diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 67a3b403..793e6b5f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -7,6 +7,7 @@ Changelog - FontAwesome 5.12.1 support - Mermaid 8.4.8 support - clipboard.js updated to v2.0.6 +- fix for spam protection with invisible_captcha 2.0.23 ++++++ diff --git a/app/overrides/account/register.rb b/app/overrides/account/register.rb index 3f804be5..995abf8e 100644 --- a/app/overrides/account/register.rb +++ b/app/overrides/account/register.rb @@ -1,5 +1,7 @@ -Deface::Override.new virtual_path: 'account/register', - name: 'add-invisble-captcha', - insert_top: 'div.box', - original: 'e64d82c46cc3322e4d953aa119d1e71e81854158', - partial: 'account/invisible_captcha' +Deface::Override.new( + virtual_path: 'account/register', + name: 'add-invisble-captcha', + insert_top: 'div.box', + original: Redmine::VERSION.to_s >= '4.1' ? 'a9c303821376a8d83cba32654629d71cc3926a1d' : 'e64d82c46cc3322e4d953aa119d1e71e81854158', + partial: 'account/invisible_captcha' +) diff --git a/app/views/account/_invisible_captcha.html.slim b/app/views/account/_invisible_captcha.html.slim index 0c9c4908..e22a9418 100644 --- a/app/views/account/_invisible_captcha.html.slim +++ b/app/views/account/_invisible_captcha.html.slim @@ -1,2 +1,2 @@ - if Additionals.setting?(:invisible_captcha) - = invisible_captcha + = f.invisible_captcha :url, autocomplete: 'off' diff --git a/lib/additionals/patches/account_controller_patch.rb b/lib/additionals/patches/account_controller_patch.rb index b47d5774..dbfc30de 100644 --- a/lib/additionals/patches/account_controller_patch.rb +++ b/lib/additionals/patches/account_controller_patch.rb @@ -2,8 +2,22 @@ module Additionals module Patches module AccountControllerPatch def self.included(base) + base.send(:include, InstanceMethods) base.class_eval do - invisible_captcha only: [:register] if Additionals.setting?(:invisible_captcha) + invisible_captcha(only: [:register], on_timestamp_spam: :timestamp_spam_check) if Additionals.setting?(:invisible_captcha) + end + end + module InstanceMethods + # required because invisible_captcha uses root_path, which is not available for Redmine + def timestamp_spam_check + # redmine uses same action for _GET and _POST + return unless request.post? + + if respond_to?(:redirect_back) + redirect_back(fallback_location: home_url, flash: { error: InvisibleCaptcha.timestamp_error_message }) + else + redirect_to :back, flash: { error: InvisibleCaptcha.timestamp_error_message } + end end end end