aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet')
-rw-r--r--perllib/FixMyStreet/App.pm5
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth.pm3
-rw-r--r--perllib/FixMyStreet/Cobrand/UK.pm33
-rw-r--r--perllib/FixMyStreet/Gaze.pm8
4 files changed, 49 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm
index 6a41d93a9..4ca6f23cb 100644
--- a/perllib/FixMyStreet/App.pm
+++ b/perllib/FixMyStreet/App.pm
@@ -536,6 +536,11 @@ sub check_2fa {
return 0;
}
+sub user_country {
+ my $c = shift;
+ return FixMyStreet::Gaze::get_country_from_ip($c->req->address);
+}
+
=head1 SEE ALSO
L<FixMyStreet::App::Controller::Root>, L<Catalyst>
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index cecfa318c..beba6b235 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -448,6 +448,9 @@ sub check_csrf_token : Private {
unless $time
&& $time > time() - 3600
&& $token eq $gen_token;
+
+ # Also check recaptcha if needed
+ $c->cobrand->call_hook('check_recaptcha');
}
sub no_csrf_token : Private {
diff --git a/perllib/FixMyStreet/Cobrand/UK.pm b/perllib/FixMyStreet/Cobrand/UK.pm
index a42ff58a6..4c62dd538 100644
--- a/perllib/FixMyStreet/Cobrand/UK.pm
+++ b/perllib/FixMyStreet/Cobrand/UK.pm
@@ -3,6 +3,7 @@ use base 'FixMyStreet::Cobrand::Default';
use strict;
use JSON::MaybeXS;
+use LWP::UserAgent;
use mySociety::MaPit;
use mySociety::VotingArea;
use Utils;
@@ -422,4 +423,36 @@ sub report_new_munge_before_insert {
}
}
+# To use recaptcha, add a RECAPTCHA key to your config, with subkeys secret and
+# site_key, taken from the recaptcha site. This shows it to non-UK IP addresses
+# on alert and report pages.
+
+sub requires_recaptcha {
+ my $self = shift;
+ my $c = $self->{c};
+
+ return 0 if $c->user_exists;
+ return 0 if !FixMyStreet->config('RECAPTCHA');
+ return 0 if $c->user_country eq 'GB';
+ return 0 unless $c->action =~ /^(alert|report)/;
+ return 1;
+}
+
+sub check_recaptcha {
+ my $self = shift;
+ my $c = $self->{c};
+
+ return unless $self->requires_recaptcha;
+
+ my $url = 'https://www.google.com/recaptcha/api/siteverify';
+ my $res = LWP::UserAgent->new->post($url, {
+ secret => FixMyStreet->config('RECAPTCHA')->{secret},
+ response => $c->get_param('g-recaptcha-response'),
+ remoteip => $c->req->address,
+ });
+ $res = decode_json($res->content);
+ $c->detach('/page_error_400_bad_request', ['Bad recaptcha'])
+ unless $res->{success};
+}
+
1;
diff --git a/perllib/FixMyStreet/Gaze.pm b/perllib/FixMyStreet/Gaze.pm
index bccc81d8c..e2b2e0e08 100644
--- a/perllib/FixMyStreet/Gaze.pm
+++ b/perllib/FixMyStreet/Gaze.pm
@@ -3,6 +3,7 @@ package FixMyStreet::Gaze;
use strict;
use warnings;
+use FixMyStreet;
use mySociety::Gaze;
sub get_radius_containing_population ($$) {
@@ -24,4 +25,11 @@ sub get_radius_containing_population ($$) {
return $dist;
}
+sub get_country_from_ip {
+ my ($ip) = @_;
+ return 'GB' if FixMyStreet->test_mode;
+ # uncoverable statement
+ return mySociety::Gaze::get_country_from_ip($ip);
+}
+
1;
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 17:34:41 +0000