Merge pull request #282 from fuseumass/solveSpamProblems

Solve spam problems

Author: AVS1508

Gemfile

@@ -125,6 +125,12 @@ gem 'ransack'
 # Generate PDF
 gem 'hexapdf'
 
+# Validate email addresses with MX lookups
+gem 'valid_email2'
+
+# Validate user registrations with captcha
+gem 'recaptcha'
+
 gem 'omniauth'
 gem 'devise_token_auth'
 gem 'rack-cors'

Gemfile.lock

@@ -138,6 +138,7 @@ GEM
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (6.0.1)
       railties (>= 3.2.16)
+    json (2.6.2)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -156,10 +157,12 @@ GEM
       nokogiri (~> 1)
       rake
     mini_mime (1.1.2)
+    mini_portile2 (2.6.1)
     minitest (5.15.0)
     multipart-post (2.1.1)
     nio4r (2.5.8)
-    nokogiri (1.12.5-x86_64-linux)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
       racc (~> 1.4)
     omniauth (2.0.4)
       hashie (>= 3.4.6)
@@ -240,6 +243,8 @@ GEM
     rb-fsevent (0.11.0)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    recaptcha (5.9.0)
+      json
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
@@ -297,6 +302,9 @@ GEM
       thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
+    valid_email2 (4.0.4)
+      activemodel (>= 3.2)
+      mail (~> 2.5)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (3.7.0)
@@ -338,6 +346,7 @@ DEPENDENCIES
   rails-jquery-autocomplete
   rails_12factor
   ransack
+  recaptcha
   rqrcode
   sass-rails (~> 5.0)
   sentry-raven
@@ -348,6 +357,7 @@ DEPENDENCIES
   turbolinks (~> 5)
   tzinfo-data
   uglifier (>= 1.3.0)
+  valid_email2
   web-console (>= 3.3.0)
   will_paginate
 

app/controllers/registrations_controller.rb

@@ -0,0 +1,13 @@
+class RegistrationsController < Devise::RegistrationsController
+    def create
+        if verify_recaptcha
+            super
+        else
+            build_resource(sign_up_params)
+            clean_up_passwords(resource)
+            flash.now[:alert] = "There was an error with the recaptcha code below. Please re-enter the code."
+            flash.delete :recaptcha_error
+            render :new
+        end
+    end
+end

app/models/user.rb

@@ -1,7 +1,9 @@
 class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable and :omniauthable
-  validates_presence_of :first_name, :last_name
+  validates :first_name, :last_name, presence: true, format: { with: /\A[a-zA-Z .'-]+\Z/, message: 'only allows letters, periods, apostrophes, hyphens and spaces' } 
+  # Confirm that the email is not disposable or missing an MX record
+  validates :email, presence: true,  'valid_email_2/email': {mx: true, disposable: true}
 
   if !Rails.env.development? && HackumassWeb::Application::EMAIL_VERIFICATION
     devise :database_authenticatable, :registerable,

app/views/devise/registrations/new.html.erb

@@ -25,6 +25,8 @@
           <label class="form-label">Confirm Password</label>
           <%= f.password_field :password_confirmation, placeholder: "Confirm Password", autocomplete: "off", class: "form-control" %>
         </div>
+        <%= flash[:recaptcha_error] %>
+        <%= recaptcha_tags %>
         <div class="form-footer">
           <button type="submit" class="btn btn-primary btn-block">Create new account</button>
         </div>

config/initializers/recaptcha.rb

@@ -0,0 +1,4 @@
+Recaptcha.configure do |config|
+    config.site_key  = ENV['RECAPTCHA_SITE_KEY']
+    config.secret_key = ENV['RECAPTCHA_SECRET_KEY']
+end

config/routes.rb

@@ -28,7 +28,7 @@
       get 'users/edit' => 'devise/registrations#edit', :as => :edit_user_registration
       delete 'logout', to: 'devise/sessions#destroy', as: :destroy_user_session
       get 'signup', to: 'devise/registrations#new', as: :new_user_registration
-      post 'signup', to: 'devise/registrations#create', as: :user_registration
+      post 'signup', to: 'registrations#create', as: :user_registration
       patch 'signup', to: 'devise/registrations#update', as: :update_user_registration
       get 'change_pass', to: 'users#go_to_forgot'
     end