aboutsummaryrefslogtreecommitdiffstats
path: root/perllib
diff options
context:
space:
mode:
Diffstat (limited to 'perllib')
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth.pm3
-rw-r--r--perllib/FixMyStreet/Cobrand/UK.pm33
2 files changed, 36 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index cecfa318c..beba6b235 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -448,6 +448,9 @@ sub check_csrf_token : Private {
unless $time
&& $time > time() - 3600
&& $token eq $gen_token;
+
+ # Also check recaptcha if needed
+ $c->cobrand->call_hook('check_recaptcha');
}
sub no_csrf_token : Private {
diff --git a/perllib/FixMyStreet/Cobrand/UK.pm b/perllib/FixMyStreet/Cobrand/UK.pm
index a42ff58a6..4c62dd538 100644
--- a/perllib/FixMyStreet/Cobrand/UK.pm
+++ b/perllib/FixMyStreet/Cobrand/UK.pm
@@ -3,6 +3,7 @@ use base 'FixMyStreet::Cobrand::Default';
use strict;
use JSON::MaybeXS;
+use LWP::UserAgent;
use mySociety::MaPit;
use mySociety::VotingArea;
use Utils;
@@ -422,4 +423,36 @@ sub report_new_munge_before_insert {
}
}
+# To use recaptcha, add a RECAPTCHA key to your config, with subkeys secret and
+# site_key, taken from the recaptcha site. This shows it to non-UK IP addresses
+# on alert and report pages.
+
+sub requires_recaptcha {
+ my $self = shift;
+ my $c = $self->{c};
+
+ return 0 if $c->user_exists;
+ return 0 if !FixMyStreet->config('RECAPTCHA');
+ return 0 if $c->user_country eq 'GB';
+ return 0 unless $c->action =~ /^(alert|report)/;
+ return 1;
+}
+
+sub check_recaptcha {
+ my $self = shift;
+ my $c = $self->{c};
+
+ return unless $self->requires_recaptcha;
+
+ my $url = 'https://www.google.com/recaptcha/api/siteverify';
+ my $res = LWP::UserAgent->new->post($url, {
+ secret => FixMyStreet->config('RECAPTCHA')->{secret},
+ response => $c->get_param('g-recaptcha-response'),
+ remoteip => $c->req->address,
+ });
+ $res = decode_json($res->content);
+ $c->detach('/page_error_400_bad_request', ['Bad recaptcha'])
+ unless $res->{success};
+}
+
1;