Add captcha challenge on admin login page

Signed-off-by: Keshav Priyadarshi <[email protected]>
aboutcode-org · Jan 23, 2025 · b79876a · b79876a
1 parent c7a2630
commit b79876a
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 3 deletions.
diff --git a/fedcode/forms.py b/fedcode/forms.py
@@ -8,6 +8,7 @@
 #
 
 from django import forms
+from django.contrib.admin.forms import AdminAuthenticationForm
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.forms import UserCreationForm
 from django.contrib.auth.models import User
@@ -156,3 +157,12 @@ class UserLoginForm(AuthenticationForm):
         },
         widget=ReCaptchaV2Checkbox,
     )
+
+
+class AdminLoginForm(AdminAuthenticationForm):
+    captcha = ReCaptchaField(
+        error_messages={
+            "required": ("Captcha is required"),
+        },
+        widget=ReCaptchaV2Checkbox(),
+    )
diff --git a/fedcode/templates/admin_login.html b/fedcode/templates/admin_login.html
@@ -0,0 +1,66 @@
+{% extends "admin/base_site.html" %}
+{% load i18n static %}
+
+{% block extrastyle %}{{ block.super }}<link rel="stylesheet" href="{% static "admin/css/login.css" %}">
+{{ form.media }}
+{% endblock %}
+
+{% block bodyclass %}{{ block.super }} login{% endblock %}
+
+{% block usertools %}{% endblock %}
+
+{% block nav-global %}{% endblock %}
+
+{% block nav-sidebar %}{% endblock %}
+
+{% block content_title %}{% endblock %}
+
+{% block nav-breadcrumbs %}{% endblock %}
+
+{% block content %}
+
+{% if form.errors %}
+{% for error in form.errors.values %}
+    <p>{{ error }}</p>
+{% endfor %}
+{% endif %}
+
+
+<div id="content-main">
+
+    {% if user.is_authenticated %}
+    <p class="errornote">
+        {% blocktranslate trimmed %}
+        You are authenticated as {{ username }}, but are not authorized to
+        access this page. Would you like to login to a different account?
+        {% endblocktranslate %}
+    </p>
+    {% endif %}
+
+    <form action="{{ app_path }}" method="post" id="login-form">{% csrf_token %}
+        <div class="form-row">
+            {{ form.username.errors }}
+            {{ form.username.label_tag }} {{ form.username }}
+        </div>
+        <div class="form-row">
+            {{ form.password.errors }}
+            {{ form.password.label_tag }} {{ form.password }}
+            <input type="hidden" name="next" value="{{ next }}">
+        </div>
+        {% url 'admin_password_reset' as password_reset_url %}
+        {% if password_reset_url %}
+        <div class="password-reset-link">
+            <a href="{{ password_reset_url }}">{% translate 'Forgotten your password or username?' %}</a>
+        </div>
+        {% endif %}
+        <div class="field">
+            <div class="control">
+                {{ form.captcha }}
+            </div>
+        </div>
+        <div class="submit-row">
+            <input type="submit" value="{% translate 'Log in' %}">
+        </div>
+    </form>
+</div>
+{% endblock %}
diff --git a/fedcode/views.py b/fedcode/views.py
@@ -10,7 +10,6 @@
 import json
 import logging
 import os.path
-from urllib.parse import urlparse
 
 import requests
 from django.contrib import messages
@@ -47,6 +46,7 @@
 from fedcode.activitypub import AP_CONTEXT
 from fedcode.activitypub import create_activity_obj
 from fedcode.activitypub import has_valid_header
+from fedcode.forms import AdminLoginForm
 from fedcode.forms import CreateGitRepoForm
 from fedcode.forms import CreateNoteForm
 from fedcode.forms import CreateReviewForm
@@ -889,3 +889,8 @@ def revoke_token(request):
         },
     )
     return JsonResponse(json.loads(r.content), status=r.status_code, content_type=AP_CONTENT_TYPE)
+
+
+class AdminLoginView(LoginView):
+    template_name = "admin_login.html"
+    authentication_form = AdminLoginForm
diff --git a/federatedcode/settings.py b/federatedcode/settings.py
@@ -61,8 +61,8 @@
 FEDERATEDCODE_CLIENT_ID = env.str("FEDERATEDCODE_CLIENT_ID")
 FEDERATEDCODE_CLIENT_SECRET = env.str("FEDERATEDCODE_CLIENT_SECRET")
 
-RECAPTCHA_PUBLIC_KEY = env.str("RECAPTCHA_PUBLIC_KEY")
-RECAPTCHA_PRIVATE_KEY = env.str("RECAPTCHA_PRIVATE_KEY")
+RECAPTCHA_PUBLIC_KEY = env.str("RECAPTCHA_PUBLIC_KEY", "")
+RECAPTCHA_PRIVATE_KEY = env.str("RECAPTCHA_PRIVATE_KEY", "")
 SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"]
 RECAPTCHA_DOMAIN = env.str("RECAPTCHA_DOMAIN", "www.recaptcha.net")
 

diff --git a/federatedcode/urls.py b/federatedcode/urls.py
@@ -13,6 +13,7 @@
 from django.urls import path
 
 from fedcode import views
+from fedcode.views import AdminLoginView
 from fedcode.views import CreateReview
 from fedcode.views import CreateSync
 from fedcode.views import CreatGitView
@@ -45,6 +46,7 @@
 from fedcode.views import redirect_vulnerability
 
 urlpatterns = [
+    path("admin/login/", AdminLoginView.as_view(), name="admin-login"),
     path("admin/", admin.site.urls),
     path(".well-known/webfinger", WebfingerView.as_view(), name="web-finger"),
     path("", HomeView.as_view(), name="home-page"),