-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Altcha captcha to notifications submissions
- Loading branch information
Showing
12 changed files
with
132 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
class AltchaController < ApplicationController | ||
def new | ||
render json: Altcha::Challenge.create.to_json | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
class AltchaSolution < ApplicationRecord | ||
validates :algorithm, :challenge, :salt, :signature, :number, presence: true | ||
attr_accessor :took | ||
|
||
def self.verify_and_save(base64encoded) | ||
p = JSON.parse(Base64.decode64(base64encoded)) rescue nil | ||
return false if p.nil? | ||
|
||
submission = Altcha::Submission.new(p) | ||
return false unless submission.valid? | ||
|
||
solution = self.new(p) | ||
|
||
begin | ||
return solution.save | ||
rescue ActiveRecord::RecordNotUnique | ||
# Replay attack | ||
return false | ||
end | ||
end | ||
|
||
def self.cleanup | ||
# Replay attacks are protected by the time stamp in the salt of the challenge for | ||
# the duration configured in the timeout. All solutions in the database that older | ||
# can be deleted. | ||
AltchaSolution.where('created_at < ?', Time.now - Altcha.timeout).delete_all | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
$('.altcha-error').html('Nie sme si isti, či nie ste robot... zaškrtli ste, že nie ste?'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# frozen_string_literal: true | ||
|
||
Altcha.setup do |config| | ||
config.algorithm = 'SHA-256' | ||
config.num_range = (50_000..300_000) | ||
config.timeout = 5.minutes | ||
config.hmac_key = 'dfa06d467a84fea13941f1c52c38c6458a67617a' | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
class CreateAltchaSolutions < ActiveRecord::Migration[6.1] | ||
def change | ||
create_table(:altcha_solutions) do |t| | ||
t.string :algorithm | ||
t.string :challenge | ||
t.string :salt | ||
t.string :signature | ||
t.integer :number | ||
|
||
t.timestamps | ||
end | ||
|
||
add_index :altcha_solutions, [ :algorithm, :challenge, :salt, :signature, :number ], unique: true, name: 'index_altcha_solutions' | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters