Add reCAPTCHA feature
This commit is contained in:
95
app.py
95
app.py
@@ -19,6 +19,7 @@ from flask_mail import Mail, Message
|
||||
from dotenv import load_dotenv
|
||||
from password_utils import PasswordValidator
|
||||
from werkzeug.security import check_password_hash
|
||||
from recaptcha_helper import recaptcha
|
||||
|
||||
# Import blueprints
|
||||
from routes.notes import notes_bp
|
||||
@@ -129,6 +130,9 @@ logger.info(f"Mail default sender: {app.config['MAIL_DEFAULT_SENDER']}")
|
||||
|
||||
mail = Mail(app)
|
||||
|
||||
# Initialize reCAPTCHA
|
||||
recaptcha.init_app(app)
|
||||
|
||||
# Initialize the database with the app
|
||||
db.init_app(app)
|
||||
|
||||
@@ -652,6 +656,13 @@ def register():
|
||||
if not is_valid:
|
||||
error = password_errors[0] # Show first error
|
||||
|
||||
# Verify reCAPTCHA
|
||||
if not error:
|
||||
recaptcha_response = request.form.get('g-recaptcha-response')
|
||||
is_valid, recaptcha_error = recaptcha.verify(recaptcha_response, request.remote_addr)
|
||||
if not is_valid:
|
||||
error = recaptcha_error
|
||||
|
||||
# Find company by code or create new one if no code provided
|
||||
company = None
|
||||
if company_code:
|
||||
@@ -729,31 +740,47 @@ def register():
|
||||
# Make first user in company an admin with full privileges
|
||||
if is_first_user_in_company:
|
||||
new_user.role = Role.ADMIN
|
||||
new_user.is_verified = True # Auto-verify first user in company
|
||||
# Removed auto-verification - all users must verify email
|
||||
elif not email_verification_required:
|
||||
# If email verification is disabled, auto-verify new users
|
||||
new_user.is_verified = True
|
||||
|
||||
# Generate verification token (even if not needed, for consistency)
|
||||
|
||||
# Generate verification token
|
||||
token = new_user.generate_verification_token()
|
||||
|
||||
db.session.add(new_user)
|
||||
db.session.commit()
|
||||
|
||||
if is_first_user_in_company:
|
||||
# First user in company gets admin privileges and is auto-verified
|
||||
logger.info(f"First user account created in company {company.name}: {username} with admin privileges")
|
||||
flash(f'Welcome! You are the first user in {company.name} and have been granted administrator privileges. You can now log in.', 'success')
|
||||
elif not email_verification_required:
|
||||
if not email_verification_required:
|
||||
# Email verification is disabled, user can log in immediately
|
||||
logger.info(f"User account created with auto-verification in company {company.name}: {username}")
|
||||
flash('Registration successful! You can now log in.', 'success')
|
||||
else:
|
||||
# Send verification email for regular users when verification is required
|
||||
# Send verification email for all users (including first user)
|
||||
verification_url = url_for('verify_email', token=token, _external=True)
|
||||
msg = Message(f'Verify your {g.branding.app_name} account', recipients=[email])
|
||||
msg.body = f'''Hello {username},
|
||||
|
||||
# Special message for first user in company
|
||||
if is_first_user_in_company:
|
||||
msg.body = f'''Hello {username},
|
||||
|
||||
Thank you for registering with {g.branding.app_name}. You are the first user in {company.name} and have been granted administrator privileges.
|
||||
|
||||
To complete your registration and access your account, please click on the link below:
|
||||
|
||||
{verification_url}
|
||||
|
||||
This link will expire in 24 hours.
|
||||
|
||||
If you did not register for {g.branding.app_name}, please ignore this email.
|
||||
|
||||
Best regards,
|
||||
The {g.branding.app_name} Team
|
||||
'''
|
||||
logger.info(f"First user account created in company {company.name}: {username} with admin privileges - verification email sent")
|
||||
flash(f'Welcome! You are the first user in {company.name} and have been granted administrator privileges. Please check your email to verify your account.', 'success')
|
||||
else:
|
||||
msg.body = f'''Hello {username},
|
||||
|
||||
Thank you for registering with {g.branding.app_name}. To complete your registration, please click on the link below:
|
||||
|
||||
@@ -766,9 +793,10 @@ If you did not register for {g.branding.app_name}, please ignore this email.
|
||||
Best regards,
|
||||
The {g.branding.app_name} Team
|
||||
'''
|
||||
logger.info(f"User account created in company {company.name}: {username} - verification email sent")
|
||||
flash('Registration initiated! Please check your email to verify your account.', 'success')
|
||||
|
||||
mail.send(msg)
|
||||
logger.info(f"Verification email sent to {email}")
|
||||
flash('Registration initiated! Please check your email to verify your account.', 'success')
|
||||
|
||||
return redirect(url_for('login'))
|
||||
except Exception as e:
|
||||
@@ -815,6 +843,13 @@ def register_freelancer():
|
||||
if not is_valid:
|
||||
error = password_errors[0] # Show first error
|
||||
|
||||
# Verify reCAPTCHA
|
||||
if not error:
|
||||
recaptcha_response = request.form.get('g-recaptcha-response')
|
||||
is_valid, recaptcha_error = recaptcha.verify(recaptcha_response, request.remote_addr)
|
||||
if not is_valid:
|
||||
error = recaptcha_error
|
||||
|
||||
# Check for existing users globally (freelancers get unique usernames/emails)
|
||||
if not error:
|
||||
if User.query.filter_by(username=username).first():
|
||||
@@ -851,6 +886,9 @@ def register_freelancer():
|
||||
db.session.add(personal_company)
|
||||
db.session.flush() # Get company ID
|
||||
|
||||
# Check if email verification is required
|
||||
email_verification_required = get_system_setting('email_verification_required', 'true') == 'true'
|
||||
|
||||
# Create freelancer user
|
||||
new_user = User(
|
||||
username=username,
|
||||
@@ -859,15 +897,42 @@ def register_freelancer():
|
||||
account_type=AccountType.FREELANCER,
|
||||
business_name=business_name if business_name else None,
|
||||
role=Role.ADMIN, # Freelancers are admins of their personal company
|
||||
is_verified=True # Auto-verify freelancers
|
||||
is_verified=not email_verification_required # Only auto-verify if email verification is disabled
|
||||
)
|
||||
new_user.set_password(password)
|
||||
|
||||
# Generate verification token
|
||||
token = new_user.generate_verification_token()
|
||||
|
||||
db.session.add(new_user)
|
||||
db.session.commit()
|
||||
|
||||
logger.info(f"Freelancer account created: {username} with personal company: {company_name}")
|
||||
flash(f'Welcome {username}! Your freelancer account has been created successfully. You can now log in.', 'success')
|
||||
if not email_verification_required:
|
||||
# Email verification is disabled, user can log in immediately
|
||||
logger.info(f"Freelancer account created with auto-verification: {username} with personal company: {company_name}")
|
||||
flash(f'Welcome {username}! Your freelancer account has been created successfully. You can now log in.', 'success')
|
||||
else:
|
||||
# Send verification email
|
||||
verification_url = url_for('verify_email', token=token, _external=True)
|
||||
msg = Message(f'Verify your {g.branding.app_name} freelancer account', recipients=[email])
|
||||
msg.body = f'''Hello {username},
|
||||
|
||||
Thank you for registering as a freelancer with {g.branding.app_name}. Your personal workspace "{company_name}" has been created.
|
||||
|
||||
To complete your registration and access your account, please click on the link below:
|
||||
|
||||
{verification_url}
|
||||
|
||||
This link will expire in 24 hours.
|
||||
|
||||
If you did not register for {g.branding.app_name}, please ignore this email.
|
||||
|
||||
Best regards,
|
||||
The {g.branding.app_name} Team
|
||||
'''
|
||||
mail.send(msg)
|
||||
logger.info(f"Freelancer account created: {username} with personal company: {company_name} - verification email sent")
|
||||
flash(f'Welcome {username}! Your freelancer workspace has been created. Please check your email to verify your account.', 'success')
|
||||
|
||||
return redirect(url_for('login'))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user