implement captcha

2019-03-20 18:03:56 +01:00 · 2019-03-20 18:03:56 +01:00 · 7419a74d82
parent 24e0fa27eb
commit 7419a74d82
9 changed files with 78 additions and 51 deletions
--- a/main.cfg.dist
+++ b/main.cfg.dist
@ -11,3 +11,4 @@ AT_API_URL = "https://at.hackerspace.pl/api"

 OPEN_DAY_WEEKDAY = 4 # Thursday (according to %w of http://docs.python.org/2/library/time.html#time.strftime)
 OPEN_DAY_BEGIN_HOUR = 18
+SESSION_TYPE = filesystem
--- a/main.py
+++ b/main.py
@ -6,12 +6,17 @@ import string
 import random
 import json
 from flask import Flask, render_template, request, flash, session, abort, jsonify, redirect
+from flask_session import Session
+from flask_session_captcha import FlaskSessionCaptcha
 from time import mktime, strftime
 from datetime import datetime

 app = Flask('main')
 app.config.from_pyfile('main.cfg')

+Session(app)
+captcha = FlaskSessionCaptcha(app)
+
 def pull_feed_entries():
    all_entries = []
    for tag, url in app.config['FEEDS']:
@ -34,8 +39,9 @@ def mailman_subscribe(email, mailing_list):
    return True

 def parse_subscribe_requests():
-    flash(u"Subskrypcje tymczasowo wyłączone.", "error")
-    return
+    if not captcha.validate():
+        flash(u"Nie rozwiązano poprawnie CAPTCHA.", "error")
+        return
    if "email" in request.form:
        email = request.form["email"].strip()
        if len(email) > 0:
--- a/requirements.txt
+++ b/requirements.txt
@ -1,12 +1,16 @@
+captcha==0.3
 certifi==2019.3.9
 chardet==3.0.4
 Click==7.0
 feedparser==5.2.1
 Flask==1.0.2
+Flask-Session==0.3.1
+flask-session-captcha==1.1.0
 idna==2.8
 itsdangerous==1.1.0
 Jinja2==2.10
 MarkupSafe==1.1.1
+Pillow==5.4.1
 requests==2.21.0
 six==1.12.0
 urllib3==1.24.1
--- a/static/main.css
+++ b/static/main.css
@ -64,7 +64,7 @@ ul.news li {

 #about {
  border-bottom: 2px groove #fff;
-  padding: 5px;
+  padding: 15px;
 }

 #hs_branding {
@ -97,12 +97,12 @@ span.author {

 #left {
  border-right: 2px groove #fff;
-  margin-right: 270px;
+  margin-right: 320px;
 }

 #right {
  position: absolute;
-  width: 250px;
+  width: 300px;
  top: 100px;
  padding-top: 16px;
  right: 0;
@ -203,6 +203,26 @@ div.mail-desc {
  line-height: 15px;
 }

+div.mail-captcha {
+  width: 276px;
+  height: 40px;
+}
+div.mail-captcha img {
+  border: 1px groove #777;
+  width: 80px;
+  height: 30px;
+  float: left;
+}
+
+div.mail-captcha input {
+  float: left;
+  width: 178px !important;
+  height: 26px !important;
+  margin-top: 0 !important;
+  margin-bottom: 0 !important;
+  margin-right: 0 !important;
+}
+
 div.flashes {
  padding: 0;
  margin-left: auto;
@ -228,4 +248,4 @@ div.flashes li {

 div.flashes li.error {
  background-color: #a01023;
-}
+}
--- a/templates/about.html
+++ b/templates/about.html
@ -66,21 +66,7 @@
      </ul>
  </div>
  <div id="right">
-    <form action="/about" method="post">
-      <input name=_csrf_token type=hidden value="{{ csrf_token() }}">
-      <h1 class="mail" style="text-align: center;">Listy mailingowe</h1>
-      <h2 style="text-align: center; margin-top: -6px;">Zapisz się i porozmawiaj</h2>
-      <h4><input name="mail-waw" type="checkbox" class="mailcheck" checked="true" />Warszawska</h4>
-      <div class="mail-desc">Główna lista dyskusyjna hackerspaceu - organizacja i rozwiązywanie problemów.</div>
-      <h4><input name="mail-proj" type="checkbox" class="mailcheck" checked="true"/>Warszawska Projektowa</h4>
-      <div class="mail-desc">Informacje o postępie projektów, pomysły, ogłaszanie sukcesów i porażek.</div>
-      <h4><input name="mail-offtopic" type="checkbox" class="mailcheck" />Off Topic</h4>
-      <div class="mail-desc">Dyskusja o wszystkim i o niczym. Niski stosunek sygnału do szumu.</div>
-      <center>
-        <input type="text" name="email" class="email-entry" placeholder="twoj@email.com" />
-        <input type="submit" value="Zapisz się" class="email-submit" />
-      </center>
-    </form>
+    {% include "subscribe.html" %}
    <h1 class="twitter">Twitter</h1>
    <script type="text/javascript">
    new TWTR.Widget({
--- a/templates/about_en.html
+++ b/templates/about_en.html
@ -65,21 +65,7 @@
      </ul>
  </div>
  <div id="right">
-    <form action="/about" method="post">
-      <input name=_csrf_token type=hidden value="{{ csrf_token() }}">
-      <h1 class="mail" style="text-align: center;">Mailing lists</h1>
-      <h2 style="text-align: center; margin-top: -6px;">Subscribe and write</h2>
-      <h4><input name="mail-waw" type="checkbox" class="mailcheck" checked="true" />Warsaw</h4>
-      <div class="mail-desc">Main discussion list - organization and problem solving.</div>
-      <h4><input name="mail-proj" type="checkbox" class="mailcheck" checked="true"/>Warsaw Projects</h4>
-      <div class="mail-desc">Informations about our projects.</div>
-      <h4><input name="mail-offtopic" type="checkbox" class="mailcheck" />Off Topic</h4>
-      <div class="mail-desc">Discussions about everything and nothing. Low sound to noise ratio.</div>
-      <center>
-        <input type="text" name="email" class="email-entry" placeholder="your@email.com" />
-        <input type="submit" value="Subscribe" class="email-submit" />
-      </center>
-    </form>
+    {% include "subscribe_en.html" %}
    <h1 class="twitter">Twitter</h1>
    <script type="text/javascript">
    new TWTR.Widget({
--- a/templates/main.html
+++ b/templates/main.html
@ -39,21 +39,7 @@
  <iframe style="max-width: 750px;width:100%;border: none;" height="315" src="https://owncloud.hackerspace.pl/index.php/apps/calendar/embed/g8toktZrA9fyAHNi"></iframe>
  </div>
  <div id="right">
-    <form action="/" method="post">
-      <input name=_csrf_token type=hidden value="{{ csrf_token() }}">
-      <h1 class="mail" style="text-align: center;">Listy mailingowe</h1>
-      <h2 style="text-align: center; margin-top: -6px;">Zapisz się i porozmawiaj</h2>
-      <h4><input name="mail-waw" type="checkbox" class="mailcheck" checked>Warszawska</h4>
-      <div class="mail-desc">Główna lista dyskusyjna Warszawskiego Hackerspace'u - organizacja i rozwiązywanie problemów.</div>
-      <h4><input name="mail-proj" type="checkbox" class="mailcheck" checked/>Warszawska Projektowa</h4>
-      <div class="mail-desc">Informacje o postępie projektów, pomysły, ogłaszanie sukcesów i porażek.</div>
-      <h4><input name="mail-offtopic" type="checkbox" class="mailcheck" />Off Topic</h4>
-      <div class="mail-desc">Dyskusja o wszystkim i o niczym. Niski stosunek sygnału do szumu.</div>
-      <div style="text-align:center">
-        <input type="text" name="email" class="email-entry" placeholder="twoj@email.com" />
-        <input type="submit" value="Zapisz się" class="email-submit" />
-      </div>
-    </form>
+    {% include "subscribe.html" %}
    <h1 class="twitter">Twitter</h1>
    <script type="text/javascript">
    new TWTR.Widget({
--- a/templates/subscribe.html
+++ b/templates/subscribe.html
@ -0,0 +1,19 @@
+<form action="/" method="post">
+  <input name=_csrf_token type=hidden value="{{ csrf_token() }}">
+  <h1 class="mail" style="text-align: center;">Listy mailingowe</h1>
+  <h2 style="text-align: center; margin-top: -6px;">Zapisz się i porozmawiaj</h2>
+  <h4><input name="mail-waw" type="checkbox" class="mailcheck" checked="true" />Warszawska</h4>
+  <div class="mail-desc">Główna lista dyskusyjna hackerspaceu - organizacja i rozwiązywanie problemów.</div>
+  <h4><input name="mail-proj" type="checkbox" class="mailcheck" checked="true"/>Warszawska Projektowa</h4>
+  <div class="mail-desc">Informacje o postępie projektów, pomysły, ogłaszanie sukcesów i porażek.</div>
+  <h4><input name="mail-offtopic" type="checkbox" class="mailcheck" />Off Topic</h4>
+  <div class="mail-desc">Dyskusja o wszystkim i o niczym. Niski stosunek sygnału do szumu.</div>
+  <center>
+    <input type="text" name="email" class="email-entry" placeholder="twoj@email.com" />
+    <div class="mail-captcha">
+        {{ captcha() }}
+        <input type="text" name="captcha" class="email-entry" placeholder="Przepisz CAPTCHA...">
+    </div>
+    <input type="submit" value="Zapisz się" class="email-submit" />
+  </center>
+</form>
--- a/templates/subscribe_en.html
+++ b/templates/subscribe_en.html
@ -0,0 +1,19 @@
+<form action="/" method="post">
+  <input name=_csrf_token type=hidden value="{{ csrf_token() }}">
+  <h1 class="mail" style="text-align: center;">Mailing lists</h1>
+  <h2 style="text-align: center; margin-top: -6px;">Subscribe and chat</h2>
+  <h4><input name="mail-waw" type="checkbox" class="mailcheck" checked="true" />Warsaw</h4>
+  <div class="mail-desc">Main discussion list - organization and problem solving.</div>
+  <h4><input name="mail-proj" type="checkbox" class="mailcheck" checked="true"/>Warsaw Projects</h4>
+  <div class="mail-desc">Information about our projects.</div>
+  <h4><input name="mail-offtopic" type="checkbox" class="mailcheck" />Off Topic</h4>
+  <div class="mail-desc">Discussion about everything and nothing. Low signal to noise ratio.</div>
+  <center>
+    <input type="text" name="email" class="email-entry" placeholder="you@example.com" />
+    <div class="mail-captcha">
+        {{ captcha() }}
+        <input type="text" name="captcha" class="email-entry" placeholder="Solve the CAPTCHA...">
+    </div>
+    <input type="submit" value="Subscribe" class="email-submit" />
+  </center>
+</form>