From 3803604199c30a8f4af56686d0d7fd63552a36a1 Mon Sep 17 00:00:00 2001
From: kohsuke <kohsuke@71c3de6d-444a-0410-be80-ed276b4c234a>
Date: Mon, 17 Dec 2007 02:56:21 +0000
Subject: [PATCH] adding captcha for sign-up screen.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6325 71c3de6d-444a-0410-be80-ed276b4c234a
---
 core/pom.xml                                  | 43 ++++++++++++++++++
 .../security/HudsonPrivateSecurityRealm.java  | 13 ++++++
 .../java/hudson/security/SecurityRealm.java   | 45 +++++++++++++++++++
 .../HudsonPrivateSecurityRealm/signup.jelly   | 15 +++++++
 4 files changed, 116 insertions(+)

diff --git a/core/pom.xml b/core/pom.xml
index 8c20b2eb8e..f4ca12e844 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -446,6 +446,49 @@
       <artifactId>commons-collections</artifactId>
       <version>3.2</version>
     </dependency>
+    <dependency>
+      <groupId>com.octo.captcha</groupId>
+      <artifactId>jcaptcha-all</artifactId>
+      <version>1.0-RC6</version>
+      <exclusions>
+        <exclusion>
+          <groupId>hsqldb</groupId>
+          <artifactId>hsqldb</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>hsqldb</groupId>
+          <artifactId>hsqldb</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>net.sf.ehcache</groupId>
+          <artifactId>ehcache</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>quartz</groupId>
+          <artifactId>quartz</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>xerces</groupId>
+          <artifactId>xercesImpl</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>xerces</groupId>
+          <artifactId>xmlParserAPIs</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.springframework</groupId>
+          <artifactId>spring</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>commons-dbcp</groupId>
+          <artifactId>commons-dbcp</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>concurrent</groupId>
+          <artifactId>concurrent</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
   </dependencies>
 
 </project>
diff --git a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
index 147244b974..85510c67ac 100644
--- a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
+++ b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -12,6 +12,10 @@ import org.acegisecurity.userdetails.UserDetails;
 import org.acegisecurity.userdetails.UserDetailsService;
 import org.acegisecurity.userdetails.UsernameNotFoundException;
 import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.StaplerResponse;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 /**
  * {@link SecurityRealm} that performs authentication by looking up {@link User}.
@@ -30,6 +34,15 @@ public class HudsonPrivateSecurityRealm extends SecurityRealm {
         return DescriptorImpl.INSTANCE;
     }
 
+    /**
+     * Creates an user account.
+     */
+    public void doCreateAccount(StaplerRequest req, StaplerResponse rsp) throws IOException {
+        rsp.getWriter().println(
+           validateCaptcha(req.getParameter("captcha"))
+        );
+    }
+
     // TODO
     private static final GrantedAuthority[] TEST_AUTHORITY = {new GrantedAuthorityImpl("authenticated")};
 
diff --git a/core/src/main/java/hudson/security/SecurityRealm.java b/core/src/main/java/hudson/security/SecurityRealm.java
index 0380ba4724..962da6b025 100644
--- a/core/src/main/java/hudson/security/SecurityRealm.java
+++ b/core/src/main/java/hudson/security/SecurityRealm.java
@@ -9,8 +9,21 @@ import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationManager;
 import org.springframework.context.ApplicationContext;
 import org.kohsuke.stapler.Stapler;
+import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.StaplerResponse;
+import org.kohsuke.stapler.QueryParameter;
+import org.apache.tools.ant.types.resources.selectors.None;
+import org.apache.maven.plugin.logging.Log;
 
 import java.util.Map;
+import java.util.logging.Logger;
+import java.util.logging.Level;
+import java.io.IOException;
+
+import com.octo.captcha.service.image.DefaultManageableImageCaptchaService;
+import com.octo.captcha.service.CaptchaServiceException;
+
+import javax.imageio.ImageIO;
 
 /**
  * Pluggable security realm that connects external user database to Hudson.
@@ -66,6 +79,36 @@ public abstract class SecurityRealm implements Describable<SecurityRealm>, Exten
         return clz.getClassLoader().getResource(clz.getName().replace('.','/')+"/signup.jelly")!=null;
     }
 
+    /**
+     * {@link DefaultManageableImageCaptchaService} holder to defer initialization.
+     */
+    private static final class CaptchaService {
+        private static final DefaultManageableImageCaptchaService INSTANCE = new DefaultManageableImageCaptchaService();
+    }
+
+    /**
+     * Generates a captcha image.
+     */
+    public final void doCaptcha(StaplerRequest req, StaplerResponse rsp) throws IOException {
+        String id = req.getSession().getId();
+        rsp.setContentType("image/png");
+        ImageIO.write( CaptchaService.INSTANCE.getImageChallengeForID(id), "PNG", rsp.getOutputStream() );
+    }
+
+    /**
+     * Validates the captcha.
+     */
+    protected final boolean validateCaptcha(String text) {
+        try {
+            String id = Stapler.getCurrentRequest().getSession().getId();
+            Boolean b = CaptchaService.INSTANCE.validateResponseForID(id, text);
+            return b!=null && b;
+        } catch (CaptchaServiceException e) {
+            LOGGER.log(Level.INFO, "Captcha validation had a problem",e);
+            return false;
+        }
+    }
+
     /**
      * Picks up the instance of the given type from the spring context.
      * If there are multiple beans of the same type or if there are none,
@@ -124,4 +167,6 @@ public abstract class SecurityRealm implements Describable<SecurityRealm>, Exten
         HudsonPrivateSecurityRealm.DescriptorImpl.INSTANCE,
         LDAPSecurityRealm.DESCRIPTOR
     );
+
+    private static final Logger LOGGER = Logger.getLogger(SecurityRealm.class.getName());
 }
diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/signup.jelly b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/signup.jelly
index d81211adf4..4b9a4464de 100644
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/signup.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/signup.jelly
@@ -1,5 +1,13 @@
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
   <l:layout norefresh="true">
+    <l:header>
+      <style>
+        <!-- match width with captcha image -->
+        INPUT {
+          width:200px;
+        }
+      </style>
+    </l:header>
     <st:include page="sidepanel.jelly" it="${app}" />
     <l:main-panel>
       <h1>Sign up</h1>
@@ -26,6 +34,13 @@
               <td>E-mail address:</td>
               <td><input type="text" name="email" /></td>
             </tr>
+            <tr>
+              <td>Enter text as shown:</td>
+              <td>
+                <input type="text" name="captcha" autocomplete="off" /><br />
+                <img src="securityRealm/captcha"/>
+              </td>
+            </tr>
           </table>
           <f:submit value="Sign up" />
           <script>
-- 
GitLab