Merge pull request #3645 from jlledom/THREESCALE-9492-remove-suspicio…

…us-only

THREESCALE-9492: Bot protection: Remove suspicious only mode

Gemfile

@@ -103,7 +103,7 @@ gem 'prawn-table', git: "https://github.com/prawnpdf/prawn-table.git", branch: "
 gem 'prawn-svg'
 gem 'rails_event_store', '~> 0.9.0', require: false
 gem 'ratelimit'
-gem 'recaptcha', '4.13.1', require: 'recaptcha/rails'
+gem 'recaptcha', '~> 5.16.0'
 gem 'redcarpet', '~>3.5.1', require: false
 gem 'RedCloth', '~>4.3', require: false
 gem 'redis', '~> 4.2.0', require: ['redis', 'redis/connection/hiredis']

Gemfile.lock

@@ -633,8 +633,7 @@ GEM
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rb_sys (0.9.81)
-    recaptcha (4.13.1)
-      json
+    recaptcha (5.16.0)
     record_tag_helper (1.0.1)
       actionview (>= 5)
     recursive-open-struct (1.1.3)
@@ -1013,7 +1012,7 @@ DEPENDENCIES
   rails-observers
   rails_event_store (~> 0.9.0)
   ratelimit
-  recaptcha (= 4.13.1)
+  recaptcha (~> 5.16.0)
   record_tag_helper (~> 1.0)
   redcarpet (~> 3.5.1)
   redis (~> 4.2.0)

app/controllers/provider/signups_controller.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 class Provider::SignupsController < Provider::BaseController
-  include ThreeScale::SpamProtection::Integration::Controller
+  include ThreeScale::BotProtection::Controller
 
   before_action :disable_x_frame
   before_action :ensure_signup_possible
@@ -95,7 +97,7 @@ def build_signup_result_custom_fields(result)
     @provider.signup_mode!
     @provider.subdomain = account_params[:subdomain]
     @provider.self_subdomain = account_params[:self_subdomain]
-    result.add_error(message: 'spam check failed') unless spam_check(@provider)
+    result.add_error(message: 'bot check failed') unless bot_check
   end
 
   def plan

app/javascript/packs/validate_signup.ts

@@ -4,7 +4,6 @@ document.addEventListener('DOMContentLoaded', () => {
   const form = document.getElementById('signup_form') as HTMLFormElement
   // eslint-disable-next-line @typescript-eslint/non-nullable-type-assertion-style -- Need to cast to HTMLButtonElement
   const submitBtn = document.querySelector('input[type="submit"]') as HTMLButtonElement
-  const captchaInput = document.getElementById('captchaChecked') as HTMLInputElement
 
   /* eslint-disable @typescript-eslint/naming-convention */
   // Fields 'org_name', 'username' and 'email' are always required
@@ -38,18 +37,8 @@ document.addEventListener('DOMContentLoaded', () => {
   }
   /* eslint-enable @typescript-eslint/naming-convention */
 
-  const captchaRequired: boolean = document.querySelector('.g-recaptcha') !== null
-  const captchaFields = captchaRequired && {
-    'captchaChecked': {
-      presence: true,
-      length: { minimum: 1 }
-    }
-  }
-
-  const constraints = Object.assign({}, mandatoryFields, passwordFields, captchaFields)
-
-  submitBtn.disabled = validate(form, constraints) !== undefined
-  captchaInput.value = captchaRequired ? '' : 'ok'
+  const constraints = Object.assign({}, mandatoryFields, passwordFields)
+  submitBtn.disabled = true
 
   const inputs = document.querySelectorAll('input')
   inputs.forEach(input => {

app/lib/forum_support/posts.rb

@@ -3,8 +3,6 @@
 module ForumSupport
   module Posts
     def self.included(base)
-      base.send :include, ThreeScale::SpamProtection::Integration::Controller
-
       base.before_action :find_topic
       base.before_action :find_post, :only => %i[edit update destroy]
       base.before_action :authorize_resources

app/lib/forum_support/topics.rb

@@ -2,8 +2,6 @@
 
 module ForumSupport::Topics
   def self.included(base)
-    base.send :include, ThreeScale::SpamProtection::Integration::Controller
-
     base.before_action :find_topic, :only => %i[show edit update destroy]
     base.before_action :authorize_topic
 

app/lib/three_scale/bot_protection.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module ThreeScale
+  module BotProtection
+    LEVELS = [['None', :none], ['reCAPTCHA', :captcha]].freeze
+  end
+end
+

app/lib/three_scale/bot_protection/base.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ThreeScale
+  module BotProtection
+    module Base
+      def bot_protection_level
+        site_account.settings.spam_protection_level
+      end
+
+      def bot_protection_enabled?
+        Recaptcha.captcha_configured? && bot_protection_level != :none
+      end
+    end
+  end
+end

app/lib/three_scale/bot_protection/controller.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module ThreeScale
+  module BotProtection
+    module Controller
+      include Base
+      include Recaptcha::Adapters::ControllerMethods
+
+      private
+
+      def bot_check(options = { flash: true })
+        return true unless bot_protection_enabled?
+
+        return verify_captcha(options) if bot_protection_level == :captcha
+
+        System::ErrorReporting.report_error "Unknown spam_protection level: #{bot_protection_level}"
+      end
+
+      def verify_captcha(options)
+        success = verify_recaptcha(action: controller_path, minimum_score: Rails.configuration.three_scale.recaptcha_min_bot_score)
+
+        flash[:error] = flash[:recaptcha_error] if options[:flash] && flash.key?(:recaptcha_error)
+        flash.delete(:recaptcha_error)
+
+        success
+      end
+    end
+  end
+end

app/lib/three_scale/bot_protection/form.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module ThreeScale
+  module BotProtection
+    module Form
+      include Base
+      include Recaptcha::Adapters::ViewMethods
+
+      delegate :site_account, to: :template
+
+      private
+
+      def bot_protection_inputs
+        return ''.html_safe unless bot_protection_enabled?
+
+        recaptcha_v3(action: template.controller.controller_path)
+      end
+    end
+  end
+end

app/lib/three_scale/semantic_form_builder.rb

@@ -1,6 +1,6 @@
 module ThreeScale
   class SemanticFormBuilder < ::Formtastic::FormBuilder
-    include ThreeScale::SpamProtection::Integration::FormBuilder
+    include ThreeScale::BotProtection::Form
 
     delegate :tag, to: :template
 
@@ -11,14 +11,14 @@ class SemanticFormBuilder < ::Formtastic::FormBuilder
     #   f.input :bar, inline_errors: :sentence
     def inline_errors_for(method, options = {})
       original_inline_errors = inline_errors
-      @options_inline_erros = options[:inline_errors]
+      @options_inline_errors = options[:inline_errors]
       super
     ensure
-      @options_inline_erros = original_inline_errors
+      @options_inline_errors = original_inline_errors
     end
 
     def inline_errors
-      @options_inline_erros || super
+      @options_inline_errors || super
     end
 
     def text_field_with_errors( method, opts = {})
@@ -105,5 +105,10 @@ def actions(*args, &block)
         tag.div(class: 'pf-c-form__actions', &block)
       end
     end
+
+    # Just adds fields from spam protection module
+    def bot_protection
+      bot_protection_inputs
+    end
   end
 end