')
    existing_user = model.user.get_nonrobot_user(user_data['username'])
    if existing_user: