added captcha option to password reset form

added additional rate limiting to password reset
Merge branch 'develop'
2025-12-28 04:33:14 -05:00 · 2024-02-14 07:28:47 +01:00 · 2024-02-14 07:28:47 +01:00 · 2024-02-02 07:45:24 +01:00
5 changed files with 63 additions and 8 deletions
--- a/cookbook/forms.py
+++ b/cookbook/forms.py
@@ -1,5 +1,6 @@
 from datetime import datetime

+from allauth.account.forms import ResetPasswordForm, SignupForm
 from django import forms
 from django.conf import settings
 from django.core.exceptions import ValidationError
@@ -9,6 +10,8 @@ from django_scopes import scopes_disabled
 from django_scopes.forms import SafeModelChoiceField, SafeModelMultipleChoiceField
 from hcaptcha.fields import hCaptchaField

+
+
 from .models import (Comment, Food, InviteLink, Keyword, Recipe, RecipeBook, RecipeBookEntry,
                     SearchPreference, Space, Storage, Sync, User, UserPreference)

@@ -313,12 +316,12 @@ class SpaceJoinForm(forms.Form):
    token = forms.CharField()


-class AllAuthSignupForm(forms.Form):
+class AllAuthSignupForm(SignupForm):
    captcha = hCaptchaField()
    terms = forms.BooleanField(label=_('Accept Terms and Privacy'))

    def __init__(self, **kwargs):
-        super(AllAuthSignupForm, self).__init__(**kwargs)
+        super().__init__(**kwargs)
        if settings.PRIVACY_URL == '' and settings.TERMS_URL == '':
            self.fields.pop('terms')
        if settings.HCAPTCHA_SECRET == '':
@@ -328,6 +331,15 @@ class AllAuthSignupForm(forms.Form):
        pass


+class CustomPasswordResetForm(ResetPasswordForm):
+    captcha = hCaptchaField()
+
+    def __init__(self, **kwargs):
+        super(CustomPasswordResetForm, self).__init__(**kwargs)
+        if settings.HCAPTCHA_SECRET == '':
+            self.fields.pop('captcha')
+
+
 class UserCreateForm(forms.Form):
    name = forms.CharField(label='Username')
    password = forms.CharField(
--- a/cookbook/templates/account/password_reset.html
+++ b/cookbook/templates/account/password_reset.html
@@ -34,5 +34,14 @@
        </div>
    </div>

+    <div class="row mt-3">
+        <div class="col-sm-12 col-lg-6 col-md-6 offset-lg-3 offset-md-3 text-center">
+            <a href="{% url 'account_login' %}">{% trans "Sign In" %}</a>
+            {% if SIGNUP_ENABLED %}
+                - <a href="{% url 'account_signup' %}">{% trans "Sign Up" %}</a>
+            {% endif %}
+        </div>
+    </div>
+

 {% endblock %}
--- a/cookbook/templates/account/password_reset_done.html
+++ b/cookbook/templates/account/password_reset_done.html
@@ -7,11 +7,32 @@
 {% block title %}{% trans "Password Reset" %}{% endblock %}

 {% block content %}
-    <h3>{% trans "Password Reset" %}</h3>
+

    {% if user.is_authenticated %}
-    {% include "account/snippets/already_logged_in.html" %}
+        {% include "account/snippets/already_logged_in.html" %}
    {% endif %}

-    <p>{% blocktrans %}We have sent you an e-mail. Please contact us if you do not receive it within a few minutes.{% endblocktrans %}</p>
+    <div class="row">
+        <div class="col-12" style="text-align: center">
+            <h3>{% trans "Password Reset" %}</h3>
+        </div>
+    </div>
+
+    <div class="row">
+        <div class="col-sm-12 col-lg-6 col-md-6 offset-lg-3 offset-md-3">
+            <hr>
+            <p>{% blocktrans %}We have sent you an e-mail. Please contact us if you do not receive it within a few minutes.{% endblocktrans %}</p>
+        </div>
+    </div>
+
+    <div class="row mt-3">
+        <div class="col-sm-12 col-lg-6 col-md-6 offset-lg-3 offset-md-3 text-center">
+            <a href="{% url 'account_login' %}">{% trans "Sign In" %}</a>
+            {% if SIGNUP_ENABLED %}
+                - <a href="{% url 'account_signup' %}">{% trans "Sign Up" %}</a>
+            {% endif %}
+        </div>
+    </div>
+
 {% endblock %}
--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -98,8 +98,6 @@ FDC_API_KEY = os.getenv('FDC_API_KEY', 'DEMO_KEY')
 SHARING_ABUSE = bool(int(os.getenv('SHARING_ABUSE', False)))
 SHARING_LIMIT = int(os.getenv('SHARING_LIMIT', 0))

-ACCOUNT_SIGNUP_FORM_CLASS = 'cookbook.forms.AllAuthSignupForm'
-
 DRF_THROTTLE_RECIPE_URL_IMPORT = os.getenv('DRF_THROTTLE_RECIPE_URL_IMPORT', '60/hour')

 TERMS_URL = os.getenv('TERMS_URL', '')
@@ -556,4 +554,19 @@ DEFAULT_FROM_EMAIL = os.getenv('DEFAULT_FROM_EMAIL', 'webmaster@localhost')
 ACCOUNT_EMAIL_SUBJECT_PREFIX = os.getenv(
    'ACCOUNT_EMAIL_SUBJECT_PREFIX', '[Tandoor Recipes] ')  # allauth sender prefix

+# ACCOUNT_SIGNUP_FORM_CLASS = 'cookbook.forms.AllAuthSignupForm'
+ACCOUNT_FORMS = {
+    'signup': 'cookbook.forms.AllAuthSignupForm',
+    'reset_password': 'cookbook.forms.CustomPasswordResetForm'
+}
+
+ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = False
+ACCOUNT_RATE_LIMITS = {
+    "change_password": "1/m/user",
+    "reset_password": "1/m/ip,1/m/key",
+    "reset_password_from_key": "1/m/ip",
+    "signup": "5/m/ip",
+    "login": "5/m/ip",
+}
+
 mimetypes.add_type("text/javascript", ".js", True)
--- a/requirements.txt
+++ b/requirements.txt
@@ -29,7 +29,7 @@ microdata==0.8.0
 Jinja2==3.1.3
 django-webpack-loader==1.8.1
 git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82
-django-allauth==0.58.1
+django-allauth==0.61.1
 recipe-scrapers==14.52.0
 django-scopes==2.0.0
 pytest==7.4.3
Author	SHA1	Message	Date
vabene1111	57d7bda803	added captcha option to password reset form	2024-02-14 07:28:47 +01:00
vabene1111	a088697812	added additional rate limiting to password reset	2024-02-14 07:28:47 +01:00
vabene1111	2a15d19551	Merge branch 'develop'	2024-02-02 07:45:24 +01:00