lato 3.13.22 → 3.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/assets/javascripts/lato/controllers/lato_hcaptcha_controller.js +22 -0
- data/app/controllers/lato/authentication_controller.rb +40 -0
- data/app/views/lato/authentication/_form-signup.html.erb +2 -0
- data/app/views/lato/authentication/_hcaptcha.html.erb +5 -0
- data/lib/lato/config.rb +6 -0
- data/lib/lato/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f450b06c122aa90052b575bf771f8d8e9fc91415cb51b10eeee2226c923764f2
|
|
4
|
+
data.tar.gz: '0892dd3937fbd9b5cb904fc0629cd9db9fc373554d0e82e2e565d8fa75b88920'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dabfd2a98a70c24e7b45e44e5091bbf762a8bdb01b59bc8db16dccb69aeea871ca22f97c2eb1fa41cc27aa3c981c176b705762d81b796269678abba4ce02982d
|
|
7
|
+
data.tar.gz: 69f7d3ee59dbd2d031564a8cbd8e14c072e0267c57747fe829c95d95f99b15d2a76af1150bcc503e76377a2ee1480ebd6fe2396374336817548d6d22ba2074b2
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { Controller } from "@hotwired/stimulus"
|
|
2
|
+
|
|
3
|
+
export default class extends Controller {
|
|
4
|
+
connect() {
|
|
5
|
+
this.loadHCaptcha()
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
loadHCaptcha() {
|
|
9
|
+
if (window.hcaptcha) {
|
|
10
|
+
window.hcaptcha.render(this.element)
|
|
11
|
+
} else {
|
|
12
|
+
const script = document.createElement('script')
|
|
13
|
+
script.src = 'https://js.hcaptcha.com/1/api.js?onload=hcaptchaOnLoad&render=explicit'
|
|
14
|
+
script.async = true
|
|
15
|
+
script.defer = true
|
|
16
|
+
window.hcaptchaOnLoad = () => {
|
|
17
|
+
window.hcaptcha.render(this.element)
|
|
18
|
+
}
|
|
19
|
+
document.head.appendChild(script)
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
}
|
|
@@ -82,6 +82,7 @@ module Lato
|
|
|
82
82
|
|
|
83
83
|
def signup_action
|
|
84
84
|
@user = Lato::User.new(registration_params)
|
|
85
|
+
return unless verify_hcaptcha(:signup)
|
|
85
86
|
|
|
86
87
|
respond_to do |format|
|
|
87
88
|
if @user.signup(ip_address: request.remote_ip, user_agent: request.user_agent)
|
|
@@ -265,5 +266,44 @@ module Lato
|
|
|
265
266
|
|
|
266
267
|
respond_to_with_not_found
|
|
267
268
|
end
|
|
269
|
+
|
|
270
|
+
def verify_hcaptcha(render_key)
|
|
271
|
+
return true unless Lato.config.hcaptcha_site_key && Lato.config.hcaptcha_secret
|
|
272
|
+
|
|
273
|
+
# Per compatibilità con i vari endpoint, istanzia @user se non esiste
|
|
274
|
+
@user ||= Lato::User.new
|
|
275
|
+
|
|
276
|
+
hcaptcha_response = params["h-captcha-response"]
|
|
277
|
+
if hcaptcha_response.blank?
|
|
278
|
+
@user.errors.add(:base, "hCaptcha response is missing")
|
|
279
|
+
respond_to do |format|
|
|
280
|
+
format.html { render render_key, status: :unprocessable_entity }
|
|
281
|
+
format.json { render json: @user.errors, status: :unprocessable_entity }
|
|
282
|
+
end
|
|
283
|
+
return false
|
|
284
|
+
end
|
|
285
|
+
|
|
286
|
+
require 'net/http'
|
|
287
|
+
require 'uri'
|
|
288
|
+
require 'json'
|
|
289
|
+
uri = URI.parse("https://hcaptcha.com/siteverify")
|
|
290
|
+
response = Net::HTTP.post_form(uri, {
|
|
291
|
+
"secret" => Lato.config.hcaptcha_secret,
|
|
292
|
+
"response" => hcaptcha_response,
|
|
293
|
+
"remoteip" => request.remote_ip
|
|
294
|
+
})
|
|
295
|
+
result = JSON.parse(response.body)
|
|
296
|
+
Rails.logger.info("[hCaptcha] Verification result: #{result}")
|
|
297
|
+
unless result["success"]
|
|
298
|
+
@user.errors.add(:base, "hCaptcha verification failed")
|
|
299
|
+
respond_to do |format|
|
|
300
|
+
format.html { render render_key, status: :unprocessable_entity }
|
|
301
|
+
format.json { render json: @user.errors, status: :unprocessable_entity }
|
|
302
|
+
end
|
|
303
|
+
return false
|
|
304
|
+
end
|
|
305
|
+
|
|
306
|
+
true
|
|
307
|
+
end
|
|
268
308
|
end
|
|
269
309
|
end
|
|
@@ -10,6 +10,8 @@ user ||= Lato::User.new
|
|
|
10
10
|
|
|
11
11
|
<%= render 'lato/authentication/fields-registration', form: form %>
|
|
12
12
|
|
|
13
|
+
<%= render 'lato/authentication/hcaptcha' %>
|
|
14
|
+
|
|
13
15
|
<div class="d-flex justify-content-end">
|
|
14
16
|
<%= lato_form_submit form, I18n.t('lato.signup') %>
|
|
15
17
|
</div>
|
data/lib/lato/config.rb
CHANGED
|
@@ -12,6 +12,9 @@ module Lato
|
|
|
12
12
|
# Authentication configs
|
|
13
13
|
attr_accessor :auth_disable_signup, :auth_disable_recover_password, :auth_disable_web3, :auth_disable_authenticator
|
|
14
14
|
|
|
15
|
+
# Hcaptcha configs
|
|
16
|
+
attr_accessor :hcaptcha_site_key, :hcaptcha_secret
|
|
17
|
+
|
|
15
18
|
# Assets configs
|
|
16
19
|
attr_accessor :assets_stylesheet_entry
|
|
17
20
|
attr_accessor :assets_importmap_entry
|
|
@@ -40,6 +43,9 @@ module Lato
|
|
|
40
43
|
@auth_disable_recover_password = false
|
|
41
44
|
@auth_disable_web3 = false
|
|
42
45
|
@auth_disable_authenticator = false
|
|
46
|
+
|
|
47
|
+
@hcaptcha_site_key = nil
|
|
48
|
+
@hcaptcha_secret = nil
|
|
43
49
|
|
|
44
50
|
@assets_stylesheet_entry = 'application'
|
|
45
51
|
@assets_importmap_entry = 'application'
|
data/lib/lato/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lato
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.14.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gregorio Galante
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-08-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -162,6 +162,7 @@ files:
|
|
|
162
162
|
- app/assets/javascripts/lato/controllers/lato_feedback_controller.js
|
|
163
163
|
- app/assets/javascripts/lato/controllers/lato_form_controller.js
|
|
164
164
|
- app/assets/javascripts/lato/controllers/lato_guide_controller.js
|
|
165
|
+
- app/assets/javascripts/lato/controllers/lato_hcaptcha_controller.js
|
|
165
166
|
- app/assets/javascripts/lato/controllers/lato_hello_controller.js
|
|
166
167
|
- app/assets/javascripts/lato/controllers/lato_index_controller.js
|
|
167
168
|
- app/assets/javascripts/lato/controllers/lato_input_autocomplete2_controller.js
|
|
@@ -211,6 +212,7 @@ files:
|
|
|
211
212
|
- app/views/lato/authentication/_form-update-password.html.erb
|
|
212
213
|
- app/views/lato/authentication/_form-verify-email.html.erb
|
|
213
214
|
- app/views/lato/authentication/_form-web3-signin.html.erb
|
|
215
|
+
- app/views/lato/authentication/_hcaptcha.html.erb
|
|
214
216
|
- app/views/lato/authentication/accept_invitation.html.erb
|
|
215
217
|
- app/views/lato/authentication/authenticator.html.erb
|
|
216
218
|
- app/views/lato/authentication/recover_password.html.erb
|