From 823426bfded234f80f55580c32efdb9516b935aa Mon Sep 17 00:00:00 2001 From: rgarcia Date: Tue, 4 Aug 2015 12:54:24 +0200 Subject: [PATCH 1/2] verify captcha only when captcha keys present --- app/controllers/application_controller.rb | 5 +++++ app/controllers/debates_controller.rb | 9 ++------- app/controllers/registrations_controller.rb | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b64f11bb4..d6cda45be 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,4 +7,9 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + + def verify_captcha?(resource) + return true unless recaptcha_keys? + verify_recaptcha(model: resource) + end end diff --git a/app/controllers/debates_controller.rb b/app/controllers/debates_controller.rb index 672f41d20..e75f9a2fb 100644 --- a/app/controllers/debates_controller.rb +++ b/app/controllers/debates_controller.rb @@ -1,5 +1,5 @@ class DebatesController < ApplicationController - include RecaptchaHelper + include RecaptchaHelper before_action :set_debate, only: [:show, :edit, :update] before_action :authenticate_user!, except: [:show, :index] before_action :validate_ownership, only: [:edit, :update] @@ -25,7 +25,7 @@ class DebatesController < ApplicationController def create @debate = Debate.new(debate_params) @debate.author = current_user - if verify_captcha? and @debate.save + if verify_captcha?(@debate) and @debate.save redirect_to @debate, notice: t('flash.actions.create.notice', resource_name: 'Debate') else render :new @@ -51,9 +51,4 @@ class DebatesController < ApplicationController raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user) end - def verify_captcha? - return true unless recaptcha_keys? - verify_recaptcha(model: @debate) - end - end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 07b347cdc..c0113de42 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -1,15 +1,16 @@ class RegistrationsController < Devise::RegistrationsController + include RecaptchaHelper def create - if verify_recaptcha + if verify_captcha?(resource) super else build_resource(sign_up_params) flash.now[:alert] = t('recaptcha.errors.verification_failed') render :new - end + end end - + private From 08fdc768b2a514f97b27436cd371f7c5fe2f8105 Mon Sep 17 00:00:00 2001 From: kikito Date: Wed, 5 Aug 2015 12:17:27 +0200 Subject: [PATCH 2/2] fix wrong merge with master --- app/controllers/debates_controller.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/controllers/debates_controller.rb b/app/controllers/debates_controller.rb index c49241ff8..2e3a07e3e 100644 --- a/app/controllers/debates_controller.rb +++ b/app/controllers/debates_controller.rb @@ -51,10 +51,4 @@ class DebatesController < ApplicationController def validate_ownership raise ActiveRecord::RecordNotFound unless @debate.editable_by?(current_user) end - - def verify_captcha? - return true unless recaptcha_keys? - verify_recaptcha(model: @debate) - end - end