Commit b3ce9a1d authored by Gabriel Mazetto's avatar Gabriel Mazetto Committed by Marin Jankovski

reCAPTCHA is configurable through Admin Settings, no reload needed.

parent 2ef0feca
...@@ -65,6 +65,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -65,6 +65,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:user_oauth_applications, :user_oauth_applications,
:shared_runners_enabled, :shared_runners_enabled,
:max_artifacts_size, :max_artifacts_size,
:recaptcha_enabled,
:recaptcha_site_key,
:recaptcha_private_key,
restricted_visibility_levels: [], restricted_visibility_levels: [],
import_sources: [] import_sources: []
) )
......
...@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
end end
def create def create
if !Gitlab.config.recaptcha.enabled || verify_recaptcha if Gitlab::Recaptcha.load_configurations! && verify_recaptcha
super super
else else
flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code." flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
......
...@@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController ...@@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController
prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :authenticate_with_two_factor, only: [:create]
prepend_before_action :store_redirect_path, only: [:new] prepend_before_action :store_redirect_path, only: [:new]
before_action :auto_sign_in_with_provider, only: [:new] before_action :auto_sign_in_with_provider, only: [:new]
before_action :load_recaptcha
def new def new
if Gitlab.config.ldap.enabled if Gitlab.config.ldap.enabled
...@@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController ...@@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController
AuditEventService.new(user, user, options). AuditEventService.new(user, user, options).
for_authentication.security_event for_authentication.security_event
end end
def load_recaptcha
Gitlab::Recaptcha.load_configurations!
end
end end
...@@ -42,21 +42,29 @@ class ApplicationSetting < ActiveRecord::Base ...@@ -42,21 +42,29 @@ class ApplicationSetting < ActiveRecord::Base
attr_accessor :restricted_signup_domains_raw attr_accessor :restricted_signup_domains_raw
validates :session_expire_delay, validates :session_expire_delay,
presence: true, presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 } numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :home_page_url, validates :home_page_url,
allow_blank: true, allow_blank: true,
url: true, url: true,
if: :home_page_url_column_exist if: :home_page_url_column_exist
validates :after_sign_out_path, validates :after_sign_out_path,
allow_blank: true, allow_blank: true,
url: true url: true
validates :admin_notification_email, validates :admin_notification_email,
allow_blank: true, allow_blank: true,
email: true email: true
validates :recaptcha_site_key,
presence: true,
if: :recaptcha_enabled
validates :recaptcha_private_key,
presence: true,
if: :recaptcha_enabled
validates_each :restricted_visibility_levels do |record, attr, value| validates_each :restricted_visibility_levels do |record, attr, value|
unless value.nil? unless value.nil?
......
...@@ -144,5 +144,27 @@ ...@@ -144,5 +144,27 @@
.col-sm-10 .col-sm-10
= f.number_field :max_artifacts_size, class: 'form-control' = f.number_field :max_artifacts_size, class: 'form-control'
%fieldset
%legend Spam and Anti-bot Protection
.form-group
.col-sm-offset-2.col-sm-10
.checkbox
= f.label :recaptcha_enabled do
= f.check_box :recaptcha_enabled
Enable reCAPTCHA
%span.help-block#recaptcha_help_block Helps preventing bots from creating accounts
.form-group
= f.label :recaptcha_site_key, 'reCAPTCHA Site Key', class: 'control-label col-sm-2'
.col-sm-10
= f.text_field :recaptcha_site_key, class: 'form-control'
.help-block
Generate site and private keys here:
%a{ href: 'http://www.google.com/recaptcha', target: 'blank'} http://www.google.com/recaptcha
.form-group
= f.label :recaptcha_private_key, 'reCAPTCHA Private Key', class: 'control-label col-sm-2'
.col-sm-10
= f.text_field :recaptcha_private_key, class: 'form-control'
.form-actions .form-actions
= f.submit 'Save', class: 'btn btn-primary' = f.submit 'Save', class: 'btn btn-primary'
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
.form-group.append-bottom-20#password-strength .form-group.append-bottom-20#password-strength
= f.password_field :password, class: "form-control bottom", value: user[:password], id: "user_password_sign_up", placeholder: "Password", required: true = f.password_field :password, class: "form-control bottom", value: user[:password], id: "user_password_sign_up", placeholder: "Password", required: true
%div %div
- if Gitlab.config.recaptcha.enabled - if current_application_settings.recaptcha_enabled
= recaptcha_tags = recaptcha_tags
%div %div
= f.submit "Sign up", class: "btn-create btn" = f.submit "Sign up", class: "btn-create btn"
......
...@@ -333,12 +333,6 @@ production: &base ...@@ -333,12 +333,6 @@ production: &base
# application_name: 'YOUR_APP_NAME', # application_name: 'YOUR_APP_NAME',
# application_password: 'YOUR_APP_PASSWORD' } } # application_password: 'YOUR_APP_PASSWORD' } }
# reCAPTCHA settings. See: http://www.google.com/recaptcha
recaptcha:
enabled: false
public_key: 'YOUR_PUBLIC_KEY'
private_key: 'YOUR_PRIVATE_KEY'
# Shared file storage settings # Shared file storage settings
shared: shared:
# path: /mnt/gitlab # Default: shared # path: /mnt/gitlab # Default: shared
......
...@@ -127,12 +127,6 @@ Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link ...@@ -127,12 +127,6 @@ Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link
Settings.omniauth['providers'] ||= [] Settings.omniauth['providers'] ||= []
# ReCAPTCHA settings
Settings['recaptcha'] ||= Settingslogic.new({})
Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
Settings['shared'] ||= Settingslogic.new({}) Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
......
if Gitlab.config.recaptcha.enabled
Recaptcha.configure do |config|
config.public_key = Gitlab.config.recaptcha['public_key']
config.private_key = Gitlab.config.recaptcha['private_key']
end
end
class AddRecaptchaToApplicationSettings < ActiveRecord::Migration
def change
change_table :application_settings do |t|
t.boolean :recaptcha_enabled, default: false
t.string :recaptcha_site_key
t.string :recaptcha_private_key
end
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20151210125932) do ActiveRecord::Schema.define(version: 20151228175719) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -50,6 +50,9 @@ ActiveRecord::Schema.define(version: 20151210125932) do ...@@ -50,6 +50,9 @@ ActiveRecord::Schema.define(version: 20151210125932) do
t.boolean "shared_runners_enabled", default: true, null: false t.boolean "shared_runners_enabled", default: true, null: false
t.integer "max_artifacts_size", default: 100, null: false t.integer "max_artifacts_size", default: 100, null: false
t.string "runners_registration_token" t.string "runners_registration_token"
t.boolean "recaptcha_enabled", default: false
t.string "recaptcha_site_key"
t.string "recaptcha_private_key"
end end
create_table "audit_events", force: :cascade do |t| create_table "audit_events", force: :cascade do |t|
......
...@@ -6,51 +6,18 @@ to confirm that a real user, not a bot, is attempting to create an account. ...@@ -6,51 +6,18 @@ to confirm that a real user, not a bot, is attempting to create an account.
## Configuration ## Configuration
To use reCAPTCHA, first you must create a public and private key. To use reCAPTCHA, first you must create a site and private key.
1. Go to the URL: https://www.google.com/recaptcha/admin 1. Go to the URL: https://www.google.com/recaptcha/admin
1. Fill out the form necessary to obtain reCAPTCHA keys. 2. Fill out the form necessary to obtain reCAPTCHA keys.
1. On your GitLab server, open the configuration file. 3. Login to your GitLab server, with administrator credentials.
For omnibus package: 4. Go to Applications Settings on Admin Area (`admin/application_settings`)
```sh 5. Fill all recaptcha fields with keys from previous steps
sudo editor /etc/gitlab/gitlab.rb
```
For installations from source: 6. Check the `Enable reCAPTCHA` checkbox
```sh 7. Save the configuration.
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
1. Enable reCAPTCHA and add the settings:
For omnibus package:
```ruby
gitlab_rails['recaptcha_enabled'] = true
gitlab_rails['recaptcha_public_key'] = 'YOUR_PUBLIC_KEY'
gitlab_rails['recaptcha_private_key'] = 'YOUR_PUBLIC_KEY'
```
For installation from source:
```
recaptcha:
enabled: true
public_key: 'YOUR_PUBLIC_KEY'
private_key: 'YOUR_PRIVATE_KEY'
```
1. Change 'YOUR_PUBLIC_KEY' to the public key from step 2.
1. Change 'YOUR_PRIVATE_KEY' to the private key from step 2.
1. Save the configuration file.
1. Restart GitLab.
module Gitlab
module Recaptcha
def self.load_configurations!
if current_application_settings.recaptcha_enabled
::Recaptcha.configure do |config|
config.public_key = current_application_settings.recaptcha_site_key
config.private_key = current_application_settings.recaptcha_private_key
end
true
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment