From 0d211e2e3192cb9c9c9acc313f996df4a3bfa92a Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sbx.pm>
Date: Wed, 27 May 2020 16:35:30 +0200
Subject: [PATCH] configure google recaptcha from UI

---
 .../controllers/application.js.erb            |  8 ++--
 .../templates/admin/settings/general.html     | 43 +++++++++++++++++++
 .../templates/admin/settings/privacy.html     | 22 ----------
 app/models/setting.rb                         |  4 +-
 app/services/recaptcha_service.rb             |  6 +--
 app/views/application/index.html.erb          |  3 --
 config/locales/app.admin.en.yml               | 13 ++++--
 config/locales/app.admin.fr.yml               | 13 ++++--
 config/secrets.yml                            |  8 ----
 doc/environment.md                            |  6 ---
 env.example                                   |  4 --
 lib/tasks/fablab/setup.rake                   |  4 +-
 setup/env.example                             |  3 --
 setup/setup.sh                                |  2 +-
 14 files changed, 77 insertions(+), 62 deletions(-)

diff --git a/app/assets/javascripts/controllers/application.js.erb b/app/assets/javascripts/controllers/application.js.erb
index eef926281..beabf0cea 100644
--- a/app/assets/javascripts/controllers/application.js.erb
+++ b/app/assets/javascripts/controllers/application.js.erb
@@ -92,9 +92,9 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
         templateUrl: '<%= asset_path "shared/signupModal.html" %>',
         size: 'md',
         resolve: {
-          phoneRequiredPromise: ['Setting', function (Setting) { return Setting.get({ name: 'phone_required' }).$promise; }]
+          settingsPromise: ['Setting', function (Setting) { return Setting.query({ names: "['phone_required', 'recaptcha_site_key']" }).$promise; }]
         },
-        controller: ['$scope', '$uibModalInstance', 'Group', 'CustomAsset', 'phoneRequiredPromise', 'growl', '_t', function ($scope, $uibModalInstance, Group, CustomAsset, phoneRequiredPromise, growl, _t) {
+        controller: ['$scope', '$uibModalInstance', 'Group', 'CustomAsset', 'settingsPromise', 'growl', '_t', function ($scope, $uibModalInstance, Group, CustomAsset, settingsPromise, growl, _t) {
           // default parameters for the date picker in the account creation modal
           $scope.datePicker = {
             format: Fablab.uibDateFormat,
@@ -105,10 +105,10 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
           };
 
           // is the phone number required to sign-up?
-          $scope.phoneRequired = (phoneRequiredPromise.setting.value === 'true');
+          $scope.phoneRequired = (settingsPromise.phone_required === 'true');
 
           // reCaptcha v2 site key (or undefined)
-          $scope.recaptchaSiteKey = Fablab.recaptchaSiteKey;
+          $scope.recaptchaSiteKey = settingsPromise.recaptcha_site_key;
 
           // callback to open the date picker (account creation modal)
           $scope.openDatePicker = function ($event) {
diff --git a/app/assets/templates/admin/settings/general.html b/app/assets/templates/admin/settings/general.html
index 28fc4493e..3bfe18833 100644
--- a/app/assets/templates/admin/settings/general.html
+++ b/app/assets/templates/admin/settings/general.html
@@ -343,6 +343,49 @@
     </div>
 </div>
 
+<div class="panel panel-default m-t-md">
+  <div class="panel-heading">
+    <span class="font-sbold" translate>{{ 'app.admin.settings.account_creation' }}</span>
+  </div>
+  <div class="panel-body">
+    <h3 class="m-l" translate>{{ 'app.admin.settings.phone' }}</h3>
+    <p class="alert alert-warning m-t" translate>
+      {{ 'app.admin.settings.phone_required_info' }}
+    </p>
+    <div class="row">
+      <div class="col-md-10 col-md-offset-1">
+        <boolean-setting
+            name="phone_required"
+            settings="allSettings"
+            label="app.admin.settings.phone_is_required"
+            yes-label="app.shared.buttons.yes"
+            no-label="app.shared.buttons.no">
+        </boolean-setting>
+      </div>
+    </div>
+    <div class="row">
+      <h3 class="m-l" translate>{{ 'app.admin.settings.captcha' }}</h3>
+      <p class="alert alert-warning m-h-md" ng-bind-html="'app.admin.settings.captcha_info_html' | translate"></p>
+      <div class="col-md-6">
+        <text-setting name="recaptcha_site_key"
+                      settings="allSettings"
+                      label="app.admin.settings.site_key"
+                      fa-icon="fa-info"
+                      placeholder="0000000000000000000000000000000000000000">
+        </text-setting>
+      </div>
+      <div class="col-md-6">
+        <text-setting name="recaptcha_secret_key"
+                      settings="allSettings"
+                      label="app.admin.settings.secret_key"
+                      fa-icon="fa-key"
+                      placeholder="0000000000000000000000000000000000000000">
+        </text-setting>
+      </div>
+    </div>
+  </div>
+</div>
+
 <div class="panel panel-default m-t-lg">
   <div class="panel-heading">
     <span class="font-sbold" translate>{{ 'app.admin.settings.modules' }}</span>
diff --git a/app/assets/templates/admin/settings/privacy.html b/app/assets/templates/admin/settings/privacy.html
index 8644434ae..a73282a53 100644
--- a/app/assets/templates/admin/settings/privacy.html
+++ b/app/assets/templates/admin/settings/privacy.html
@@ -53,28 +53,6 @@
     </div>
 </div>
 
-<div class="panel panel-default m-t-md">
-  <div class="panel-heading">
-    <span class="font-sbold" translate>{{ 'app.admin.settings.privacy.various_settings' }}</span>
-  </div>
-  <div class="panel-body">
-    <p class="alert alert-warning m-t" translate>
-      {{ 'app.admin.settings.privacy.phone_required_info' }}
-    </p>
-    <div class="row">
-      <div class="col-md-10 col-md-offset-1">
-        <boolean-setting
-            name="phone_required"
-            settings="allSettings"
-            label="app.admin.settings.privacy.phone_required"
-            yes-label="app.shared.buttons.yes"
-            no-label="app.shared.buttons.no">
-        </boolean-setting>
-      </div>
-    </div>
-  </div>
-</div>
-
 <div class="panel panel-default m-t-md">
   <div class="panel-heading">
     <span class="font-sbold" translate>{{ 'app.admin.settings.privacy.statistics' }}</span>
diff --git a/app/models/setting.rb b/app/models/setting.rb
index 99ad986bb..6a3ef6e7a 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -85,7 +85,9 @@ class Setting < ApplicationRecord
                              plans_module
                              invoicing_module
                              facebook_app_id
-                             twitter_analytics] }
+                             twitter_analytics
+                             recaptcha_site_key
+                             recaptcha_secret_key] }
   def value
     last_value = history_values.order(HistoryValue.arel_table['created_at'].desc).first
     last_value&.value
diff --git a/app/services/recaptcha_service.rb b/app/services/recaptcha_service.rb
index f3cda912e..e282d6c24 100644
--- a/app/services/recaptcha_service.rb
+++ b/app/services/recaptcha_service.rb
@@ -21,11 +21,11 @@ class RecaptchaService
     end
 
     def secret_key
-      Rails.application.secrets.recaptcha_secret_key
+      Setting.get('recaptcha_secret_key')
     end
 
     def site_key
-      Rails.application.secrets.recaptcha_site_key
+      Setting.get('recaptcha_site_key')
     end
   end
-end
\ No newline at end of file
+end
diff --git a/app/views/application/index.html.erb b/app/views/application/index.html.erb
index 902082e53..aef75a2a4 100644
--- a/app/views/application/index.html.erb
+++ b/app/views/application/index.html.erb
@@ -55,9 +55,6 @@
       <% if Rails.application.secrets.openlab_app_id.present? %>
       Fablab.openlabAppId = "<%= Rails.application.secrets.openlab_app_id %>";
       <% end %>
-      <% if RecaptchaService.recaptcha_enabled? %>
-      Fablab.recaptchaSiteKey = "<%= RecaptchaService.site_key %>";
-      <% end %>
       Fablab.userConfirmationNeededToSignIn = ('<%= Rails.application.secrets.user_confirmation_needed_to_sign_in %>' === 'true');
 
       // feature tour (used when feature_tour_display = session)
diff --git a/config/locales/app.admin.en.yml b/config/locales/app.admin.en.yml
index 6e5324913..a4a1287d5 100644
--- a/config/locales/app.admin.en.yml
+++ b/config/locales/app.admin.en.yml
@@ -1053,6 +1053,16 @@ en:
         invoicing_info_html: "<p>You can fully disable the invoicing module.</p><p>This is useful if you have your own invoicing system, and you don't want Fab-manager generates and sends invoices to the members.</p><p><strong>Warning:</strong> even if you disable the invoicing module, you must to configure the VAT to prevent errors in accounting and prices. Do it from the « Invoices > Invoicing settings » section.</p>"
         enable_invoicing: "Enable invoicing"
         invoicing_module: "invoicing module"
+        account_creation: "Account creation"
+        phone: "Phone"
+        phone_is_required: "Phone required"
+        phone_required_info: "You can define if the phone number should be required to register a new user on Fab-manager."
+        captcha: "Captcha"
+        captcha_info_html: "You can setup a protection against robots, to prevent them creating members accounts. This protection is using Google reCAPTCHA. Sign up for <a href='http://www.google.com/recaptcha/admin' target='_blank'>an API key pair</a> to start using the captcha."
+        site_key: "Site key"
+        secret_key: "Secret key"
+        recaptcha_site_key: "reCAPTCHA Site Key"
+        recaptcha_secret_key: "reCAPTCHA Secret Key"
         sort_by:
           default: "Default"
           name: "Name"
@@ -1092,9 +1102,6 @@ en:
             online_payment: "Is the online payment module active?"
             invoices: "Is the invoicing module active?"
             openlab: "Is the project sharing module (OpenLab) active?"
-          various_settings: "Various settings"
-          phone_required: "Phone required"
-          phone_required_info: "You can define if the phone number should be required to register a new user on Fab-manager."
           tracking_id_info_html: "To enable the statistical tracking of the visits using Google Analytics, set your tracking ID here. It is in the form UA-000000-2. Visit <a href='https://analytics.google.com/analytics/web/' target='_blank'>the Google Analytics website</a> to get one.<strong>Warning:</strong> if you enable this feature, remember to write it in your privacy policy, above."
           tracking_id: "Tracking ID"
       open_api_clients:
diff --git a/config/locales/app.admin.fr.yml b/config/locales/app.admin.fr.yml
index 3c8a39f29..d7d6f007e 100644
--- a/config/locales/app.admin.fr.yml
+++ b/config/locales/app.admin.fr.yml
@@ -1053,6 +1053,16 @@ fr:
         invoicing_info_html: "<p>Vous pouvez complètement désactiver le module de facturation.</p><p>Cela est utile si vous possédez votre propre système de facturation, et que vous ne souhaitez pas que Fab-manager génère et envoie des factures aux membres.</p><p><strong>Attention :</strong> même si vous désactivez le module de facturation, vous devez configurer la TVA pour éviter des erreurs de prix et de comptabilité. Faites le depuis la section « Factures > Paramètres de facturation ».</p>"
         enable_invoicing: "Activer la facturation"
         invoicing_module: "module de facturation"
+        account_creation: "Création de compte"
+        phone: "Téléphone"
+        phone_is_required: "Téléphone requis"
+        phone_required_info: "Vous pouvez définir si le numéro de téléphone doit être requis, lors de l'enregistrement d'un nouvel utilisateur sur Fab-manager."
+        captcha: "Captcha"
+        captcha_info_html: "Vous pouvez mettre en place une protection contre les robots, pour les empêcher de créer des comptes membre. Cette protection utilise Google reCAPTCHA. Inscrivez vous pour obtenir <a href='http://www.google.com/recaptcha/admin' target='_blank'>une paire de clefs d'API</a> afin d'utiliser le captcha."
+        site_key: "Clef de site"
+        secret_key: "Clef secrète"
+        recaptcha_site_key: "clef de site reCAPTCHA"
+        recaptcha_secret_key: "clef secrète reCAPTCHA"
         sort_by:
           default: "Défaut"
           name: "Nom"
@@ -1092,9 +1102,6 @@ fr:
             online_payment: "Le module de paiement par carte bancaire est-il actif ?"
             invoices: "Le module est facturation est-il actif ?"
             openlab: "Le module de partage de projets (OpenLab) est-il actif ?"
-          various_settings: "Paramètres divers"
-          phone_required: "Téléphone requis"
-          phone_required_info: "Vous pouvez définir si le numéro de téléphone doit être requis, lors de l'enregistrement d'un nouvel utilisateur sur Fab-manager."
           tracking_id_info_html: "Pour activer les suivi statistique des visites utilisant Google Analytics, définissez ici votre ID de suivi. Il se présente sous la forme UA-000000-2. Visitez <a href='https://analytics.google.com/analytics/web/' target='_blank'>le site web de Google Analytics</a> pour en obtenir un.<br/><strong>Attention :</strong> si vous activez cette fonctionnalité, pensez à l'indiquer dans votre politique de confidentialité, ci-dessus."
           tracking_id: "ID de suivi"
       open_api_clients:
diff --git a/config/secrets.yml b/config/secrets.yml
index 7d8dc48a0..7525e78a4 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -46,8 +46,6 @@ development:
   max_import_size: <%= ENV["MAX_IMPORT_SIZE"] %>
   disk_space_mb_alert: <%= ENV["DISK_SPACE_MB_ALERT"] %>
   superadmin_email: <%= ENV["SUPERADMIN_EMAIL"] %>
-  recaptcha_site_key: <%= ENV["RECAPTCHA_SITE_KEY"] %>
-  recaptcha_secret_key: <%= ENV["RECAPTCHA_SECRET_KEY"] %>
   allow_insecure_http: <%= ENV.fetch("ALLOW_INSECURE_HTTP", false) %>
 
 test:
@@ -86,8 +84,6 @@ test:
   max_import_size: <%= ENV["MAX_IMPORT_SIZE"] %>
   disk_space_mb_alert: <%= ENV["DISK_SPACE_MB_ALERT"] %>
   superadmin_email: <%= ENV["SUPERADMIN_EMAIL"] %>
-  recaptcha_site_key: <%= ENV["RECAPTCHA_SITE_KEY"] %>
-  recaptcha_secret_key: <%= ENV["RECAPTCHA_SECRET_KEY"] %>
   allow_insecure_http: <%= ENV.fetch("ALLOW_INSECURE_HTTP", false) %>
 
 staging:
@@ -134,8 +130,6 @@ staging:
   max_import_size: <%= ENV["MAX_IMPORT_SIZE"] %>
   disk_space_mb_alert: <%= ENV["DISK_SPACE_MB_ALERT"] %>
   superadmin_email: <%= ENV["SUPERADMIN_EMAIL"] %>
-  recaptcha_site_key: <%= ENV["RECAPTCHA_SITE_KEY"] %>
-  recaptcha_secret_key: <%= ENV["RECAPTCHA_SECRET_KEY"] %>
   enable_in_context_translation: <%= ENV["ENABLE_IN_CONTEXT_TRANSLATION"] %>
   allow_insecure_http: <%= ENV.fetch("ALLOW_INSECURE_HTTP", false) %>
 
@@ -185,6 +179,4 @@ production:
   max_import_size: <%= ENV["MAX_IMPORT_SIZE"] %>
   disk_space_mb_alert: <%= ENV["DISK_SPACE_MB_ALERT"] %>
   superadmin_email: <%= ENV["SUPERADMIN_EMAIL"] %>
-  recaptcha_site_key: <%= ENV["RECAPTCHA_SITE_KEY"] %>
-  recaptcha_secret_key: <%= ENV["RECAPTCHA_SECRET_KEY"] %>
   allow_insecure_http: <%= ENV.fetch("ALLOW_INSECURE_HTTP", false) %>
diff --git a/doc/environment.md b/doc/environment.md
index f5a8eb7a6..9bc8409a1 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -117,12 +117,6 @@ See http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-config
 When DELIVERY_METHOD is set to **smtp**, configure the SMTP server parameters.
 See https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration for more details.
 DEFAULT_HOST is also used to configure Google Analytics.
-<a name="RECAPTCHA_SITE_KEY"></a><a name="RECAPTCHA_SECRET_KEY"></a>
-
-    RECAPTCHA_SITE_KEY, RECAPTCHA_SECRET_KEY
-
-Configuration keys of Google ReCaptcha V2 (Checkbox).
-This is optional, the captcha will be displayed on the sign-up form, only if these keys are provided.
 <a name="DISQUS_SHORTNAME"></a>
 
     DISQUS_SHORTNAME
diff --git a/env.example b/env.example
index 7d03ca85d..667b3aec6 100644
--- a/env.example
+++ b/env.example
@@ -41,10 +41,6 @@ SMTP_ENABLE_STARTTLS_AUTO=true
 SMTP_OPENSSL_VERIFY_MODE=
 SMTP_TLS=false
 
-# Google recaptcha
-RECAPTCHA_SITE_KEY=
-RECAPTCHA_SECRET_KEY=
-
 # Projects comments
 DISQUS_SHORTNAME=
 
diff --git a/lib/tasks/fablab/setup.rake b/lib/tasks/fablab/setup.rake
index 62d81f7af..b4a4b8ede 100644
--- a/lib/tasks/fablab/setup.rake
+++ b/lib/tasks/fablab/setup.rake
@@ -115,7 +115,9 @@ namespace :fablab do
         %w[! FABLAB_WITHOUT_PLANS plans_module false],
         %w[! FABLAB_WITHOUT_INVOICES invoicing_module false],
         %w[_ FACEBOOK_APP_ID facebook_app_id],
-        %w[_ TWITTER_NAME twitter_analytics]
+        %w[_ TWITTER_NAME twitter_analytics],
+        %w[_ RECAPTCHA_SITE_KEY recaptcha_site_key],
+        %w[_ RECAPTCHA_SECRET_KEY recaptcha_secret_key]
       ]
 
       mapping.each do |m|
diff --git a/setup/env.example b/setup/env.example
index 9287d1984..e03f5dc84 100644
--- a/setup/env.example
+++ b/setup/env.example
@@ -30,9 +30,6 @@ SMTP_ENABLE_STARTTLS_AUTO=true
 SMTP_OPENSSL_VERIFY_MODE=
 SMTP_TLS=false
 
-RECAPTCHA_SITE_KEY=
-RECAPTCHA_SECRET_KEY=
-
 DISQUS_SHORTNAME=
 
 RAILS_LOCALE=fr
diff --git a/setup/setup.sh b/setup/setup.sh
index 3b75e59b1..74c9d0534 100755
--- a/setup/setup.sh
+++ b/setup/setup.sh
@@ -236,7 +236,7 @@ configure_env_file()
   doc=$(\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/doc/environment.md)
   variables=(STRIPE_API_KEY STRIPE_PUBLISHABLE_KEY STRIPE_CURRENCY INVOICE_PREFIX FABLAB_WITHOUT_ONLINE_PAYMENT FABLAB_WITHOUT_WALLET \
    USER_CONFIRMATION_NEEDED_TO_SIGN_IN DEFAULT_MAIL_FROM DELIVERY_METHOD DEFAULT_HOST DEFAULT_PROTOCOL SMTP_ADDRESS SMTP_PORT SMTP_USER_NAME SMTP_PASSWORD SMTP_AUTHENTICATION \
-   SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS RECAPTCHA_SITE_KEY RECAPTCHA_SECRET_KEY DISQUS_SHORTNAME \
+   SMTP_ENABLE_STARTTLS_AUTO SMTP_OPENSSL_VERIFY_MODE SMTP_TLS DISQUS_SHORTNAME \
    LOG_LEVEL ALLOWED_EXTENSIONS ALLOWED_MIME_TYPES MAX_IMAGE_SIZE MAX_CAO_SIZE MAX_IMPORT_SIZE DISK_SPACE_MB_ALERT FEATURE_TOUR_DISPLAY \
    SUPERADMIN_EMAIL APP_LOCALE RAILS_LOCALE MOMENT_LOCALE SUMMERNOTE_LOCALE ANGULAR_LOCALE FULLCALENDAR_LOCALE ELASTICSEARCH_LANGUAGE_ANALYZER TIME_ZONE \
    WEEK_STARTING_DAY D3_DATE_FORMAT UIB_DATE_FORMAT EXCEL_DATE_FORMAT OPENLAB_APP_ID OPENLAB_APP_SECRET OPENLAB_DEFAULT)