reCAPTCHA is configurable through Admin Settings, no reload needed.

a3469d91 · Gabriel Mazetto · af00558d · a3469d91 · a3469d91 · a3469d91
Commit a3469d91 authored Dec 28, 2015 by Gabriel Mazetto
13 changed files
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -75,6 +75,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
      :metrics_pool_size,
      :metrics_timeout,
      :metrics_method_call_threshold,
+      :recaptcha_enabled,
+      :recaptcha_site_key,
+      :recaptcha_private_key,
      restricted_visibility_levels: [],
      import_sources: []
    )

--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
  end

  def create
-    if !Gitlab.config.recaptcha.enabled || verify_recaptcha
+    if Gitlab::Recaptcha.load_configurations! && verify_recaptcha
      super
    else
      flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController
  prepend_before_action :authenticate_with_two_factor, only: [:create]
  prepend_before_action :store_redirect_path, only: [:new]
  before_action :auto_sign_in_with_provider, only: [:new]
+  before_action :load_recaptcha

  def new
    if Gitlab.config.ldap.enabled
@@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController
    AuditEventService.new(user, user, options).
      for_authentication.security_event
  end
+
+  def load_recaptcha
+    Gitlab::Recaptcha.load_configurations!
+  end
 end
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -44,24 +44,32 @@ class ApplicationSetting < ActiveRecord::Base
  attr_accessor :restricted_signup_domains_raw

  validates :session_expire_delay,
-    presence: true,
-    numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+            presence: true,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :home_page_url,
-    allow_blank: true,
-    url: true,
-    if: :home_page_url_column_exist
+            allow_blank: true,
+            url: true,
+            if: :home_page_url_column_exist

  validates :after_sign_out_path,
-    allow_blank: true,
-    url: true
+            allow_blank: true,
+            url: true

  validates :admin_notification_email,
-    allow_blank: true,
-    email: true
+            allow_blank: true,
+            email: true

  validates :two_factor_grace_period,
-    numericality: { greater_than_or_equal_to: 0 }
+            numericality: { greater_than_or_equal_to: 0 }
+
+  validates :recaptcha_site_key,
+            presence: true,
+            if: :recaptcha_enabled
+
+  validates :recaptcha_private_key,
+            presence: true,
+            if: :recaptcha_enabled

  validates_each :restricted_visibility_levels do |record, attr, value|
    unless value.nil?

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -209,5 +209,27 @@
          A method call is only tracked when it takes longer to complete than
          the given amount of milliseconds.

+  %fieldset
+    %legend Spam and Anti-bot Protection
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :recaptcha_enabled do
+            = f.check_box :recaptcha_enabled
+            Enable reCAPTCHA
+          %span.help-block#recaptcha_help_block Helps preventing bots from creating accounts
+
+    .form-group
+      = f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_site_key, class: 'form-control'
+        .help-block
+          Generate site and private keys here:
+          %a{ href: 'http://www.google.com/recaptcha', target: 'blank'} http://www.google.com/recaptcha
+    .form-group
+      = f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :recaptcha_private_key, class: 'form-control'
+
  .form-actions
    = f.submit 'Save', class: 'btn btn-primary'
--- a/app/views/devise/shared/_signup_box.html.haml
+++ b/app/views/devise/shared/_signup_box.html.haml
@@ -19,7 +19,7 @@
      .form-group.append-bottom-20#password-strength
        = f.password_field :password, class: "form-control bottom", value: user[:password], id: "user_password_sign_up", placeholder: "Password", required: true
      %div
-      - if Gitlab.config.recaptcha.enabled
+      - if current_application_settings.recaptcha_enabled
        = recaptcha_tags
      %div
        = f.submit "Sign up", class: "btn-create btn"

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -346,12 +346,6 @@ production: &base
    # cas3:
    #   session_duration: 28800

-  # reCAPTCHA settings. See: http://www.google.com/recaptcha
-  recaptcha:
-    enabled: false
-    public_key: 'YOUR_PUBLIC_KEY'
-    private_key: 'YOUR_PRIVATE_KEY'
-
  # Shared file storage settings
  shared:
    # path: /mnt/gitlab # Default: shared

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -131,12 +131,6 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
 Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
 Settings.omniauth.session_tickets['cas3'] = 'ticket'

-# ReCAPTCHA settings
-Settings['recaptcha'] ||= Settingslogic.new({})
-Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
-Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
-Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
-

 Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)

--- a/config/initializers/recaptcha.rb
+++ b/config/initializers/recaptcha.rb
-if Gitlab.config.recaptcha.enabled
-  Recaptcha.configure do |config|
-    config.public_key  = Gitlab.config.recaptcha['public_key']
-    config.private_key = Gitlab.config.recaptcha['private_key']
-  end
-end
--- a/db/migrate/20151228175719_add_recaptcha_to_application_settings.rb
+++ b/db/migrate/20151228175719_add_recaptcha_to_application_settings.rb
+class AddRecaptchaToApplicationSettings < ActiveRecord::Migration
+  def change
+    change_table :application_settings do |t|
+      t.boolean :recaptcha_enabled, default: false
+      t.string :recaptcha_site_key
+      t.string :recaptcha_private_key
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20151228150906) do
+ActiveRecord::Schema.define(version: 20151228175719) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -60,6 +60,9 @@ ActiveRecord::Schema.define(version: 20151228150906) do
    t.integer  "metrics_pool_size",                             default: 16
    t.integer  "metrics_timeout",                               default: 10
    t.integer  "metrics_method_call_threshold",                 default: 10
+    t.boolean  "recaptcha_enabled",                 default: false
+    t.string   "recaptcha_site_key"
+    t.string   "recaptcha_private_key"
  end

  create_table "audit_events", force: :cascade do |t|

--- a/doc/integration/recaptcha.md
+++ b/doc/integration/recaptcha.md
@@ -6,51 +6,18 @@ to confirm that a real user, not a bot, is attempting to create an account.

 ## Configuration

-To use reCAPTCHA, first you must create a public and private key.
+To use reCAPTCHA, first you must create a site and private key.

 1. Go to the URL: https://www.google.com/recaptcha/admin

-1. Fill out the form necessary to obtain reCAPTCHA keys.
+2. Fill out the form necessary to obtain reCAPTCHA keys.

-1. On your GitLab server, open the configuration file.
+3. Login to your GitLab server, with administrator credentials.

-    For omnibus package:
+4. Go to Applications Settings on Admin Area (`admin/application_settings`)

-    ```sh
-      sudo editor /etc/gitlab/gitlab.rb
-    ```
+5. Fill all recaptcha fields with keys from previous steps

-    For installations from source:
+6. Check the `Enable reCAPTCHA` checkbox

-    ```sh
-      cd /home/git/gitlab
-
-      sudo -u git -H editor config/gitlab.yml
-    ```
-
-1.  Enable reCAPTCHA and add the settings:
-
-    For omnibus package:
-
-    ```ruby
-      gitlab_rails['recaptcha_enabled'] = true
-      gitlab_rails['recaptcha_public_key'] = 'YOUR_PUBLIC_KEY'
-      gitlab_rails['recaptcha_private_key'] = 'YOUR_PUBLIC_KEY'
-    ```
-
-    For installation from source:
-
-    ```
-      recaptcha:
-        enabled: true
-        public_key: 'YOUR_PUBLIC_KEY'
-        private_key: 'YOUR_PRIVATE_KEY'
-    ```
-
-1.  Change 'YOUR_PUBLIC_KEY' to the public key from step 2.
-
-1.  Change 'YOUR_PRIVATE_KEY' to the private key from step 2.
-
-1.  Save the configuration file.
-
-1.  Restart GitLab.
+7.  Save the configuration.
--- a/lib/gitlab/recaptcha.rb
+++ b/lib/gitlab/recaptcha.rb
+module Gitlab
+  module Recaptcha
+    def self.load_configurations!
+      if current_application_settings.recaptcha_enabled
+        ::Recaptcha.configure do |config|
+          config.public_key  = current_application_settings.recaptcha_site_key
+          config.private_key = current_application_settings.recaptcha_private_key
+        end
+
+        true
+      end
+    end
+  end
+end