Merge branch 'dev' into 'master'

Dev

See merge request !8

agreelance/settings.py

@@ -23,6 +23,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = '$n%^#g%qx#82w6t^dvjqwv)q*1cy+fwh1ohku7-rbjqcei2^jr'
 
+RECAPTCHA_KEY = '6Ld1AN8UAAAAAGENA-uPsuCVBPydoONxPjGip2fO'
 
 ADMINS = [('APU', 'tdt4242apu@gmail.com')]
 

core/user/signup.html

@@ -4,9 +4,14 @@
 
 {% block content %}
   <h2>Sign up</h2>
+  <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+
   <form method="post">
     {% csrf_token %}
     {% bootstrap_form form %}
+    <div class="form-group">
+      <div class="g-recaptcha" data-sitekey="6Ld1AN8UAAAAALCLQJZdnam9MmRaB7Smulf0E5F1"></div>
+    </div>
     <button type="submit">Sign up</button>
   </form>
 {% endblock %}

requirements.txt

@@ -3,5 +3,7 @@ django-bootstrap4==1.1.1
 django-icons==0.1.0
 pytz==2018.4
 django-heroku
+requests
+responses
 chromedriver
-selenium
\ No newline at end of file
+selenium

user/tests.py

 from django.test import TestCase
+from .views import *
+import requests
+import responses
+from django.test.client import RequestFactory
+from django.contrib import messages
+import agreelance.settings
 
 # Create your tests here.
+class SignUpTest(TestCase):
+
+	filled_form = {
+		"csrfmiddlewaretoken": "K4xUJeb5AExVqMqUC7X2DYfXNrqWQEFK5MJRRfhKP7NJSwsNItIitGOkzWchsVXr",
+		"username": "ericlarsen1",
+		"first_name": "Eric",
+		"last_name": "Larsen",
+		"categories": "1",
+		"company": "Larsen Inc",
+		"email": "larsen@example.com",
+		"email_confirmation": "larsen@example.com",
+		"password1": "qwerty123123123",
+		"password2": "qwerty123123123",
+		"phone_number": "12312341",
+		"country": "NO",
+		"state": "Troendelag",
+		"city": "Trondheim",
+		"postal_code": "1243",
+		"street_address": "Road 1",
+		"g-recaptcha-response": "03AERD8XpeB1C5hkj7jqNZe8MaWMRuMD4ObvJAyklC9t-YtMixsMDn3PetiXNWNrCUiGGWu-sLKDtn6-ltnYCurjIAzDJL68pZC_zPtTzh2ygqKLprqGeHRGZ8RVS_RGfEfzNTZEToOTQtJ1W_FiSnISIqyEaWY4mkogzAUPgWv7OwguohFQNitZUCdsnZfqIKwilfdUs7msMrcjrW5Ym_O4QlPjQRs2wdJo2Y_Tv_XGPzlFuhFmoo-ssJlBugI15G9quwK80q3QOCRH1i8Lt11Ngh9-UotHOkQrzyxmFW0vzrIuuTOCgwfR9I-9UikGnnhXd453BP7a4m1E2FOvY33Cap-Q8ha3z5AsKZgpck0lzMNiPeGG8j7IBzb0eoRqluyL0OiAQHtSJ50xZIEdXaFp7gN14sejs2V3ITXQ02zA_K6Sv6aeS4NhVMdq7bnfXqtnZvnwjD0rKA"
+	}
+
+	def test_verify_recaptcha(self):
+
+		agreelance.settings.RECAPTCHA_KEY = "6Ld1AN8UAAAAAGENA-uPsuCVBPydoONxPjGip2fO"
+		
+		old_captcha_response = self.filled_form.get('g-recaptcha-response')
+		expected_result = {
+			'success': False, 
+			'error-codes': ['timeout-or-duplicate']
+		}
+
+		result = verify_recaptcha(old_captcha_response)
+		self.assertDictEqual(result, expected_result)
+
+	def test_signup(self):
+
+		agreelance.settings.RECAPTCHA_KEY = "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
+
+		# https://stackoverflow.com/a/25835403
+		rf = RequestFactory()
+		get_request = rf.post('/user/signup', self.filled_form)
+
+		# https://developers.google.com/recaptcha/docs/faq
+		self.assertEqual(signup(get_request).status_code, 200)

user/views.py

@@ -3,9 +3,16 @@ from projects.models import ProjectCategory
 from django.contrib.auth import login, authenticate
 from django.contrib.auth.forms import UserCreationForm
 from django.shortcuts import render, redirect, get_object_or_404
+from django.contrib import messages
+import urllib
+import json
 
+import agreelance.settings
 from .forms import SignUpForm
 
+SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'
+RECAPTCHA_RESPONSE_PARAM = 'g-recaptcha-response'
+
 def index(request):
     return render(request, 'base.html')
 
@@ -13,19 +20,43 @@ def signup(request):
     if request.method == 'POST':
         form = SignUpForm(request.POST)
         if form.is_valid():
-            user = form.save()
-            user.refresh_from_db()
-
-            user.profile.company = form.cleaned_data.get('company')
-
-            user.is_active = False
-            user.profile.categories.add(*form.cleaned_data['categories'])
-            user.save()
-            raw_password = form.cleaned_data.get('password1')
-            user = authenticate(username=user.username, password=raw_password)
-            from django.contrib import messages
-            messages.success(request, 'Your account has been created and is awaiting verification.')
-            return redirect('home')
+            recaptcha_response = request.POST.get(RECAPTCHA_RESPONSE_PARAM)
+            recaptcha_result = verify_recaptcha(recaptcha_response)
+            if not recaptcha_result['success']:
+                messages.error(request, 'Invalid reCAPTCHA. Please try again.')
+            else:
+                user = form.save()
+                user.refresh_from_db()
+
+                user.profile.company = form.cleaned_data.get('company')
+
+                user.is_active = False
+                user.profile.categories.add(*form.cleaned_data['categories'])
+                user.save()
+                raw_password = form.cleaned_data.get('password1')
+                user = authenticate(
+                    username=user.username, 
+                    password=raw_password
+                )
+                messages.success(
+                    request, 
+                    'Your account has been created and is awaiting verification'
+                )
+                return redirect('home')
     else:
         form = SignUpForm()
     return render(request, 'user/signup.html', {'form': form})
+
+def verify_recaptcha(recaptcha_response):
+    url = SITE_VERIFY_URL
+    values = {
+        'secret': agreelance.settings.RECAPTCHA_KEY,
+        'response': recaptcha_response
+    }
+
+    data = urllib.parse.urlencode(values).encode()
+    req =  urllib.request.Request(url, data=data)
+    response = urllib.request.urlopen(req)
+    result = json.loads(response.read().decode())
+
+    return result