Email spam security (#641)

* Add hCaptcha on register page

* register page captcha test cases

* Refactor integration validation rules to include form context

- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.

These changes improve the flexibility and user experience of form integrations, particularly for email handling.

* for self-hosted ignore emil validation for spam

* fix pint

* ignore register throttle for testing env

* support new migration for mysql also

* Register page captcha enable if captcha key set

* fix test case

* fix test case

* fix test case

* fix pint

* Refactor RegisterController middleware and update TestCase setup

- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.

* Enhance hCaptcha integration in tests and configuration

- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.

These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.

---------

Co-authored-by: Julien Nahum <julien@nahum.net>

api/tests/Feature/UserManagementTest.php

@@ -2,10 +2,15 @@
 
 use App\Models\UserInvite;
 use Carbon\Carbon;
+use App\Rules\ValidHCaptcha;
+use Illuminate\Support\Facades\Http;
 
 beforeEach(function () {
     $this->user = $this->actingAsProUser();
     $this->workspace = $this->createUserWorkspace($this->user);
+    Http::fake([
+        ValidHCaptcha::H_CAPTCHA_VERIFY_URL => Http::response(['success' => true])
+    ]);
 });
 
 
@@ -31,6 +36,7 @@ it('can register with invite token', function () {
         'password_confirmation' => 'secret',
         'agree_terms' => true,
         'invite_token' => $token,
+        'h-captcha-response' => 'test-token',
     ]);
     $response->assertSuccessful();
     expect($this->workspace->users()->count())->toBe(2);
@@ -59,6 +65,7 @@ it('cannot register with expired invite token', function () {
         'password_confirmation' => 'secret',
         'agree_terms' => true,
         'invite_token' => $token,
+        'h-captcha-response' => 'test-token',
     ]);
     $response->assertStatus(400)->assertJson([
         'message' => 'Invite token has expired.',
@@ -88,6 +95,7 @@ it('cannot re-register with accepted invite token', function () {
         'password_confirmation' => 'secret',
         'agree_terms' => true,
         'invite_token' => $token,
+        'h-captcha-response' => 'test-token',
     ]);
     $response->assertSuccessful();
     expect($this->workspace->users()->count())->toBe(2);
@@ -104,6 +112,7 @@ it('cannot re-register with accepted invite token', function () {
         'password_confirmation' => 'secret',
         'agree_terms' => true,
         'invite_token' => $token,
+        'h-captcha-response' => 'test-token',
     ]);
 
     $response->assertStatus(422)->assertJson([
@@ -138,6 +147,7 @@ it('can cancel user invite', function () {
         'password_confirmation' => 'secret',
         'agree_terms' => true,
         'invite_token' => $token,
+        'h-captcha-response' => 'test-token',
     ]);
     $response->assertStatus(400)->assertJson([
         'message' => 'Invite token is invalid.',