Use reCaptcha in sign-up. Set password in second step. TODO: check and send email.

Author: ntoll

.gitignore

@@ -105,3 +105,6 @@ venv.bak/
 
 # VIM
 *.swp
+
+# Env
+.envrc

textsmith/app.py

@@ -26,7 +26,7 @@
 from quart.logging import default_handler
 from flask_babel import Babel  # type: ignore
 from flask_babel import gettext as _  # type: ignore
-from flask_wtf import FlaskForm  # type: ignore
+from flask_wtf import FlaskForm, RecaptchaField  # type: ignore
 from wtforms import validators  # type: ignore
 from wtforms.fields import PasswordField, BooleanField  # type: ignore
 from wtforms.fields.html5 import EmailField  # type: ignore
@@ -58,6 +58,17 @@
 )
 # i18n support.
 babel = Babel(app)
+# ReCaptcha support.
+app.config.update(
+    {
+        "RECAPTCHA_PUBLIC_KEY": os.environ.get(
+            "RECAPTCHA_PUBLIC_KEY", "CHANGEME"
+        ),
+        "RECAPTCHA_PRIVATE_KEY": os.environ.get(
+            "RECAPTCHA_PRIVATE_KEY", "CHANGEME"
+        ),
+    }
+)
 
 
 # ---------- WEB FORM DEFINITIONS
@@ -76,6 +87,18 @@ class SignUp(FlaskForm):
         ],
         render_kw={"autofocus": True},
     )
+    accept = BooleanField(
+        _("I accept the code of conduct"),
+        [validators.InputRequired(_("Please agree to our code of conduct."))],
+    )
+    recaptcha = RecaptchaField()
+
+
+class SetPassword(FlaskForm):
+    """
+    Allows a user to set and confirm a new password.
+    """
+
     password1 = PasswordField(
         _("Password"),
         [
@@ -91,10 +114,6 @@ class SignUp(FlaskForm):
     password2 = PasswordField(
         _("Confirm Password"), [validators.InputRequired(_("Required."))]
     )
-    accept = BooleanField(
-        _("I accept the code of conduct"),
-        [validators.InputRequired(_("Please agree to our code of conduct."))],
-    )
 
 
 class LogIn(FlaskForm):

textsmith/datastore.py

@@ -254,7 +254,9 @@ async def set_container(self, object_id: int, container_id: int):
         referenced as container_id.
         """
 
-    async def get_contents(self, object_id: int) -> Dict[
+    async def get_contents(
+        self, object_id: int
+    ) -> Dict[
         int,
         Dict[
             str,

textsmith/logic.py

@@ -29,7 +29,7 @@ async def set_last_login(self, user_id):
         """
         Set the last_login timestamp to time.now() for the referenced user.
         """
-        await self.datastore.set_last_seen(user_id) 
+        await self.datastore.set_last_seen(user_id)
 
     async def check_email(self, email: str) -> bool:
         """
@@ -43,4 +43,4 @@ async def create_user(self, email, password):
         Create a user with the referenced email and password. Email a
         confirmation link with instructions to the new user.
         """
-        return 
+        return

textsmith/templates/set_password.html

@@ -0,0 +1,18 @@
+{% extends 'base.html' %}
+{% block content %}
+<section>
+    <p>{% trans %}Please enter and confirm your new password in the form
+    below.{% endtrans %}</p>
+
+    {% if form.errors %}
+    <p><strong>There are problems with the values you entered.</strong></p>
+    {% endif %}
+    <form action="{{ url_for('password') }}" method="post">
+        {{ form.csrf_token }}
+        <p>{{ form.password1.label }}:<br/>{{ form.password1}}
+        {% if form.password1.errors %}<strong>{% for error in form.password1.errors %}{{ error }} {% endfor %}</strong>{% endif %}</p>
+        <p>{{ form.password2.label }}:<br/>{{ form.password2}}</p>
+        <p><input type="submit" value="{% trans %}Submit{% endtrans %}"></p>
+    </form>
+</section>
+{% endblock %}

textsmith/templates/signup.html

@@ -2,19 +2,19 @@
 {% block content %}
 <section>
     <p>{% trans %}Please read our <a href="/conduct">code of conduct</a> and
-    then fill in the form below to sign up.{% endtrans %}</p>
+    then fill in the form below to sign up. We'll email you instructions for
+    setting your password and logging in for the first time.{% endtrans %}</p>
 
     {% if form.errors %}
     <p><strong>There are problems with the values you entered.</strong></p>
     {% endif %}
     <form action="{{ url_for('signup') }}" method="post">
         {{ form.csrf_token }}
-        <p>{{ form.email.label }}:<br/>{{ form.email }}
-        {% if form.email.errors %}<strong>{% for error in form.email.errors %}{{ error }} {% endfor %}</strong>{% endif %}</p>
-        <p>{{ form.password1.label }}:<br/>{{ form.password1}}
-        {% if form.password1.errors %}<strong>{% for error in form.password1.errors %}{{ error }} {% endfor %}</strong>{% endif %}</p>
-        <p>{{ form.password2.label }}:<br/>{{ form.password2}}</p>
+        <p>{{ form.email.label }}:<br/>{{ form.email }}</p>
+        {% if form.email.errors %}<p><strong>({% for error in form.email.errors %}{{ error }} {% endfor %}</strong>)</p>{% endif %}
         <p>{{ form.accept.label }}: {{ form.accept }}</p>
+        {{ form.recaptcha }}
+        {% if form.recaptcha.errors %}<p>(<strong>{% for error in form.recaptcha.errors %}{{ error }} {% endfor %})</strong></p>{% endif %}
         <p><input type="submit" value="{% trans %}Submit{% endtrans %}"></p>
     </form>
 </section>