Merge branch 'main' into release/5

Author: vsalvino

coderedcms/models/page_models.py

@@ -1640,7 +1640,10 @@ def contains_spam(self, request) -> bool:
                 utils.get_ip(request),
             )
             # Score ranges from 0 (likely spam) to 1 (likely good).
-            return rr.score < ls.recaptcha_threshold
+            if rr.success and rr.score >= 0:
+                return rr.score < ls.recaptcha_threshold
+            else:
+                return True
         elif ls.spam_service == ls.SpamService.RECAPTCHA_V2:
             rr = verify_response(
                 request.POST.get("g-recaptcha-response", ""),

coderedcms/project_template/basic/pyproject.toml

@@ -1,3 +1,8 @@
+[project]
+name = "{{ project_name }}"
+version = "0.1.0"
+requires-python = ">=3.9"
+
 [tool.black]
 line-length = 80
 extend-exclude = ["migrations"]

coderedcms/project_template/pro/pyproject.toml

@@ -1,3 +1,8 @@
+[project]
+name = "{{ project_name }}"
+version = "0.1.0"
+requires-python = ">=3.9"
+
 [tool.black]
 line-length = 80
 extend-exclude = ["migrations"]

coderedcms/recaptcha.py

@@ -10,7 +10,7 @@
 
 
 class RecaptchaResponse(typing.NamedTuple):
-    success: bool
+    success: typing.Union[bool, None]
     score: float
     error_codes: typing.List[str]
     original_data: typing.Dict[str, typing.Any]
@@ -43,11 +43,12 @@ def verify_response(recaptcha_response: str, secret_key: str, remoteip: str):
     response = urlopen(request)
     data = json.loads(response.read().decode("utf8"))
     response.close()
-    logger.info(f"reCAPTCHA response: {data}")
-    # Default to good (likely not spam) values if they are not present.
-    return RecaptchaResponse(
-        success=data.get("success", True),
-        score=data.get("score", 1.0),
+    # Default to sentinel values if not provided by Google.
+    rr = RecaptchaResponse(
+        success=data.get("success", None),
+        score=data.get("score", -1.0),
         error_codes=data.get("error-codes", []),
         original_data=data,
     )
+    logger.info(f"reCAPTCHA response: {rr}")
+    return rr

coderedcms/templates/coderedcms/includes/form_button.html

@@ -16,10 +16,15 @@
 <input type="hidden" name="g-recaptcha-response">
 <button
   type="button"
+  id="{{page.get_form_id}}Button"
   class="btn {{page.button_size}} {{page.button_style}} {{page.button_css_class}}"
   onclick="recaptchaSubmit('{{ page.get_form_id }}')"
   >
   {{ button_text|default:page.button_text }}
+  <span class="d-none ps-1" id="{{page.get_form_id}}ButtonSpinner">
+    <span class="spinner-border spinner-border-sm" aria-hidden="true"></span>
+    <span class="visually-hidden" role="status">Submitting...</span>
+  </span>
 </button>
 {% else %}
 <button type="submit" class="btn {{page.button_size}} {{page.button_style}} {{page.button_css_class}}">

coderedcms/templates/coderedcms/pages/base.html

@@ -193,9 +193,13 @@ <h2 class="text-center my-5">{% trans "Related" %}</h2>
   <script src="https://www.google.com/recaptcha/api.js?render={{ ls.recaptcha_public_key }}"></script>
   <script>
     function recaptchaSubmit(formId) {
-      var form = document.getElementById(formId);
+      let form = document.getElementById(formId);
+      let spinner = document.getElementById(`${formId}ButtonSpinner`);
+      let button = document.getElementById(`${formId}Button`)
       if (form.reportValidity()) {
         grecaptcha.ready(function() {
+          button.disabled = true;
+          spinner.classList.remove("d-none");
           grecaptcha.execute(
             '{{ ls.recaptcha_public_key }}',
             {action: 'submit'}
@@ -205,7 +209,10 @@ <h2 class="text-center my-5">{% trans "Related" %}</h2>
               function(el) {el.value = token}
             );
             document.getElementById(formId).submit();
-          });
+          }).finally(function() {
+            button.disabled = false;
+            spinner.classList.add('d-none')
+          })
         });
       }
     }

docs/getting_started/tutorial03.rst

@@ -194,10 +194,8 @@ Lookin' good!
     The home page preview after adding the card grid.
 
 .. note::
- At this point you may notice that the cards aren't the same height.  You can fix this two ways.  One you can add the bootstrap
- CSS class of h-100 to each card, two you can add `$card-height: 100%` in the _variables.scss.  If you use the sass option remember to compile the sass files.
- This is the most basic use case of card-grid check out :ref:`card-grid` for more information.
-
+ At this point you may notice that the cards aren't the same height.  
+ 
 To make all the cards equal height, We added bootstrap class h-100 to each card as seen here:
 
 .. figure:: images/tut03/h_100.jpeg

docs/releases/index.rst

@@ -33,6 +33,7 @@ Supported Versions:
 .. toctree::
     :maxdepth: 1
 
+    v5.0.1
     v5.0.0
     v4.1.1
     v4.1.0

docs/releases/v5.0.1.rst

@@ -0,0 +1,20 @@
+v5.0.1 release notes
+====================
+
+
+Bug fixes
+---------
+
+* Fix bug where some spam form submissions were allowed through when using reCAPTCHA v3.
+
+
+New features
+------------
+
+* While submitting a recaptcha v3 form, the button is disabled and shows a spinner.
+
+
+Thank you!
+----------
+
+Thanks to everyone who contributed to `5.0.1 on GitHub <https://github.com/coderedcorp/coderedcms/milestone/62?closed=1>`_.