Add captcha to search view

Gemfile.lock

@@ -250,7 +250,7 @@ GEM
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (6.0.1)
       railties (>= 3.2.16)
-    json (2.3.1)
+    json (2.6.1)
     kaminari (1.2.1)
       activesupport (>= 4.1.0)
       kaminari-actionview (= 1.2.1)
@@ -392,7 +392,7 @@ GEM
     rb-fsevent (0.10.3)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    recaptcha (4.14.0)
+    recaptcha (5.8.1)
       json
     recipient_interceptor (0.2.0)
       mail

app/assets/javascripts/lumen/captcha_gateway.js.coffee

@@ -0,0 +1,7 @@
+$ ->
+  if $('.captcha-gateway')
+    checkFormCaptchaReady = setInterval ->
+      if $('#g-recaptcha-response-data-gateway').val()
+        $('#captcha-gateway-form').submit()
+        clearInterval(checkFormCaptchaReady)
+    , 100

app/assets/stylesheets/application.css.scss

@@ -49,6 +49,7 @@
 @import 'token_urls/index';
 @import 'media_mentions/index';
 @import 'api_submitter_requests/index';
+@import 'captcha_gateway/index';
 
 @import 'pages/pages';
 

app/assets/stylesheets/bitters/_forms.scss

@@ -112,6 +112,10 @@ input[type="submit"]:not(.reset) {
   }
 }
 
+button[disabled] {
+  cursor: not-allowed;
+}
+
 input {
   @include placeholder {
     color: #AEB6C2;

app/assets/stylesheets/captcha_gateway/index.scss

@@ -0,0 +1,9 @@
+.captcha-gateway {
+  .main {
+    padding: 35px;
+
+    img {
+      padding: 15px;
+    }
+  }
+}

app/controllers/api_submitter_requests_controller.rb

@@ -1,6 +1,4 @@
 class ApiSubmitterRequestsController < ApplicationController
-  include Recaptcha::ClientHelper
-
   def new
     @api_submitter_request = ApiSubmitterRequest.new
   end
@@ -56,13 +54,14 @@ def api_submitter_request_params
   end
 
   def validate
-    unless verify_recaptcha(model: @api_submitter_request)
+    unless verify_recaptcha(action: 'new_submitter_request', minimum_score: 0.5)
+      flash.delete(:recaptcha_error)
+
       return {
         status: false,
         why: 'Captcha verification failed, please try again.'
       }
     end
-
     {
       status: true
     }

app/controllers/captcha_gateway_controller.rb

@@ -0,0 +1,21 @@
+class CaptchaGatewayController < ApplicationController
+  def index
+    redirect_to root_path and return if params[:destination].nil?
+
+    if params.dig('g-recaptcha-response-data', 'gateway')
+      success_captcha = verify_recaptcha(action: 'gateway', minimum_score: 0.5)
+
+      captcha_gateway_logger = Logger.new("#{Rails.root}/log/captcha_gateway_logger.log")
+      captcha_gateway_logger.info(recaptcha_reply.inspect)
+
+      if success_captcha
+        session[:captcha_permission] = Time.now + ENV['CAPTCHA_GATEWAY_PERMISSION_TIME'].to_i.seconds
+        redirect_to CGI.unescape(params[:destination]) and return
+      else
+        flash.delete(:recaptcha_error)
+        flash.alert = 'Sorry, we don\'t this that you are a human, if you think this is an error please contact our team at [email protected].'
+        redirect_to root_path and return
+      end
+    end
+  end
+end

app/controllers/search_controller.rb

@@ -18,6 +18,19 @@ class SearchController < ApplicationController
   URL_ROOT = nil
 
   def index
+    if request.format.html? && current_user.nil? && !Rails.env.test?
+      permitted = false
+
+      if session[:captcha_permission]
+        time_permission = session[:captcha_permission]
+        permitted = true if time_permission > Time.now
+      end
+
+      unless permitted
+        redirect_to(captcha_gateway_index_path(destination: CGI.escape(request.original_url))) and return
+      end
+    end
+
     @searcher = item_searcher
     @searchdata = @searcher.search
     @wrapped_instances = wrap_instances

app/controllers/submitter_widget_notices_controller.rb

@@ -1,6 +1,4 @@
 class SubmitterWidgetNoticesController < NoticesController
-  include Recaptcha::ClientHelper
-
   layout 'submitter_widget'
   before_action :before_actions
 
@@ -36,7 +34,8 @@ def create
       get_notice_type(params), notice_params, submitter_widget_user
     ).build
 
-    unless verify_recaptcha(model: @notice)
+    unless verify_recaptcha(action: 'submitter_widget_new_notice', minimum_score: 0.5)
+      flash.delete(:recaptcha_error)
       flash.alert = 'Captcha verification failed, please try again.'
       strip_fixed_roles and render 'notices/submitter_widget/new' and return
     end

app/controllers/token_urls_controller.rb

@@ -3,8 +3,6 @@
 require 'hasher'
 
 class TokenUrlsController < ApplicationController
-  include Recaptcha::ClientHelper
-
   IP_BETWEEN_REQUESTS_WAITING_TIME = 2.hours
 
   def new
@@ -133,7 +131,9 @@ def validate
       }
     end
 
-    unless verify_recaptcha(model: @token_url)
+    unless verify_recaptcha(action: 'new_token_url', minimum_score: 0.5)
+      flash.delete(:recaptcha_error)
+
       return {
         status: false,
         why: 'Captcha verification failed, please try again.'

app/models/elasticsearch/elasticsearch_query.rb

@@ -71,7 +71,7 @@ def search
   # Adding a datestamp guarantees that the cache_key eventually expires.
   def cache_key
     is_super_admin = Current.user&.role?(Role.super_admin)
-    @cache_key ||= "search-result-#{Digest::MD5.hexdigest(params.values.to_s)}-#{Date.today}-#{is_super_admin}"
+    @cache_key ||= "search-result-#{Digest::MD5.hexdigest(params.except('g-recaptcha-response-data', 'g-recaptcha-response').values.to_s)}-#{Date.today}-#{is_super_admin}"
   end
 
   private

app/views/api_submitter_requests/new.html.erb

@@ -35,7 +35,7 @@
           <%= f.input :entity_url, label: 'URL' %>
         </div>
 
-        <%= recaptcha_tags %>
+        <%= recaptcha_v3(action: 'new_submitter_request') %>
       </div>
 
       <div class="form-actions">

app/views/captcha_gateway/index.html.erb

@@ -0,0 +1,18 @@
+<% title 'Are you a human?' %>
+
+<article class="captcha-gateway">
+  <section class="body">
+    <div class="main">
+      <h4>We need to check if you are a human, wait a few seconds please.</h4>
+      <h4>You will be automatically redirected to your destination page.</h4>
+      <div>
+        <%= image_tag '/assets/captcha_loading.gif' %>
+      </div>
+
+      <form id="captcha-gateway-form" method="get">
+        <%= recaptcha_v3(action: 'gateway') %>
+        <input type="hidden" name="destination" value="<%= params[:destination] %>">
+      </form>
+    </div>
+  </section>
+</article>

app/views/notices/submitter_widget/_counterfeit_form.html.erb

@@ -30,7 +30,7 @@
              label: 'Counterfeit notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_counternotice_form.html.erb

@@ -42,7 +42,7 @@
 
   <%= render 'notices/submitter_widget/form_components/roles', form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_court_order_form.html.erb

@@ -28,7 +28,7 @@
 
   <%= render 'notices/submitter_widget/form_components/roles', form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_defamation_form.html.erb

@@ -28,7 +28,7 @@
              label: 'Defamation takedown notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_dmca_form.html.erb

@@ -32,7 +32,7 @@
              label: 'DMCA takedown notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_government_request_form.html.erb

@@ -27,7 +27,7 @@
 
   <%= render 'notices/submitter_widget/form_components/roles', form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_law_enforcement_request_form.html.erb

@@ -29,7 +29,7 @@
 
   <%= render 'notices/submitter_widget/form_components/roles', form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_other_form.html.erb

@@ -30,7 +30,7 @@
              label: 'Notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_private_information_form.html.erb

@@ -28,7 +28,7 @@
              label: 'Private Information notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/notices/submitter_widget/_trademark_form.html.erb

@@ -34,7 +34,7 @@
              label: 'Trademark takedown notice',
              form: form %>
 
-  <%= recaptcha_tags %>
+  <%= recaptcha_v3(action: 'submitter_widget_new_notice') %>
 
   <%= render 'notices/form_components/submit', form: form %>
 <% end %>

app/views/search/index.html.erb

@@ -1,4 +1,5 @@
 <%= title 'Search' %>
+
 <%= cache(@searcher.cache_key) do %>
   <section class="search-results">
     <header class="app">

app/views/shared/_header_search.html.erb

@@ -12,7 +12,7 @@
         <% end %>
         <a id="duplicate-field" href="javascript:void(0);" class="add-group">Add more</a>
         <div class="resubmit">
-          <button class="button">Advanced Search</button>
+          <button class="button adv-search-submit" type="submit">Advanced Search</button>
         </div>
       </div>
     </div>

app/views/shared/_search.html.erb

@@ -4,7 +4,7 @@
       <%= text_field_tag :term, params[:term], id: "search", type: 'search', placeholder: @search_all_placeholder %>
     </div>
     <div class="submit">
-      <button id="submit" class="" type="submit" title="search">Go</button>
+      <button id="submit" class="main-search-submit" type="submit" title="search">Go</button>
       <div class="search-dropdown dropdown">
         <a id="toggle-advanced-search" href="" class="dropdown-toggle" data-toggle="dropdown">Open</a>
       </div>

app/views/token_urls/new.html.erb

@@ -12,7 +12,7 @@
         <%= f.input :email, label: 'Email address', required: true %>
         <%= f.input :documents_notification, as: :boolean, inline_label: 'Select to get a notification when new notice documents are added (or when existing notice documents are updated).', label: false %>
 
-        <%= recaptcha_tags %>
+        <%= recaptcha_v3(action: 'new_token_url') %>
       </div>
 
       <div class="form-actions">