From 793f023032c8eda003bfdb0b10d13309daad7c9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Cloutier?= Date: Mon, 10 Mar 2025 13:50:22 -0400 Subject: [PATCH] [FIX] auth_signup_verify_email: Use reCaptcha --- auth_signup_verify_email/controllers/main.py | 3 +++ auth_signup_verify_email/tests/test_verify_email.py | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/auth_signup_verify_email/controllers/main.py b/auth_signup_verify_email/controllers/main.py index 3c1564b5dc..0f0fed2e51 100644 --- a/auth_signup_verify_email/controllers/main.py +++ b/auth_signup_verify_email/controllers/main.py @@ -6,6 +6,7 @@ from email_validator import EmailSyntaxError, EmailUndeliverableError, validate_email from odoo import _ +from odoo.exceptions import UserError from odoo.http import request, route from odoo.addons.auth_signup.controllers.main import AuthSignupHome @@ -26,6 +27,8 @@ def passwordless_signup(self): # Check good format of e-mail try: + if not request.env["ir.http"]._verify_request_recaptcha_token("signup"): + raise UserError(_("Suspicious activity detected by Google reCaptcha.")) validate_email(values.get("login", "")) except EmailSyntaxError as error: qcontext["error"] = getattr( diff --git a/auth_signup_verify_email/tests/test_verify_email.py b/auth_signup_verify_email/tests/test_verify_email.py index 39a82073c0..f2ce63b52e 100644 --- a/auth_signup_verify_email/tests/test_verify_email.py +++ b/auth_signup_verify_email/tests/test_verify_email.py @@ -11,6 +11,7 @@ from odoo.tests.common import HttpCase from odoo.tools.misc import mute_logger +from odoo.addons.base.models import ir_http from odoo.addons.mail.models import mail_template @@ -45,6 +46,15 @@ def test_bad_email(self): doc = self.html_doc(data=self.data) self.assertTrue(doc.xpath('//p[@class="alert alert-danger"]')) + def test_failed_recaptcha(self): + """Test rejection of failed reCaptcha.""" + with patch.object( + ir_http.IrHttp, "_verify_request_recaptcha_token", return_value=False + ): + self.data["login"] = "contributors@odoo-community.org" + doc = self.html_doc(data=self.data) + self.assertTrue(doc.xpath('//p[@class="alert alert-danger"]')) + @mute_logger("odoo.addons.auth_signup_verify_email.controllers.main") def test_good_email(self): """Test acceptance of good emails."""