Move to hcaptcha

Gemfile

@@ -72,8 +72,8 @@ gem 'omniauth_openid_connect', '~> 0.3.5'
 gem 'jwt', '~> 2.2.3'
 
 # contact mail form
+gem 'hcaptcha', '~> 7.1.0'
 gem 'mail_form', '~> 1.9.0'
-gem 'recaptcha', '~> 5.8.1', require: 'recaptcha/rails'
 
 # authorization
 gem 'pundit', '~> 2.1.0'

Gemfile.lock

@@ -170,6 +170,8 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
     hashie (4.1.0)
+    hcaptcha (7.1.0)
+      json
     htmlentities (4.3.4)
     httparty (0.18.1)
       mime-types (~> 3.0)
@@ -346,8 +348,6 @@ GEM
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rb-readline (0.5.5)
-    recaptcha (5.8.1)
-      json
     regexp_parser (2.1.1)
     responders (3.0.1)
       actionpack (>= 5.0)
@@ -488,6 +488,7 @@ DEPENDENCIES
   faker (~> 2.18.0)
   flamegraph (~> 0.9.5)
   has_scope (~> 0.8.0)
+  hcaptcha (~> 7.1.0)
   httparty (~> 0.18.1)
   i18n-js (~> 3.9.0)
   image_processing (~> 1.12.1)
@@ -518,7 +519,6 @@ DEPENDENCIES
   rails-i18n (~> 6.0.0)
   rails_server_timings (~> 1.0.8)
   rb-readline (~> 0.5.5)
-  recaptcha (~> 5.8.1)
   rouge (= 3.26.0)
   rubocop-rails (~> 2.11.3)
   ruby-saml (~> 1.12.2)

app/controllers/pages_controller.rb

@@ -1,8 +1,9 @@
 class PagesController < ApplicationController
-  content_security_policy only: %i[contact] do |policy|
-    policy.script_src(*(%w[https://www.recaptcha.net https://www.gstatic.com
-                           https://www.google.com] + policy.script_src))
-    policy.frame_src('https://www.google.com', 'https://www.recaptcha.net')
+  content_security_policy only: %i[contact create_contact] do |policy|
+    policy.script_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.script_src))
+    policy.style_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.style_src))
+    policy.connect_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.connect_src))
+    policy.frame_src('https://hcaptcha.com', 'https://*.hcaptcha.com')
   end
 
   def home
@@ -59,7 +60,7 @@ def create_contact
     @contact_form = ContactForm.new(contact_params)
     @contact_form.request = request # Allows us to also send ip
     @contact_form.validate
-    if verify_recaptcha(model: @contact_form, message: t('.captcha_failed')) && @contact_form.deliver
+    if verify_hcaptcha(model: @contact_form, message: t('.captcha_failed')) && @contact_form.deliver
       redirect_to root_path, notice: t('.mail_sent')
     else
       flash[:error] = @contact_form.errors.full_messages.to_sentence

app/views/pages/contact.html.erb

@@ -41,7 +41,7 @@
           <% if Rails.env.production? || Rails.env.staging? %>
             <div class="form-group row">
               <div class="offset-sm-2 col-sm-8">
-                <%= recaptcha_tags %>
+                <%= hcaptcha_tags %>
               </div>
             </div>
           <% end %>

config/credentials.yml.enc

@@ -1 +1 @@
-jIu06O5mifMmzqlESzyG48oWNB6+OILy2OgI2RMmS5lB0JcXgRbDUwIMe20R7Zu2656JBublUnrlgELw/m8sBUulkXR6IXQcg3puiWv90EWlmsyZCc0X3l7nTLMvPdmZW9MjqRd9/ksa9itkJswz6mJMsJK1Rl1E5DhxOyaAXdd6GwOX/d8XcB7ciUQvtIJjP/6rgmCBiT0NPtTi9MwxnzepsR0Y5jLDj4SieK3pMfEwKOAoKo881OoVDNyY3AN/nppm03CIiCK+Y4Uswa890QFA4O645Vx2ybns8V4qiSYEfF0RtLPZrBKK5bBE/7Lz6SKx9JCPOE/lStWnYAEFgw54VFvvJGs+6fZY7rCWwamVlYI8dpgi/B0GC4R+NbOmDkyi597r5XTpswXJW30MLKlP+pFQcE5xPwvlPFdBj89VOGQZIuNdBc+c4YMVTra8B7NbuDeshBdACU37RSCNyHVT1lSEeylRTQDmvXgqrld14NN2uXkEWX06zyBuW4id4OHHKx5Mqxn+HmRXnUYuNGQ1/iDM7yuO26T5ViwhbZNZktjj6544E6RLQxqNV1jLFvnbQNLRA8NopLNQugOVz6IKeNTt3NXbQ7/w96m4us+W9V/FUl4VHD45EIzo3noymEt2kCp4boXDfALLw9hdRXPC/YOhShdU76rZLbwYwcEmgF3KlQIGCXJu+VMiFbk7sKqWQ74YPSeZ8u+ZW5euJy1QjsSTXERQYwbpdSUEnvz1yIWTs01g+TRUhcEPH+Pa/D5gqYB/w7hFyaxi1CWCqDi560Tp9ALoAflcd4vbpD+dJq55tLYUfOs+gWfJ1Bvk4u/77qBGOQknDoGLXqY6rNMvlEs2ZoBIWnj4OIFG+tps+osyqyhhR+XaPR0IQedW3pJaD8ed3gwFsemuz6y70km9qJGQQ2QHTz7369tI8Vp2l4Jk34x+IVTkuEBiqvJkbwu0knG14GKRc7E3PtnlrDZxRMAqkjL/0B7iQDcWwUYZ/b5aKKw3XyE+yAHLl89cMH2rX5D8IuHTNolgS97FijcaxslZf/BLjVSfAetfMWcsMlmpWdBp0ETEuyG+wqNMOfwim/DZKr6TSt4faZh/Ukv48bx8PYt1AK7SN86a0pqJKBrxKq4vYVqLPfaZ/+vNp/zGSSxj7gnBhZMPxMUHKFs2fA==--k/KgAwJecVxaIiT8--Dvwbs8Q1EfBU/u9bRiQKBg==
+741kCSV0vSKpirl91UXnQQwkqnZh4OuZJFouokna3bC2Gtbw1yePCPksnj1ob1Udg+hf4SxRmmyhKj3Nzd7+c6GcpfdJfBkynmqtNVGMkdF8YGgBySBF08rNJM3Gm16AIW7zIXdzO+PDb+ljQ/bI3DFceiacdKnryMlf5Be11YjHUtSXBlnOSQ9C+3BRQhIKUM6foF9J5hlfhxVW7OD2hhap+qLclk3Wws6kIHwnCD9CgzIK0cpINrY8Z0Omhyhd0jzhywbdKvA7xFAJqW+fUC9WAOe1vUlzBQiLFNxx/cXBq8cTXcHm25f3KZx5wI9ArQjN5Ws3LKxLjZtASI9SatxeW9aGNmrtSMltuvXvacKKr6Pr3G513X1g1SLk5YtWlvAtWhNM3q+IQ8JUmv1xAQALqu1Nc7oQKCiA+dU/Nt1EfrEruFzxaex7FhQmV+AzjgK3IFSq5E45Z/tm9FWO0c3nmrmhSCKGlgQ0/GBYffAlsaMV839Cgoru0AUTFp1sTm5P4NIEGA9wA9tiezlHeVQx/TI0/2mIBcIWecrwcvP4VbO42s/I9ChrBAEUL7kb6EXVFNJ62Y9GmpWtOQaqiUyaK0A5ov7LuztsqIrTzhxbMC1H8E5f6JXa8qLMA/lZcaJD8sTGB+50WehFq0JHpcF6FTN/BFNNFnUWw/OyadI/Dph77KA7fWWB51jz7WZhlxMFQA0xcNNPdHQAsCAK97Me/NbPy9o9IcV5Uc5wZq7twW9Y0PrEd4nJJB49YsH7ByZYACzuZOZ6vllbNPX5ZZcm3nf6lzh7iQAXk9ogP7tL30+BcwO1URNjLcTHYobDfNbbfWpWCj1SGdoz2aPwueBuWKp5rdM47XgAy0SNkokj8d8VU36Bt1RAKk0SCB+vNLvUOX60AAicXrm63MJZ7do6PsO4gBA09eQuSo4RdojA7JXdvOd4roRSK/2kIxkdsEN61oTQiL0ppc3D2zc5Al1g6elLGZ/4NCs4dqidQm+nT30+QduKXVWiQ23uXiGmGSL1ZxLO7JfhosfwAHOOf3dr0CdJVraKXQszCtkFa4Wh+FPn6RWlik2ERSZNZoneT2yiMC2ipThwRjIbSYyDK36A6Ws4n1HN4i9AaztsOEF3LOBQrQG9fuir+n+QHwdFZuB2quPgtQUON+Yb6UJzFio=--vYtWzIPjLxHvRBD5--n9enP0owZLl1jZMKoMLQEg==

config/credentials/staging.yml.enc

@@ -1 +1 @@
-FbXR8Pry96aLKOyp/YYyKEnWjZf32bJUbVqqOw1bcqCCREA7AGmUVUUsJaylI28SHwbDO5qYw/N/GusC8Zh6WdHgyFv8ARalvgIWE4QMCo/xmq00WdyxJUTxMwtFPvb+hMqxKVyTZ8AiIeS1+cySebShJCU5+in4RticztxaiceCjfFgGkzJeA3ph7a2u+Y8zBR+AuJM1Q==--CjVchd12b8cbF22G--UtTqVaNRbp5q+Ql0jLbngA==
+h6YQ/xM7z8+UJ3TFNWJuprkec8Orlkc/R/LfO9nz9ANXdXGtLpu7GcsJgdPEZb0aPxX6T2Z21ssuna6Dsh9bPjLLbkoW4Db4p5YS70D9hlqxeXHt5uYdZPZl/SZZvjE3dZzPizYCZ3LGQz/3LWLQjsiJHIk/ow/0tVjZ4XUvWiwtqESTF67cZrZneVc2m6w3KG6cG2AMNE3GI5phhVeQAeVQVYMbu/FjoVnb6fQF3gtQDvzzZFxNFfYZTXZF2U1PlAXSKNQtktjaMiRTv4AW1ZRG2Ncsb1r3fYEHTd5qx5+LP3low8LdYreCvS1z6xYLkS/b1znMQhxyVtgXWH8ZGeKkHkhD9sW1ZLw+TXTTX84G908=--AR0wlVEWLuoZz3AW--3VBD7e4+dzXec1ojsgZxrQ==

config/initializers/hcaptcha.rb

@@ -0,0 +1,4 @@
+Hcaptcha.configure do |config|
+  config.site_key = Rails.application.credentials.hcaptcha_site_key
+  config.secret_key = Rails.application.credentials.hcaptcha_secret_key
+end

config/locales/views/pages/en.yml

@@ -62,7 +62,7 @@ en:
       send: Send message
     create_contact:
       mail_sent: "Your message has been sent. Thanks for getting in touch."
-      captcha_failed: reCAPTCHA could not be verified; please try again.
+      captcha_failed: HCaptcha could not be verified; please try again.
     privacy_disclaimer:
       text_html: "Your privacy is important to us. On the <a href=\"%{your_data}\">your data</a> page we explain in clear and understandable language what data we collect and how we use it. Our <a href=\"%{privacy_statement}\">privacy statement</a> contains the legally binding version."
     support:

config/locales/views/pages/nl.yml

@@ -61,7 +61,7 @@ nl:
       rights_request_redirect_html: Wil je lesgeversrechten aanvragen voor je account? Gebruik dan <strong><a href="%{url}">dit formulier</a></strong>.
       send: Bericht verzenden
     create_contact:
-      captcha_failed: reCAPTCHA kon niet geverifieerd worden, probeer opnieuw.
+      captcha_failed: HCaptcha kon niet geverifieerd worden, probeer opnieuw.
       mail_sent: "Je bericht werd verstuurd. Bedankt om contact op te nemen."
     privacy_disclaimer:
       text_html: "Jouw privacy is belangrijk voor ons. Op de <a href=\"%{your_data}\">jouw data</a> pagina leggen we in mensentaal uit welke data we verzamelen en hoe we die gebruiken. De juridisch bindende versie kan je in onze <a href=\"%{privacy_statement}\">privacyverklaring</a> vinden."
@@ -82,4 +82,3 @@ nl:
       support_p3_html: "Wenst u een groter bedrag te schenken of kiest u liever voor sponsoring op factuur? Contacteer ons op <a href='mailto:[email protected]'>[email protected]</a> en we bekijken samen graag de mogelijkheden."
       supported_by: Met de steun van
       supported_p1_html: "Dodona wordt ontwikkeld door een klein team onderzoekers aan de <a href='https://www.ugent.be' target='_blank'>Universiteit Gent</a>. Het platform is volledig open source en alle code is beschikbaar op <a href='https://github.com/dodona-edu/dodona' target='_blank'>GitHub</a>. De hosting wordt aangeboden door de Universiteit Gent. Daarnaast ontving Dodona al steun in de vorm van onderwijsinnovatieprojecten van de Universiteit Gent en de Faculteit Wetenschappen. Ook <a href='https://www.elixir-belgium.org/' target='_blank'>ELIXIR Belgium</a> ondersteunde dit project."
-