Email spam security (#641)

* Add hCaptcha on register page * register page captcha test cases * Refactor integration validation rules to include form context - Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation. - Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address. - Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users. - Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations. These changes improve the flexibility and user experience of form integrations, particularly for email handling. * for self-hosted ignore emil validation for spam * fix pint * ignore register throttle for testing env * support new migration for mysql also * Register page captcha enable if captcha key set * fix test case * fix test case * fix test case * fix pint * Refactor RegisterController middleware and update TestCase setup - Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint. - Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference. * Enhance hCaptcha integration in tests and configuration - Added hCaptcha site and secret keys to phpunit.xml for testing purposes. - Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment. These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions. --------- Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 17:46:27 +05:30
parent c1ee072b71
commit 7365479c83
18 changed files with 375 additions and 25 deletions
--- a/client/components/pages/auth/components/RegisterForm.vue
+++ b/client/components/pages/auth/components/RegisterForm.vue
@@ -52,6 +52,21 @@
        label="Confirm Password"
      />

+      <!-- hCaptcha -->
+      <div
+        v-if="hCaptchaSiteKey"
+        class="mb-3 px-2 mt-2 mx-auto w-max"
+      >
+        <vue-hcaptcha
+          ref="hcaptcha"
+          :sitekey="hCaptchaSiteKey"
+        />
+        <has-error
+          :form="form"
+          field-id="h-captcha-response"
+        />
+      </div>
+
      <checkbox-input
        :form="form"
        name="agree_terms"
@@ -125,11 +140,12 @@

 <script>
 import {opnFetch} from "~/composables/useOpnApi.js"
-import {fetchAllWorkspaces} from "~/stores/workspaces.js"
+import { fetchAllWorkspaces } from "~/stores/workspaces.js"
+import VueHcaptcha from '@hcaptcha/vue3-hcaptcha'

 export default {
  name: "RegisterForm",
-  components: {},
+  components: {VueHcaptcha},
  props: {
    isQuick: {
      type: Boolean,
@@ -146,6 +162,7 @@ export default {
      formsStore: useFormsStore(),
      workspaceStore: useWorkspacesStore(),
      providersStore: useOAuthProvidersStore(),
+      runtimeConfig: useRuntimeConfig(),
      logEvent: useAmplitude().logEvent,
      $utm
    }
@@ -159,12 +176,17 @@ export default {
      password_confirmation: "",
      agree_terms: false,
      appsumo_license: null,
-      utm_data: null
+      utm_data: null,
+      'h-captcha-response': null
    }),
-    disableEmail:false
+    disableEmail: false,
+    hcaptcha: null
  }),

  computed: {
+    hCaptchaSiteKey() {
+      return this.runtimeConfig.public.hCaptchaSiteKey
+    },
    hearAboutUsOptions() {
      const options = [
        {name: "Facebook", value: "facebook"},
@@ -187,6 +209,10 @@ export default {
  },

  mounted() {
+    if (this.hCaptchaSiteKey) {
+      this.hcaptcha = this.$refs.hcaptcha
+    }
+
    // Set appsumo license
    if (
      this.$route.query.appsumo_license !== undefined &&
@@ -208,6 +234,10 @@ export default {
    async register() {
      let data
      this.form.utm_data = this.$utm.value
+      if (this.hCaptchaSiteKey) {
+        this.form['h-captcha-response'] = document.getElementsByName('h-captcha-response')[0].value
+        this.hcaptcha.reset()
+      }
      try {
        // Register the user.
        data = await this.form.post("/register")