Add captcha validation for user registration (#270)

* Add recaptcha validation for user registration

* Update utils/helpers.py

Co-authored-by: Aakash Singh <[email protected]>

* make it optional

---------

Co-authored-by: Aakash Singh <[email protected]>

README.md

@@ -34,8 +34,8 @@ You can add these at the end of your `activate` file in `[virtualenvfolder] -> b
 | Variable | Description
 | --- | ---
 | AI_NAME | Name of the AI (default: Ayushma)
-| OPENAI_API_KEY | OpenAI API Key 
-| PINECONE_API_KEY | Pinecone API Key 
+| OPENAI_API_KEY | OpenAI API Key
+| PINECONE_API_KEY | Pinecone API Key
 | PINECONE_ENVIRONMENT | Pinecone Environment
 | PINECONE_INDEX | Pinecone Index
 | CURRENT_DOMAIN | Current Domain where the frontend is hosted. ex. `https://ayushma.ohc.network`
@@ -46,4 +46,5 @@ You can add these at the end of your `activate` file in `[virtualenvfolder] -> b
 | S3_SECRET_KEY | AWS S3 Secret Key (Optional)
 | S3_KEY_ID | AWS S3 Key ID (Optional)
 | S3_BUCKET_NAME | AWS S3 Bucket Name (Optional)
-| S3_REGION | AWS S3 Region (Optional)
+| S3_REGION | AWS S3 Region (Optional)
+| GOOGLE_RECAPTCHA_SECRET_KEY | Google Recaptcha Secret Key (Optional)

ayushma/serializers/users.py

@@ -2,6 +2,7 @@
 from rest_framework import serializers
 
 from ayushma.models import User
+from utils.helpers import validatecaptcha
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -21,15 +22,20 @@ class Meta:
 class UserCreateSerializer(serializers.ModelSerializer):
     full_name = serializers.CharField(required=True)
     password = serializers.CharField(write_only=True, required=True)
+    recaptcha = serializers.CharField(write_only=True, required=True)
 
     class Meta:
         model = User
-        fields = (
-            "username",
-            "full_name",
-            "password",
-            "email",
-        )
+        fields = ("username", "full_name", "password", "email", "recaptcha")
+
+    def validate_recaptcha(self, value):
+        if not validatecaptcha(value):
+            raise serializers.ValidationError("Invalid captcha")
+        return value
+
+    def validate(self, validated_data):
+        validated_data.pop("recaptcha", None)
+        return validated_data
 
     def create(self, validated_data):
         validated_data["password"] = make_password(validated_data["password"])

core/settings/base.py

@@ -367,3 +367,4 @@
     DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
 
 AI_NAME = env("AI_NAME", default="Ayushma")
+GOOGLE_RECAPTCHA_SECRET_KEY = env("GOOGLE_RECAPTCHA_SECRET_KEY", default=None)

example.env

@@ -14,3 +14,4 @@ GOOGLE_APPLICATION_CREDENTIALS=./gc_credential.json
 S3_SECRET_KEY=
 S3_KEY_ID=
 S3_BUCKET_NAME=
+GOOGLE_RECAPTCHA_SECRET_KEY=

utils/helpers.py

@@ -1,6 +1,9 @@
 import random
 import string
 
+import requests
+from django.conf import settings
+
 
 def get_random_string(length: int) -> str:
     return "".join(random.choices(string.hexdigits, k=length))
@@ -21,3 +24,21 @@ def get_client_ip(request):
         return x_forwarded_for.split(",")[0].strip()
     else:
         return request.META.get("REMOTE_ADDR")
+
+
+def validatecaptcha(recaptcha_response):
+    if not settings.get("GOOGLE_RECAPTCHA_SECRET_KEY", None):
+        return True
+
+    if not recaptcha_response:
+        return False
+    values = {
+        "secret": settings.GOOGLE_RECAPTCHA_SECRET_KEY,
+        "response": recaptcha_response,
+    }
+    captcha_response = requests.post(
+        "https://www.google.com/recaptcha/api/siteverify", data=values
+    )
+    result = captcha_response.json()
+
+    return result.get("success", False)