Email spam security (#641)
* Add hCaptcha on register page * register page captcha test cases * Refactor integration validation rules to include form context - Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation. - Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address. - Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users. - Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations. These changes improve the flexibility and user experience of form integrations, particularly for email handling. * for self-hosted ignore emil validation for spam * fix pint * ignore register throttle for testing env * support new migration for mysql also * Register page captcha enable if captcha key set * fix test case * fix test case * fix test case * fix pint * Refactor RegisterController middleware and update TestCase setup - Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint. - Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference. * Enhance hCaptcha integration in tests and configuration - Added hCaptcha site and secret keys to phpunit.xml for testing purposes. - Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment. These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions. --------- Co-authored-by: Julien Nahum <julien@nahum.net>
This commit is contained in:
Chirag Chhatrala
GitHub
@@ -12,6 +12,7 @@ use Illuminate\Foundation\Auth\RegistersUsers;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\Rule;
|
||||
use App\Rules\ValidHCaptcha;
|
||||
|
||||
class RegisterController extends Controller
|
||||
{
|
||||
@@ -27,6 +28,9 @@ class RegisterController extends Controller
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('guest');
|
||||
|
||||
$this->middleware('throttle:5,1')->only('register'); // 5 attempts per minute
|
||||
$this->middleware('throttle:30,60')->only('register'); // 30 attempts per hour
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -56,7 +60,7 @@ class RegisterController extends Controller
|
||||
*/
|
||||
protected function validator(array $data)
|
||||
{
|
||||
return Validator::make($data, [
|
||||
$rules = [
|
||||
'name' => 'required|max:255',
|
||||
'email' => 'required|email:filter|max:255|unique:users|indisposable',
|
||||
'password' => 'required|min:6|confirmed',
|
||||
@@ -64,8 +68,14 @@ class RegisterController extends Controller
|
||||
'agree_terms' => ['required', Rule::in([true])],
|
||||
'appsumo_license' => ['nullable'],
|
||||
'invite_token' => ['nullable', 'string'],
|
||||
'utm_data' => ['nullable', 'array']
|
||||
], [
|
||||
'utm_data' => ['nullable', 'array'],
|
||||
];
|
||||
|
||||
if (config('services.h_captcha.secret_key')) {
|
||||
$rules['h-captcha-response'] = [new ValidHCaptcha()];
|
||||
}
|
||||
|
||||
return Validator::make($data, $rules, [
|
||||
'agree_terms' => 'Please agree with the terms and conditions.',
|
||||
]);
|
||||
}
|
||||
@@ -84,6 +94,7 @@ class RegisterController extends Controller
|
||||
'password' => bcrypt($data['password']),
|
||||
'hear_about_us' => $data['hear_about_us'],
|
||||
'utm_data' => array_key_exists('utm_data', $data) ? $data['utm_data'] : null,
|
||||
'meta' => ['registration_ip' => request()->ip()],
|
||||
]);
|
||||
|
||||
// Add relation with user
|
||||
|
||||
Reference in New Issue
Block a user