From d8642b7020d7bee0b3fbeb76f6282cd90e19e17c Mon Sep 17 00:00:00 2001 From: Ashesh <3626859+Ashesh3@users.noreply.github.com> Date: Sat, 26 Aug 2023 20:04:47 +0530 Subject: [PATCH] Add captcha validation for user registration (#270) * Add recaptcha validation for user registration * Update utils/helpers.py Co-authored-by: Aakash Singh * make it optional --------- Co-authored-by: Aakash Singh --- README.md | 7 ++++--- ayushma/serializers/users.py | 18 ++++++++++++------ core/settings/base.py | 1 + example.env | 1 + utils/helpers.py | 21 +++++++++++++++++++++ 5 files changed, 39 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index bec65b55..81cdb372 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,8 @@ You can add these at the end of your `activate` file in `[virtualenvfolder] -> b | Variable | Description | --- | --- | AI_NAME | Name of the AI (default: Ayushma) -| OPENAI_API_KEY | OpenAI API Key -| PINECONE_API_KEY | Pinecone API Key +| OPENAI_API_KEY | OpenAI API Key +| PINECONE_API_KEY | Pinecone API Key | PINECONE_ENVIRONMENT | Pinecone Environment | PINECONE_INDEX | Pinecone Index | CURRENT_DOMAIN | Current Domain where the frontend is hosted. ex. `https://ayushma.ohc.network` @@ -46,4 +46,5 @@ You can add these at the end of your `activate` file in `[virtualenvfolder] -> b | S3_SECRET_KEY | AWS S3 Secret Key (Optional) | S3_KEY_ID | AWS S3 Key ID (Optional) | S3_BUCKET_NAME | AWS S3 Bucket Name (Optional) -| S3_REGION | AWS S3 Region (Optional) \ No newline at end of file +| S3_REGION | AWS S3 Region (Optional) +| GOOGLE_RECAPTCHA_SECRET_KEY | Google Recaptcha Secret Key (Optional) diff --git a/ayushma/serializers/users.py b/ayushma/serializers/users.py index 068d8cb6..c4cee45a 100644 --- a/ayushma/serializers/users.py +++ b/ayushma/serializers/users.py @@ -2,6 +2,7 @@ from rest_framework import serializers from ayushma.models import User +from utils.helpers import validatecaptcha class UserSerializer(serializers.ModelSerializer): @@ -21,15 +22,20 @@ class Meta: class UserCreateSerializer(serializers.ModelSerializer): full_name = serializers.CharField(required=True) password = serializers.CharField(write_only=True, required=True) + recaptcha = serializers.CharField(write_only=True, required=True) class Meta: model = User - fields = ( - "username", - "full_name", - "password", - "email", - ) + fields = ("username", "full_name", "password", "email", "recaptcha") + + def validate_recaptcha(self, value): + if not validatecaptcha(value): + raise serializers.ValidationError("Invalid captcha") + return value + + def validate(self, validated_data): + validated_data.pop("recaptcha", None) + return validated_data def create(self, validated_data): validated_data["password"] = make_password(validated_data["password"]) diff --git a/core/settings/base.py b/core/settings/base.py index 484e5e6b..0dbb645f 100644 --- a/core/settings/base.py +++ b/core/settings/base.py @@ -367,3 +367,4 @@ DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage" AI_NAME = env("AI_NAME", default="Ayushma") +GOOGLE_RECAPTCHA_SECRET_KEY = env("GOOGLE_RECAPTCHA_SECRET_KEY", default=None) diff --git a/example.env b/example.env index b1c88bdd..724fc5e5 100644 --- a/example.env +++ b/example.env @@ -14,3 +14,4 @@ GOOGLE_APPLICATION_CREDENTIALS=./gc_credential.json S3_SECRET_KEY= S3_KEY_ID= S3_BUCKET_NAME= +GOOGLE_RECAPTCHA_SECRET_KEY= diff --git a/utils/helpers.py b/utils/helpers.py index 3734ccab..65adbcc6 100644 --- a/utils/helpers.py +++ b/utils/helpers.py @@ -1,6 +1,9 @@ import random import string +import requests +from django.conf import settings + def get_random_string(length: int) -> str: return "".join(random.choices(string.hexdigits, k=length)) @@ -21,3 +24,21 @@ def get_client_ip(request): return x_forwarded_for.split(",")[0].strip() else: return request.META.get("REMOTE_ADDR") + + +def validatecaptcha(recaptcha_response): + if not settings.get("GOOGLE_RECAPTCHA_SECRET_KEY", None): + return True + + if not recaptcha_response: + return False + values = { + "secret": settings.GOOGLE_RECAPTCHA_SECRET_KEY, + "response": recaptcha_response, + } + captcha_response = requests.post( + "https://www.google.com/recaptcha/api/siteverify", data=values + ) + result = captcha_response.json() + + return result.get("success", False)