[IMP] Adding recaptcha validation in login, password reset , signup, …

…widget form website

setup/website_recaptcha_v2_form/odoo/addons/website_recaptcha_v2_form

@@ -0,0 +1 @@
+../../../../website_recaptcha_v2_form

website_recaptcha_v2_form/__manifest__.py

@@ -1,8 +1,8 @@
 {
-    "name": "Website reCAPTCHA v2 login",
+    "name": "Website reCAPTCHA v2 form",
     "version": "16.0.1.0.0",
     "category": "Website",
-    "depends": ["web", "website_recaptcha_v2"],
+    "depends": ["web", "auth_signup", "website", "website_recaptcha_v2"],
     "author": """
         Binhex,
         Odoo Community Association (OCA)
@@ -12,6 +12,17 @@
     "summary": "Module to add reCAPTCHA v2 to the login form on the website",
     "data": [
         "views/webclient_templates.xml",
+        "views/auth_signup_login_templates.xml",
+        "views/s_website_form.xml",
     ],
+    "assets": {
+        "website.assets_wysiwyg": [
+            "website_recaptcha_v2_form/static/src/xml/website_form_editor.xml",
+            "website_recaptcha_v2_form/static/src/snippets/s_website_form/options.js",
+        ],
+        "web.assets_frontend": [
+            "website_recaptcha_v2_form/static/src/css/recaptcha.css",
+        ],
+    },
     "installable": True,
 }

website_recaptcha_v2_form/controllers/main.py

@@ -4,36 +4,78 @@
 from odoo.exceptions import AccessDenied
 from odoo.http import request
 
+from odoo.addons.auth_signup.controllers.main import AuthSignupHome
 from odoo.addons.web.controllers.home import SIGN_UP_REQUEST_PARAMS, Home
 
 logger = logging.getLogger(__name__)
 
+SIGN_UP_REQUEST_PARAMS.add("g-recaptcha-response")
+
 
 class BinhexHome(Home):
+    def verify_recaptcha_v2(self, args=None, kw=None, template="", values=None):
+        Website = request.env["website"].sudo()
+        try:
+            request.env["ir.http"]._auth_method_public()
+            valid = Website.get_current_website().valid_recaptcha(values)
+            if valid:
+                if template == "web.login":
+                    return super().web_login(values.get("redirect", ""), **kw)
+                if template in ("auth_signup.reset_password", "auth_signup.signup"):
+                    return True
+        except AccessDenied as e:
+            values.update(
+                {
+                    "error": str(
+                        e.args[0] if len(e.args) > 0 else _("Recaptcha is not valid.")
+                    )
+                }
+            )
+            response = request.render(template, values)
+            response.headers["X-Frame-Options"] = "SAMEORIGIN"
+            response.headers["Content-Security-Policy"] = "frame-ancestors 'self'"
+            return response
+
     @http.route("/web/login", type="http", auth="none")
     def web_login(self, redirect=None, **kw):
-        Website = request.env["website"].sudo()
-        values = {
-            k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS
-        }
         if request.httprequest.method == "POST":
-            request.env["ir.http"]._auth_method_public()
-            try:
-                valid = Website.get_current_website().valid_recaptcha(kw)
-                if valid:
-                    return super().web_login(redirect, **kw)
-            except AccessDenied as e:
-                values.update(
-                    {
-                        "error": str(
-                            e.args[0]
-                            if len(e.args) > 0
-                            else _("Recaptcha is not valid.")
-                        )
-                    }
+            values = {
+                k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS
+            }
+            # Checking that if the request comes from the creation of the account,
+            # that the recaptcha is not checked again to avoid errors.
+
+            if (
+                values.get("confirm_password", "") == ""
+                and request.httprequest.url.find("web/signup") == -1
+            ):
+                return self.verify_recaptcha_v2(
+                    kw=kw, template="web.login", values=values
                 )
-                response = request.render("web.login", values)
-                response.headers["X-Frame-Options"] = "SAMEORIGIN"
-                response.headers["Content-Security-Policy"] = "frame-ancestors 'self'"
-                return response
         return super().web_login(redirect, **kw)
+
+
+class BinhexAuthSignupHome(AuthSignupHome):
+    @http.route(
+        "/web/reset_password", type="http", auth="public", website=True, sitemap=False
+    )
+    def web_auth_reset_password(self, *args, **kw):
+        qcontext = self.get_auth_signup_qcontext()
+        if request.httprequest.method == "POST":
+            valid = self.verify_recaptcha_v2(
+                kw=kw, template="auth_signup.reset_password", values=qcontext, args=args
+            )
+            if not isinstance(valid, bool):
+                return valid
+        return super().web_auth_reset_password(*args, **kw)
+
+    @http.route("/web/signup", type="http", auth="public", website=True, sitemap=False)
+    def web_auth_signup(self, *args, **kw):
+        qcontext = self.get_auth_signup_qcontext()
+        if request.httprequest.method == "POST":
+            valid = self.verify_recaptcha_v2(
+                kw=kw, template="auth_signup.signup", values=qcontext, args=args
+            )
+            if not isinstance(valid, bool):
+                return valid
+        return super().web_auth_signup(*args, **kw)

website_recaptcha_v2_form/models/website.py

@@ -1,4 +1,4 @@
-from odoo import models
+from odoo import api, models
 from odoo.exceptions import AccessDenied
 
 
@@ -14,8 +14,12 @@ class Website(models.Model):
             kw: Data sent from the form
     """
 
-    def valid_recaptcha(self, kw):
-        valid, message = self.is_recaptcha_v2_valid(kw)
+    def valid_recaptcha(self, values):
+        valid, message = self.is_recaptcha_v2_valid(values)
         if not valid:
             raise AccessDenied(message)
         return True
+
+    @api.model
+    def get_recaptcha_v2_site_key(self):
+        return self.sudo().get_current_website().recaptcha_v2_site_key

website_recaptcha_v2_form/static/src/scss/recaptcha.scss

@@ -0,0 +1,5 @@
+div.s_website_form_recaptcha_v2 {
+    > div.g-recaptcha {
+        margin-left: 18% !important;
+    }
+}

website_recaptcha_v2_form/static/src/snippets/s_website_form/options.js

@@ -0,0 +1,44 @@
+odoo.define("website_recaptcha_v2_form.form_editor", function (require) {
+    "use strict";
+
+    var options = require("web_editor.snippets.options");
+    const core = require("web.core");
+    const rpc = require("web.rpc");
+    const qweb = core.qweb;
+    require("website.form_editor");
+
+    options.registry.WebsiteFormEditor.include({
+        willStart: async function () {
+            var res = this._super(...arguments);
+            this.recaptcha_site_key = await rpc.query({
+                model: "website",
+                method: "get_recaptcha_v2_site_key",
+            });
+            return res;
+        },
+        toggleRecaptchaV2: async function () {
+            const recaptchaV2 = this.$target[0].querySelector(
+                ".s_website_form_recaptcha_v2"
+            );
+            if (recaptchaV2) {
+                recaptchaV2.remove();
+            } else {
+                const legal = qweb.render("website_recaptcha_v2_form.recaptcha_v2", {
+                    recaptcha_site_key: this.recaptcha_site_key,
+                });
+                this.$target.find(".s_website_form_submit").before(legal);
+            }
+        },
+        _computeWidgetState: function (methodName, params) {
+            switch (methodName) {
+                case "toggleRecaptchaV2":
+                    return (
+                        !this.$target[0].querySelector(
+                            ".s_website_form_recaptcha_v2"
+                        ) || ""
+                    );
+            }
+            return this._super(...arguments);
+        },
+    });
+});

website_recaptcha_v2_form/static/src/xml/website_form_editor.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<templates xml:space="preserve">
+
+    <t t-name="website_recaptcha_v2_form.recaptcha_v2">
+        <div class="col-12 s_website_form_recaptcha_v2" data-name="Recaptcha v2 Legal">
+           <div class="g-recaptcha" t-att-data-sitekey="recaptcha_site_key" />
+            <script src="https://www.recaptcha.net/recaptcha/api.js" async="1" />
+        </div>
+    </t>
+
+</templates>

website_recaptcha_v2_form/views/auth_signup_login_templates.xml

@@ -1,6 +1,12 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <odoo>
-    <template id="binhex_login" inherit_id="web.login">
+    <template id="binhex_signup" inherit_id="auth_signup.signup">
+       <xpath expr="//p[hasclass('alert-danger')]" position="before">
+            <t t-call="website_recaptcha_v2.recaptcha_widget" />
+        </xpath>
+    </template>
+
+    <template id="binhex_reset_password" inherit_id="auth_signup.reset_password">
         <xpath expr="//p[hasclass('alert-danger')]" position="before">
             <t t-call="website_recaptcha_v2.recaptcha_widget" />
         </xpath>

website_recaptcha_v2_form/views/s_website_form.xml

@@ -0,0 +1,16 @@
+<odoo>
+    <template id="s_website_form_options" inherit_id="website.snippet_options">
+        <xpath expr="//div[@data-js='WebsiteFormEditor']" position="inside">
+            <t
+                t-set="recaptcha_v2_public_key"
+                t-value="request.env['ir.config_parameter'].sudo().get_param('recaptcha_v2_secret_key')"
+            />
+            <we-checkbox
+                string="Show reCaptcha v2"
+                data-toggle-recaptcha-v2=""
+                data-no-preview="true"
+            />
+        </xpath>
+    </template>
+
+</odoo>