Merge branch 'main' into Page-Updated

Rishi-source · web-flow · commit 09ca59035535 · 2025-03-21T07:04:24.000+05:30
diff --git a/requirements.txt b/requirements.txt
@@ -20,7 +20,7 @@ charset-normalizer==2.0.12
 click==8.1.2
 coreapi==2.3.3
 coreschema==0.0.4
-cryptography==43.0.1
+cryptography==44.0.1
 crispy-bootstrap4==2024.1
 cwe2==3.0.0
 dateparser==1.1.1
@@ -31,6 +31,7 @@ Django==4.2.17
 django-crispy-forms==2.3
 django-environ==0.11.2
 django-filter==24.3
+django-recaptcha==4.0.0
 django-widget-tweaks==1.5.0
 djangorestframework==3.15.2
 doc8==0.11.1
@@ -53,7 +54,7 @@ ipython==8.10.0
 isort==5.10.1
 itypes==1.2.0
 jedi==0.18.1
-Jinja2==3.1.5
+Jinja2==3.1.6
 jsonschema==3.2.0
 license-expression==30.3.1
 lxml==4.9.1
diff --git a/setup.cfg b/setup.cfg
@@ -99,6 +99,8 @@ install_requires =
     python-dotenv
     texttable
 
+    django-recaptcha>=4.0.0
+
 
 [options.extras_require]
 dev =
diff --git a/vulnerabilities/forms.py b/vulnerabilities/forms.py
@@ -9,6 +9,8 @@
 
 from django import forms
 from django.core.validators import validate_email
+from django_recaptcha.fields import ReCaptchaField
+from django_recaptcha.widgets import ReCaptchaV2Checkbox
 
 from vulnerabilities.models import ApiUser
 
@@ -38,6 +40,10 @@ class ApiUserCreationForm(forms.ModelForm):
     Support a simplified creation for API-only users directly from the UI.
     """
 
+    captcha = ReCaptchaField(
+        error_messages={"required": ("Captcha is required")}, widget=ReCaptchaV2Checkbox
+    )
+
     class Meta:
         model = ApiUser
         fields = (
diff --git a/vulnerabilities/templates/api_user_creation_form.html b/vulnerabilities/templates/api_user_creation_form.html
@@ -14,11 +14,17 @@
         </article>
       {% endfor %}
       <div id="form-errors" class="message is-danger {% if not form.errors %}is-hidden{% endif %}">
-        {% for field_name, errors in form.errors.items %}
+        {% if form.errors.captcha %}
         <div class="message-body">
-          {{ errors }}
+            {{ form.errors.captcha }}
         </div>
-        {% endfor %}
+        {% else %}
+        <div class="message-body">
+            {% for error in form.errors.values %}
+                {{ error }}
+            {% endfor %}
+        </div>
+        {% endif %}
       </div>
     <h2 class="subtitle mb-0 pt-2 mb-2">
       <b>VulnerableCode API key request</b>
diff --git a/vulnerablecode/settings.py b/vulnerablecode/settings.py
@@ -83,8 +83,15 @@
     "drf_spectacular",
     # required for Django collectstatic discovery
     "drf_spectacular_sidecar",
+    "django_recaptcha",
 )
 
+RECAPTCHA_PUBLIC_KEY = env.str("RECAPTCHA_PUBLIC_KEY", "")
+RECAPTCHA_PRIVATE_KEY = env.str("RECAPTCHA_PRIVATE_KEY", "")
+SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"]
+RECAPTCHA_DOMAIN = env.str("RECAPTCHA_DOMAIN", "www.recaptcha.net")
+
+
 MIDDLEWARE = (
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
