Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add recaptcha functionality to API registration #574

Merged
merged 21 commits into from
Feb 24, 2023
Merged

feat: add recaptcha functionality to API registration #574

merged 21 commits into from
Feb 24, 2023

Conversation

nlwstein
Copy link
Contributor

@nlwstein nlwstein commented Feb 2, 2023
edited
Loading

Summary of changes

Asana Ticket: 🍎 Add recaptcha to signing up for API

This PR adds recaptcha functionality to the API, and implements it on the non-admin user create form.

A specific commit is pinned for the included library because the older published version causes dependency resolution issues.

NOTE: Before releasing this feature, we must create recaptcha keys on a production/shared Google account, and add the following environment variables to the various deployments: RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY.

@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Coverage of commit 41dda13

Summary coverage rate:
  lines......: 89.9% (3927 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Coverage of commit c0a5c54

Summary coverage rate:
  lines......: 89.9% (3926 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

@nlwstein nlwstein requested a review from bfauble February 2, 2023 18:21
@nlwstein
Copy link
Contributor Author

nlwstein commented Feb 2, 2023
edited
Loading

@bklebe @paulswartz Do either of you have an opinion on how to handle the updated library assuming the external PR does not get merged? I am leaning towards just copying the code, with documentation in the README or something like that.

@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Coverage of commit 0358fc1

Summary coverage rate:
  lines......: 89.9% (3927 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

paulswartz
paulswartz reviewed Feb 2, 2023
View reviewed changes
Copy link
Member

@paulswartz paulswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's not merged upstream, we can fork it into the mbta organization. We've done that for other dependencies in the past, and it'll probably help the MBTA.com team in the future as well.

apps/api_web/lib/api_web/templates/client_portal/user/_new.html.heex Outdated Show resolved Hide resolved
apps/api_web/lib/api_web/controllers/portal/user_controller.ex Outdated Show resolved Hide resolved
apps/api_web/lib/api_web/router.ex Outdated Show resolved Hide resolved
@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Coverage of commit 2d770e6

Summary coverage rate:
  lines......: 89.9% (3926 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

@github-actions
Copy link

github-actions bot commented Feb 6, 2023

Coverage of commit d9ff22b

Summary coverage rate:
  lines......: 89.9% (3926 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

@github-actions
Copy link

github-actions bot commented Feb 6, 2023

Coverage of commit 5f44334

Summary coverage rate:
  lines......: 89.9% (3926 of 4368 lines)
  functions..: 70.7% (2159 of 3054 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |80.4%     46|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.7%   150|    -      0

Download coverage report

@nlwstein nlwstein marked this pull request as ready for review February 6, 2023 16:19
@nlwstein nlwstein requested a review from paulswartz February 8, 2023 21:15
paulswartz
paulswartz reviewed Feb 9, 2023
View reviewed changes
Copy link
Member

@paulswartz paulswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nlwstein code looks good! Can you work with @bklebe to get the creds so we can try this out in one of the dev environments?

@nlwstein nlwstein temporarily deployed to dev-blue February 14, 2023 18:10 — with GitHub Actions Inactive
@nlwstein nlwstein temporarily deployed to dev February 14, 2023 18:46 — with GitHub Actions Inactive
bklebe
bklebe reviewed Feb 14, 2023
View reviewed changes
apps/api_web/config/config.exs Outdated
Comment on lines 67 to 68
public_key: {:system, "RECAPTCHA_PUBLIC_KEY"},
secret: {:system, "RECAPTCHA_PRIVATE_KEY"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: for dynamic configuration, we typically load it using System.get_env/2 in config/runtime.exs now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: for dynamic configuration, we typically load it using System.get_env/2 in config/runtime.exs now.

I added the env vars to that file, and added a feature flag to disable the recaptcha code outside of prod builds.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried it out, and the first thing I noticed was that the form fields were cleared if I submitted without the captcha. Otherwise it seems to work well.

I added some frontend code to only enable the submit button once the user completes the recaptcha, so this won't happen outside of someone attempting to do something weird.

Deployed to dev-green 🙂

@nlwstein nlwstein temporarily deployed to dev-green February 21, 2023 20:17 — with GitHub Actions Inactive
@nlwstein nlwstein temporarily deployed to dev-green February 21, 2023 20:27 — with GitHub Actions Inactive
@github-actions
Copy link

Coverage of commit e3153e8

Summary coverage rate:
  lines......: 89.5% (3911 of 4371 lines)
  functions..: 70.6% (2158 of 3055 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |66.0%     47|87.5%    16|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@nlwstein nlwstein temporarily deployed to dev-green February 22, 2023 14:02 — with GitHub Actions Inactive
@nlwstein
Copy link
Contributor Author

nlwstein commented Feb 22, 2023
edited
Loading

This is available for review on dev-green, at least for now. The secrets have been loaded to all environments.

@nlwstein nlwstein requested a review from bklebe February 22, 2023 14:19
@paulswartz
Copy link
Member

I tried it out, and the first thing I noticed was that the form fields were cleared if I submitted without the captcha. Otherwise it seems to work well.

@github-actions
Copy link

Coverage of commit f1b117b

Summary coverage rate:
  lines......: 89.5% (3917 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@github-actions
Copy link

Coverage of commit e193989

Summary coverage rate:
  lines......: 89.5% (3916 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@nlwstein nlwstein temporarily deployed to dev-green February 22, 2023 19:27 — with GitHub Actions Inactive
@nlwstein nlwstein temporarily deployed to dev-green February 22, 2023 19:40 — with GitHub Actions Inactive
@github-actions
Copy link

Coverage of commit 66f5ebc

Summary coverage rate:
  lines......: 89.5% (3916 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@nlwstein nlwstein requested a review from paulswartz February 22, 2023 21:02
paulswartz
paulswartz reviewed Feb 23, 2023
View reviewed changes
Copy link
Member

@paulswartz paulswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: should there be some tests?

apps/api_web/lib/api_web/controllers/portal/user_controller.ex
|> put_session(:user_id, user.id)
|> configure_session(renew: true)
|> redirect(to: portal_path(conn, :index))
_create(conn, user_params, nil)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion(non-blocking): You could combine these with Map.get which defaults to nil:

def create(conn, %{"user" => user_params} = params) do
  recaptcha = Map.get(params, "g-recaptcha-response")
  ...
end

apps/api_web/lib/api_web/controllers/portal/user_controller.ex Outdated Show resolved Hide resolved
@github-actions
Copy link

Coverage of commit d3c2654

Summary coverage rate:
  lines......: 89.5% (3916 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@github-actions
Copy link

Coverage of commit 289944e

Summary coverage rate:
  lines......: 89.5% (3917 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@nlwstein
Copy link
Contributor Author

nlwstein commented Feb 24, 2023
edited
Loading

question: should there be some tests?

Definitely! I added one that proves that the widget shows up when supplying the test creds: https://github.com/mbta/api/pull/574/files#diff-740356136f3337b207b35a2c46f8b47dcab0944918c977f6e8e0d04bd9eab52dR11.

Due to the nature of ReCaptcha, a true end to end test isn't feasible, but this should ensure the path it takes is laid out correctly if that makes sense 🙂

@github-actions
Copy link

Coverage of commit bd56f9c

Summary coverage rate:
  lines......: 89.5% (3917 of 4376 lines)
  functions..: 70.7% (2160 of 3056 functions)
  branches...: no data found

Files changed coverage rate:
                                                                        |Lines       |Functions  |Branches    
  Filename                                                              |Rate     Num|Rate    Num|Rate     Num
  ============================================================================================================
  apps/api_web/lib/api_web/controllers/portal/user_controller.ex        |71.2%     52|94.1%    17|    -      0
  apps/api_web/lib/api_web/router.ex                                    |95.6%     45|58.0%   150|    -      0

Download coverage report

@nlwstein
Copy link
Contributor Author

nlwstein commented Feb 24, 2023
edited
Loading

@paulswartz I accepted your proposed change on one of your comments so the conversation got swallowed, but with regard to the false question: the library returns an object like this by default.

I went with false but perhaps nil would be a better choice: I don't want any code to confuse our dev mode path for a real ReCaptcha response. If that is too loosely typed, I could return their object with all the fields set to nil or something like that?

But really, we should only ever evaluate whether it gives :ok or :error which can happen here when there's an API issue, most likely bad keys or here when the challenge fails. The result in that other object would only be something we would want to look at as devs vs. presenting on the frontend I think.

paulswartz
paulswartz approved these changes Feb 24, 2023
View reviewed changes
Copy link
Member

@paulswartz paulswartz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍰

@nlwstein nlwstein merged commit 66a3550 into master Feb 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bklebe bklebe bklebe left review comments

@paulswartz paulswartz paulswartz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nlwstein @paulswartz @bklebe