diff --git a/Gemfile b/Gemfile index 1d422dfed5..54873feb2b 100644 --- a/Gemfile +++ b/Gemfile @@ -72,8 +72,8 @@ gem 'omniauth_openid_connect', '~> 0.3.5' gem 'jwt', '~> 2.2.3' # contact mail form +gem 'hcaptcha', '~> 7.1.0' gem 'mail_form', '~> 1.9.0' -gem 'recaptcha', '~> 5.8.1', require: 'recaptcha/rails' # authorization gem 'pundit', '~> 2.1.0' diff --git a/Gemfile.lock b/Gemfile.lock index ca567e0e05..bbde6b8d6f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -170,6 +170,8 @@ GEM actionpack (>= 5.2) activesupport (>= 5.2) hashie (4.1.0) + hcaptcha (7.1.0) + json htmlentities (4.3.4) httparty (0.18.1) mime-types (~> 3.0) @@ -346,8 +348,6 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rb-readline (0.5.5) - recaptcha (5.8.1) - json regexp_parser (2.1.1) responders (3.0.1) actionpack (>= 5.0) @@ -488,6 +488,7 @@ DEPENDENCIES faker (~> 2.18.0) flamegraph (~> 0.9.5) has_scope (~> 0.8.0) + hcaptcha (~> 7.1.0) httparty (~> 0.18.1) i18n-js (~> 3.9.0) image_processing (~> 1.12.1) @@ -518,7 +519,6 @@ DEPENDENCIES rails-i18n (~> 6.0.0) rails_server_timings (~> 1.0.8) rb-readline (~> 0.5.5) - recaptcha (~> 5.8.1) rouge (= 3.26.0) rubocop-rails (~> 2.11.3) ruby-saml (~> 1.12.2) diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index e6d19338a0..3519a01556 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,8 +1,9 @@ class PagesController < ApplicationController - content_security_policy only: %i[contact] do |policy| - policy.script_src(*(%w[https://www.recaptcha.net https://www.gstatic.com - https://www.google.com] + policy.script_src)) - policy.frame_src('https://www.google.com', 'https://www.recaptcha.net') + content_security_policy only: %i[contact create_contact] do |policy| + policy.script_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.script_src)) + policy.style_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.style_src)) + policy.connect_src(*(%w[https://hcaptcha.com https://*.hcaptcha.com] + policy.connect_src)) + policy.frame_src('https://hcaptcha.com', 'https://*.hcaptcha.com') end def home @@ -59,7 +60,7 @@ def create_contact @contact_form = ContactForm.new(contact_params) @contact_form.request = request # Allows us to also send ip @contact_form.validate - if verify_recaptcha(model: @contact_form, message: t('.captcha_failed')) && @contact_form.deliver + if verify_hcaptcha(model: @contact_form, message: t('.captcha_failed')) && @contact_form.deliver redirect_to root_path, notice: t('.mail_sent') else flash[:error] = @contact_form.errors.full_messages.to_sentence diff --git a/app/views/pages/contact.html.erb b/app/views/pages/contact.html.erb index 530b1bff41..cb329a2b13 100644 --- a/app/views/pages/contact.html.erb +++ b/app/views/pages/contact.html.erb @@ -41,7 +41,7 @@ <% if Rails.env.production? || Rails.env.staging? %>
- <%= recaptcha_tags %> + <%= hcaptcha_tags %>
<% end %> diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc index 74ebf0caaa..273f066d74 100644 --- a/config/credentials.yml.enc +++ b/config/credentials.yml.enc @@ -1 +1 @@ -jIu06O5mifMmzqlESzyG48oWNB6+OILy2OgI2RMmS5lB0JcXgRbDUwIMe20R7Zu2656JBublUnrlgELw/m8sBUulkXR6IXQcg3puiWv90EWlmsyZCc0X3l7nTLMvPdmZW9MjqRd9/ksa9itkJswz6mJMsJK1Rl1E5DhxOyaAXdd6GwOX/d8XcB7ciUQvtIJjP/6rgmCBiT0NPtTi9MwxnzepsR0Y5jLDj4SieK3pMfEwKOAoKo881OoVDNyY3AN/nppm03CIiCK+Y4Uswa890QFA4O645Vx2ybns8V4qiSYEfF0RtLPZrBKK5bBE/7Lz6SKx9JCPOE/lStWnYAEFgw54VFvvJGs+6fZY7rCWwamVlYI8dpgi/B0GC4R+NbOmDkyi597r5XTpswXJW30MLKlP+pFQcE5xPwvlPFdBj89VOGQZIuNdBc+c4YMVTra8B7NbuDeshBdACU37RSCNyHVT1lSEeylRTQDmvXgqrld14NN2uXkEWX06zyBuW4id4OHHKx5Mqxn+HmRXnUYuNGQ1/iDM7yuO26T5ViwhbZNZktjj6544E6RLQxqNV1jLFvnbQNLRA8NopLNQugOVz6IKeNTt3NXbQ7/w96m4us+W9V/FUl4VHD45EIzo3noymEt2kCp4boXDfALLw9hdRXPC/YOhShdU76rZLbwYwcEmgF3KlQIGCXJu+VMiFbk7sKqWQ74YPSeZ8u+ZW5euJy1QjsSTXERQYwbpdSUEnvz1yIWTs01g+TRUhcEPH+Pa/D5gqYB/w7hFyaxi1CWCqDi560Tp9ALoAflcd4vbpD+dJq55tLYUfOs+gWfJ1Bvk4u/77qBGOQknDoGLXqY6rNMvlEs2ZoBIWnj4OIFG+tps+osyqyhhR+XaPR0IQedW3pJaD8ed3gwFsemuz6y70km9qJGQQ2QHTz7369tI8Vp2l4Jk34x+IVTkuEBiqvJkbwu0knG14GKRc7E3PtnlrDZxRMAqkjL/0B7iQDcWwUYZ/b5aKKw3XyE+yAHLl89cMH2rX5D8IuHTNolgS97FijcaxslZf/BLjVSfAetfMWcsMlmpWdBp0ETEuyG+wqNMOfwim/DZKr6TSt4faZh/Ukv48bx8PYt1AK7SN86a0pqJKBrxKq4vYVqLPfaZ/+vNp/zGSSxj7gnBhZMPxMUHKFs2fA==--k/KgAwJecVxaIiT8--Dvwbs8Q1EfBU/u9bRiQKBg== \ No newline at end of file +741kCSV0vSKpirl91UXnQQwkqnZh4OuZJFouokna3bC2Gtbw1yePCPksnj1ob1Udg+hf4SxRmmyhKj3Nzd7+c6GcpfdJfBkynmqtNVGMkdF8YGgBySBF08rNJM3Gm16AIW7zIXdzO+PDb+ljQ/bI3DFceiacdKnryMlf5Be11YjHUtSXBlnOSQ9C+3BRQhIKUM6foF9J5hlfhxVW7OD2hhap+qLclk3Wws6kIHwnCD9CgzIK0cpINrY8Z0Omhyhd0jzhywbdKvA7xFAJqW+fUC9WAOe1vUlzBQiLFNxx/cXBq8cTXcHm25f3KZx5wI9ArQjN5Ws3LKxLjZtASI9SatxeW9aGNmrtSMltuvXvacKKr6Pr3G513X1g1SLk5YtWlvAtWhNM3q+IQ8JUmv1xAQALqu1Nc7oQKCiA+dU/Nt1EfrEruFzxaex7FhQmV+AzjgK3IFSq5E45Z/tm9FWO0c3nmrmhSCKGlgQ0/GBYffAlsaMV839Cgoru0AUTFp1sTm5P4NIEGA9wA9tiezlHeVQx/TI0/2mIBcIWecrwcvP4VbO42s/I9ChrBAEUL7kb6EXVFNJ62Y9GmpWtOQaqiUyaK0A5ov7LuztsqIrTzhxbMC1H8E5f6JXa8qLMA/lZcaJD8sTGB+50WehFq0JHpcF6FTN/BFNNFnUWw/OyadI/Dph77KA7fWWB51jz7WZhlxMFQA0xcNNPdHQAsCAK97Me/NbPy9o9IcV5Uc5wZq7twW9Y0PrEd4nJJB49YsH7ByZYACzuZOZ6vllbNPX5ZZcm3nf6lzh7iQAXk9ogP7tL30+BcwO1URNjLcTHYobDfNbbfWpWCj1SGdoz2aPwueBuWKp5rdM47XgAy0SNkokj8d8VU36Bt1RAKk0SCB+vNLvUOX60AAicXrm63MJZ7do6PsO4gBA09eQuSo4RdojA7JXdvOd4roRSK/2kIxkdsEN61oTQiL0ppc3D2zc5Al1g6elLGZ/4NCs4dqidQm+nT30+QduKXVWiQ23uXiGmGSL1ZxLO7JfhosfwAHOOf3dr0CdJVraKXQszCtkFa4Wh+FPn6RWlik2ERSZNZoneT2yiMC2ipThwRjIbSYyDK36A6Ws4n1HN4i9AaztsOEF3LOBQrQG9fuir+n+QHwdFZuB2quPgtQUON+Yb6UJzFio=--vYtWzIPjLxHvRBD5--n9enP0owZLl1jZMKoMLQEg== \ No newline at end of file diff --git a/config/credentials/staging.yml.enc b/config/credentials/staging.yml.enc index da817d4cef..6d2fe22971 100644 --- a/config/credentials/staging.yml.enc +++ b/config/credentials/staging.yml.enc @@ -1 +1 @@ -FbXR8Pry96aLKOyp/YYyKEnWjZf32bJUbVqqOw1bcqCCREA7AGmUVUUsJaylI28SHwbDO5qYw/N/GusC8Zh6WdHgyFv8ARalvgIWE4QMCo/xmq00WdyxJUTxMwtFPvb+hMqxKVyTZ8AiIeS1+cySebShJCU5+in4RticztxaiceCjfFgGkzJeA3ph7a2u+Y8zBR+AuJM1Q==--CjVchd12b8cbF22G--UtTqVaNRbp5q+Ql0jLbngA== \ No newline at end of file +h6YQ/xM7z8+UJ3TFNWJuprkec8Orlkc/R/LfO9nz9ANXdXGtLpu7GcsJgdPEZb0aPxX6T2Z21ssuna6Dsh9bPjLLbkoW4Db4p5YS70D9hlqxeXHt5uYdZPZl/SZZvjE3dZzPizYCZ3LGQz/3LWLQjsiJHIk/ow/0tVjZ4XUvWiwtqESTF67cZrZneVc2m6w3KG6cG2AMNE3GI5phhVeQAeVQVYMbu/FjoVnb6fQF3gtQDvzzZFxNFfYZTXZF2U1PlAXSKNQtktjaMiRTv4AW1ZRG2Ncsb1r3fYEHTd5qx5+LP3low8LdYreCvS1z6xYLkS/b1znMQhxyVtgXWH8ZGeKkHkhD9sW1ZLw+TXTTX84G908=--AR0wlVEWLuoZz3AW--3VBD7e4+dzXec1ojsgZxrQ== \ No newline at end of file diff --git a/config/initializers/hcaptcha.rb b/config/initializers/hcaptcha.rb new file mode 100644 index 0000000000..1180dcdff0 --- /dev/null +++ b/config/initializers/hcaptcha.rb @@ -0,0 +1,4 @@ +Hcaptcha.configure do |config| + config.site_key = Rails.application.credentials.hcaptcha_site_key + config.secret_key = Rails.application.credentials.hcaptcha_secret_key +end diff --git a/config/initializers/recaptcha.rb b/config/initializers/recaptcha.rb deleted file mode 100644 index 807a23cabb..0000000000 --- a/config/initializers/recaptcha.rb +++ /dev/null @@ -1,4 +0,0 @@ -Recaptcha.configure do |config| - config.site_key = Rails.application.credentials.recaptcha_site_key - config.secret_key = Rails.application.credentials.recaptcha_secret_key -end diff --git a/config/locales/views/pages/en.yml b/config/locales/views/pages/en.yml index 328280c75f..33ae0f4646 100644 --- a/config/locales/views/pages/en.yml +++ b/config/locales/views/pages/en.yml @@ -62,7 +62,7 @@ en: send: Send message create_contact: mail_sent: "Your message has been sent. Thanks for getting in touch." - captcha_failed: reCAPTCHA could not be verified; please try again. + captcha_failed: HCaptcha could not be verified; please try again. privacy_disclaimer: text_html: "Your privacy is important to us. On the your data page we explain in clear and understandable language what data we collect and how we use it. Our privacy statement contains the legally binding version." support: diff --git a/config/locales/views/pages/nl.yml b/config/locales/views/pages/nl.yml index e10a29500f..35e23e7999 100644 --- a/config/locales/views/pages/nl.yml +++ b/config/locales/views/pages/nl.yml @@ -61,7 +61,7 @@ nl: rights_request_redirect_html: Wil je lesgeversrechten aanvragen voor je account? Gebruik dan dit formulier. send: Bericht verzenden create_contact: - captcha_failed: reCAPTCHA kon niet geverifieerd worden, probeer opnieuw. + captcha_failed: HCaptcha kon niet geverifieerd worden, probeer opnieuw. mail_sent: "Je bericht werd verstuurd. Bedankt om contact op te nemen." privacy_disclaimer: text_html: "Jouw privacy is belangrijk voor ons. Op de jouw data pagina leggen we in mensentaal uit welke data we verzamelen en hoe we die gebruiken. De juridisch bindende versie kan je in onze privacyverklaring vinden." @@ -82,4 +82,3 @@ nl: support_p3_html: "Wenst u een groter bedrag te schenken of kiest u liever voor sponsoring op factuur? Contacteer ons op dodona@ugent.be en we bekijken samen graag de mogelijkheden." supported_by: Met de steun van supported_p1_html: "Dodona wordt ontwikkeld door een klein team onderzoekers aan de Universiteit Gent. Het platform is volledig open source en alle code is beschikbaar op GitHub. De hosting wordt aangeboden door de Universiteit Gent. Daarnaast ontving Dodona al steun in de vorm van onderwijsinnovatieprojecten van de Universiteit Gent en de Faculteit Wetenschappen. Ook ELIXIR Belgium ondersteunde dit project." -