From df294249055fd8a8c6638cc6865c2e2939dd25b8 Mon Sep 17 00:00:00 2001
From: Phuoc CAO <phuoc@caotek.fr>
Date: Thu, 9 Jun 2022 16:00:06 +0200
Subject: [PATCH] added reCaptcha v2

---
 cao_blogr/forms.py                |  9 +--------
 cao_blogr/templates/home.jinja2   | 22 ++++++++++++++++++---
 cao_blogr/templates/layout.jinja2 | 28 +++++++++++++--------------
 cao_blogr/views/default.py        | 32 ++++++++++++++++++++++++++-----
 setup.py                          |  2 ++
 5 files changed, 63 insertions(+), 30 deletions(-)

diff --git a/cao_blogr/forms.py b/cao_blogr/forms.py
index 64795ed..38da5cc 100644
--- a/cao_blogr/forms.py
+++ b/cao_blogr/forms.py
@@ -2,6 +2,7 @@ from wtforms import Form, StringField, TextAreaField, SelectField, RadioField
 from wtforms import IntegerField, PasswordField
 from wtforms.validators import InputRequired, Length, Email
 from wtforms.widgets import HiddenInput
+from wtfrecaptcha.fields import RecaptchaField
 
 strip_filter = lambda x: x.strip() if x else None
 
@@ -28,14 +29,6 @@ class UserCreateForm(Form):
                            filters=[strip_filter])
     password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)])
 
-class ContactForm(Form):
-    name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
-                            filters=[strip_filter])
-    email = StringField('Email', validators=[InputRequired(), Length(min=1, max=255), Email()], 
-                            filters=[strip_filter])
-    comments = TextAreaField('Message', validators=[InputRequired(), Length(min=1)],
-                            filters=[strip_filter])
-
 class TopicForm(Form):
     topic = StringField('Rubrique', validators=[InputRequired(), Length(min=1, max=25)],
                         filters=[strip_filter])
diff --git a/cao_blogr/templates/home.jinja2 b/cao_blogr/templates/home.jinja2
index ab19ca5..e7a8aec 100644
--- a/cao_blogr/templates/home.jinja2
+++ b/cao_blogr/templates/home.jinja2
@@ -158,13 +158,29 @@
             </div>
             </div>
             <textarea class="form-control" id="comments" name="comments" placeholder="Message - Tin nhắn" required rows="5"></textarea>
-            
-            <p class="matngot"><input class="form-control" id="matngot" name="matngot" type="text"></p>
             <br>
-              <button class="btn btn-primary" type="submit" name="form.submitted">Envoyer</button>
+            <div class="g-recaptcha" data-sitekey="6LeDvVUgAAAAAOqD_-h93kd5aW8CmpeVvKYu-m0p" data-callback='recaptchaCallback'></div>
+            <input type="hidden"  id="response" name="response" value="" />
+            <br>
+            <button class="btn btn-primary hidden" id="btnSubmit" type="submit" name="form.submitted">Envoyer</button>
           </form>
         </div>
     </div>
   </div>
 
+  <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+  <script>
+    function recaptchaCallback() {
+      var btnSubmit = document.getElementById("btnSubmit");
+      var response = grecaptcha.getResponse();
+
+      document.getElementById("response").value = response;
+      if ( btnSubmit.classList.contains("hidden") ) {
+          btnSubmit.classList.remove("hidden");
+          btnSubmit.classList.add("show");
+      }
+    }
+
+  </script>
+    
 {% endblock %}
diff --git a/cao_blogr/templates/layout.jinja2 b/cao_blogr/templates/layout.jinja2
index 4765ebf..cea99e2 100644
--- a/cao_blogr/templates/layout.jinja2
+++ b/cao_blogr/templates/layout.jinja2
@@ -127,20 +127,20 @@
 
     gtag('config', 'G-NBVRNJ9C0Y');
   </script>
-<script type="text/javascript" id="cookieinfo"
-  src="//cookieinfoscript.com/js/cookieinfo.min.js"
-  data-bg="#645862"
-  data-fg="#FFFFFF"
-  data-link="#F1D600"
-  data-divlink="#FFFFFF"
-  data-divlinkbg="#5CB85C"
-  data-cookie="CookieInfoScript"
-  data-text-align="left"
-  data-close-text="J'ai compris!"
-  data-linkmsg = "Mentions légales"
-  data-moreinfo = "https://meditation-sunyata.paris/blog/1/mentions-legales"
-  data-message="Les cookies que nous utilisons sont nécessaires au bon fonctionnement du site. En continuant la visite, vous déclarez accepter leur utilisation.">
-</script>
+  <script type="text/javascript" id="cookieinfo"
+    src="//cookieinfoscript.com/js/cookieinfo.min.js"
+    data-bg="#645862"
+    data-fg="#FFFFFF"
+    data-link="#F1D600"
+    data-divlink="#FFFFFF"
+    data-divlinkbg="#5CB85C"
+    data-cookie="CookieInfoScript"
+    data-text-align="left"
+    data-close-text="J'ai compris!"
+    data-linkmsg = "Mentions légales"
+    data-moreinfo = "https://meditation-sunyata.paris/blog/1/mentions-legales"
+    data-message="Les cookies que nous utilisons sont nécessaires au bon fonctionnement du site. En continuant la visite, vous déclarez accepter leur utilisation.">
+  </script>
 
   </body>
 </html>
diff --git a/cao_blogr/views/default.py b/cao_blogr/views/default.py
index 2319944..aa946c6 100644
--- a/cao_blogr/views/default.py
+++ b/cao_blogr/views/default.py
@@ -16,6 +16,8 @@ import os
 from PIL import Image
 import shutil
 import magic
+import json
+from urllib import request, parse
 
 
 @view_config(route_name='home',
@@ -43,16 +45,16 @@ def home(request):
     name = ''
     email = ''
     comments = ''
-    matngot = ''
 
     if 'form.submitted' in request.params :
         name = request.params['name']
         email = request.params['email']
         comments = request.params['comments']
-        matngot = request.params['matngot']
+        response = request.params['response']
 
-        # honeypot matngot filled ?
-        if not matngot and comments != '':
+        # verification reCaptcha ?
+        ok, erreur = captcha_verify(response, request.remote_addr)
+        if ok and comments != '':
             # no, message is not spam, send it
             body = """
 Bonjour,
@@ -75,7 +77,7 @@ webmaster@meditation-sunyata.paris
             message.add_recipient('phuoc@caotek.fr')
             mailer = request.registry['mailer']
             mailer.send_immediately(message)
-            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site", "success")
+            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site.", "success")
 
     return {
         'page_title': "",
@@ -87,6 +89,26 @@ webmaster@meditation-sunyata.paris
         'comments': comments,
         }
 
+def captcha_verify(response, remote_addr):
+    VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'  
+    data = {
+        'secret': '6LeDvVUgAAAAAGASZXCmcmhh-KtBWTZjXpLpKdNt',
+        'response': response,
+        'remoteip': remote_addr,
+    }
+
+    encoded = parse.urlencode(data).encode()
+
+    req = request.Request(VERIFY_URL, data=encoded)
+
+    with request.urlopen(req) as resp:
+        json_resp = json.loads(resp.read().decode('utf-8'))
+
+        if json_resp['success']:
+            return (True, None)
+        else:
+            return (False, json_resp['error-codes'])
+
 
 @view_config(route_name='settings', renderer='cao_blogr:templates/settings.jinja2', permission='view')
 def settings(request):
diff --git a/setup.py b/setup.py
index 0034e0f..ccdcbe6 100644
--- a/setup.py
+++ b/setup.py
@@ -22,12 +22,14 @@ requires = [
     'transaction',
     'zope.sqlalchemy',
     'wtforms==2.2.1',  # form library
+    'wtforms-recaptcha',
     'webhelpers2==2.0',  # various web building related helpers
     'passlib',
     'python-magic',
     'Pillow == 6.1.0',
 	'unidecode',
 	'markdown2',
+    'urllib',
 ]
 
 tests_require = [