Fix OWASP-BLT#681 recaptcha feature

ankit2001 · Mar 31, 2021 · b61648d · b61648d
1 parent 8e536e4
commit b61648d
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 7 deletions.
diff --git a/Pipfile b/Pipfile
@@ -55,6 +55,7 @@ stripe = "*"
 django-environ = "*"
 django-humanize = "*"
 drf-yasg = "*"
+django-simple-captcha = "*"
 
 [dev-packages]
 

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/bugheist/settings.py b/bugheist/settings.py
@@ -74,6 +74,7 @@
     'tellme',
     'star_ratings',
     'drf_yasg',
+    'captcha',
 )
 
 CRON_CLASSES = [

diff --git a/bugheist/urls.py b/bugheist/urls.py
@@ -37,6 +37,7 @@
    permission_classes=(permissions.AllowAny,),
 )
 urlpatterns = [
+                  path('captcha/', include('captcha.urls')),
                   url(r'^swagger(?P<format>\.json|\.yaml)$', schema_view.without_ui(cache_timeout=0), name='schema-json'),
                   url(r'^swagger/$', schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
                   url(r'^redoc/$', schema_view.with_ui('redoc', cache_timeout=0), name='schema-redoc'),

diff --git a/website/forms.py b/website/forms.py
@@ -3,7 +3,7 @@
 from .models import InviteFriend, UserProfile, Hunt
 from mdeditor.fields import MDTextFormField
 from bootstrap_datepicker_plus import DateTimePickerInput
-
+from captcha.fields import CaptchaField
 
 class FormInviteFriend(forms.ModelForm):
     class Meta:
@@ -21,3 +21,6 @@ class HuntForm (forms.Form):
     content = MDTextFormField ()
     start_date = forms.DateTimeField(widget=forms.DateTimeInput(attrs={'class': 'col-sm-6', 'readonly' : True}),label='', required=False ) 
     end_date = forms.DateTimeField(widget=forms.DateTimeInput(attrs={'class': 'col-sm-6', 'readonly' : True}),label='', required=False)
+
+class CaptchaForm(forms.Form):
+    captcha = CaptchaField()
diff --git a/website/templates/base_home.html b/website/templates/base_home.html
@@ -163,6 +163,8 @@
                                                                           class="badge badge-important"></span></center>
                                                         </span>
                                         </div>
+                                        {% csrf_token %}
+                                        {{ captcha_form.captcha }}
                                         <div class="bottom text-center">
                                             <button type="submit" id="report-bug-btn" class="btn btn-default">
                                                 <i style="display: none;" id="spinner" class="fa fa-spinner fa-spin" aria-hidden="true"></i>

diff --git a/website/views.py b/website/views.py
@@ -51,7 +51,7 @@
 
 from rest_framework.authtoken.views import ObtainAuthToken
 from website.models import Winner, Payment, Wallet, Transaction, Issue, Points, Hunt, Domain, InviteFriend, UserProfile, IP, CompanyAdmin, Subscription, Company
-from .forms import FormInviteFriend, UserProfileForm, HuntForm
+from .forms import FormInviteFriend, UserProfileForm, HuntForm, CaptchaForm
 from django.utils.timezone import make_aware
 from decimal import Decimal
 import stripe
@@ -74,6 +74,7 @@ def index(request, template="index.html"):
 	user_count = User.objects.all().count()
 	hunt_count = Hunt.objects.all().count()
 	domain_count = Domain.objects.all().count()
+	captcha_form = CaptchaForm()
 	try:
 		domain_admin = CompanyAdmin.objects.get(user=request.user)
 	except:
@@ -96,7 +97,8 @@ def index(request, template="index.html"):
 		'user_count': user_count,
 		'wallet': wallet,
 		'hunt_count': hunt_count,
-		'domain_count': domain_count
+		'domain_count': domain_count,
+		'captcha_form': captcha_form,
 	}
 	return render(request, template, context)