Merge pull request #33 from AyuntamientoMadrid/captcha

adds ReCaptcha to debates creation form

Gemfile

@@ -35,6 +35,7 @@ gem 'acts-as-taggable-on'
 gem "responders"
 gem 'foundation-rails'
 gem 'acts_as_votable'
+gem "recaptcha", :require => "recaptcha/rails"
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console

Gemfile.lock

@@ -137,6 +137,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
     rdoc (4.2.0)
+    recaptcha (0.4.0)
     responders (2.1.0)
       railties (>= 4.2.0, < 5)
     rspec-core (3.3.1)
@@ -210,6 +211,7 @@ DEPENDENCIES
   jquery-rails
   pg
   rails (= 4.2.3)
+  recaptcha
   responders
   rspec-rails (~> 3.0)
   sass-rails (~> 5.0)

app/controllers/debates_controller.rb

@@ -1,4 +1,5 @@
 class DebatesController < ApplicationController
+  include RecaptchaHelper 
   before_action :set_debate, only: [:show, :edit, :update]
   before_action :authenticate_user!, except: [:show, :index]
   before_action :validate_ownership, only: [:edit, :update]
@@ -24,8 +25,11 @@ class DebatesController < ApplicationController
   def create
     @debate = Debate.new(debate_params)
     @debate.author = current_user
-    @debate.save
-    respond_with @debate
+    if verify_captcha? and @debate.save
+      redirect_to @debate, notice: t('flash.actions.create.notice', resource_name: 'Debate')
+    else
+      render :new
+    end
   end
 
   def update
@@ -47,4 +51,9 @@ class DebatesController < ApplicationController
       raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user)
     end
 
+    def verify_captcha?
+      return true unless recaptcha_keys?
+      verify_recaptcha(model: @debate) 
+    end
+
 end

app/helpers/recaptcha_helper.rb

@@ -0,0 +1,8 @@
+module RecaptchaHelper
+  
+  def recaptcha_keys?
+    Recaptcha.configuration.public_key.present? && 
+    Recaptcha.configuration.private_key.present?
+  end
+
+end

app/views/debates/_form.html.erb

@@ -30,6 +30,8 @@
     Acepto la política de privacidad y el aviso legal 
   <% end %>
 
+  <%= render 'shared/captcha' %>
+
   <div class="actions">
     <%= f.submit %>
   </div>

app/views/layouts/application.html.erb

@@ -5,13 +5,13 @@
         <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 
         <title><%= content_for?(:title) ? yield(:title) : "Participación" %></title>
-
         <%= stylesheet_link_tag    "application" %>
         <%= javascript_include_tag "vendor/modernizr" %>
         <%= javascript_include_tag "application", 'data-turbolinks-track' => true %>
         <%= csrf_meta_tags %>
+        <script src="https://www.google.com/recaptcha/api.js?hl=<%= I18n.locale %>"></script>
     </head>
-<body>
+  <body>
 
     <%= render 'layouts/header' %>
 
@@ -28,5 +28,5 @@
         <%= yield %>
       </div>
     </div>
-</body>
+  </body>
 </html>

app/views/shared/_captcha.html.erb

@@ -0,0 +1,3 @@
+<% if recaptcha_keys?   %>
+  <%= recaptcha_tags ajax: true, hl: I18n.locale %>
+<% end %>

app/views/shared/_tags.html.erb

@@ -1,3 +1,5 @@
 <% if debate.tags.any? %>
+  <div id='tags'>  
     Temas: <%= tags(debate) %>
+  </div>
 <% end %>

config/initializers/recaptcha.rb

@@ -0,0 +1,5 @@
+Recaptcha.configure do |config|
+  config.public_key  = Rails.application.secrets.recaptcha_public_key
+  config.private_key = Rails.application.secrets.recaptcha_private_key
+  config.api_version = 'v2'
+end

config/locales/en.yml

@@ -20,4 +20,7 @@
 # available at http://guides.rubyonrails.org/i18n.html.
 
 en:
-  hello: "Hello world"
+  recaptcha:
+  errors:
+    verification_failed: "Incorrect Captcha"
+    recaptcha_unreachable: "Internet connecion error. Could not load Captcha"

config/locales/es.yml

@@ -196,3 +196,7 @@ es:
       long: "%d de %B de %Y %H:%M"
       short: "%d de %b %H:%M"
     pm: pm
+  recaptcha:
+    errors:
+      verification_failed: "El Captcha no es correcto"
+      recaptcha_unreachable: "Fallo de conexión a Internet. No se ha podido cargar el Captcha"

config/secrets.yml.example

@@ -10,8 +10,18 @@
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
 
+default: &default
+  recaptcha_public_key: <%= ENV["MADRID_RECAPTCHA_PUBLIC_KEY"] %>
+  recaptcha_private_key: <%= ENV["MADRID_RECAPTCHA_PRIVATE_KEY"] %>
+
 development:
   secret_key_base: 56792feef405a59b18ea7db57b4777e855103882b926413d4afdfb8c0ea8aa86ea6649da4e729c5f5ae324c0ab9338f789174cf48c544173bc18fdc3b14262e4
+  <<: *default
 
 test:
   secret_key_base: 4d5adf961ddd27aef19622d6c0b3234d555f9ee003f022b1f829c92bbe33aaee907be7feb67bd54c14a1a32512fa968565ad405971fbc41bd0797af73c26a796
+  <<: *default
+
+production:
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  <<: *default

spec/features/tags_spec.rb

@@ -80,7 +80,11 @@ feature 'Tags' do
     click_button 'Actualizar Debate'
 
     expect(page).to have_content 'Debate actualizado correctamente'
-    expect(page).to have_content 'Temas: Economía, Hacienda'
+    within('#tags') do
+      expect(page).to have_content 'Temas:'
+      expect(page).to have_css('a', text: 'Economía')
+      expect(page).to have_css('a', text: 'Hacienda')
+    end
   end
 
   scenario 'Delete' do

spec/helpers/recaptcha_helper_spec.rb

@@ -0,0 +1,22 @@
+require 'rails_helper'
+
+describe RecaptchaHelper do
+
+  describe "#recaptcha_keys?" do
+
+    it "should be true if Recaptcha keys are configured" do
+      allow(Recaptcha.configuration).to receive(:public_key).and_return("akjasf")
+      allow(Recaptcha.configuration).to receive(:private_key).and_return("akjasf4532")
+
+      expect(helper.recaptcha_keys?).to be true
+    end
+
+    it "should be false if Recaptcha keys are not configured" do
+      allow(Recaptcha.configuration).to receive(:public_key).and_return(nil)
+      allow(Recaptcha.configuration).to receive(:private_key).and_return(nil)
+
+      expect(helper.recaptcha_keys?).to be false
+    end
+
+  end
+end