Added reCAPTCHA to new question form

Naman-56-56 · Naman-56-56 · commit e84a4cf4decd · 2026-01-18T12:57:57.000Z
diff --git a/forums/settings.py b/forums/settings.py
@@ -18,6 +18,10 @@
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 
+# reCAPTCHA Settings
+RECAPTCHA_SITE_KEY = os.getenv("RECAPTCHA_SITE_KEY")
+RECAPTCHA_SECRET_KEY = os.getenv("RECAPTCHA_SECRET_KEY")
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
 
@@ -108,8 +112,8 @@
         'ENGINE': 'django.db.backends.mysql',  # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
         'NAME': os.getenv("SPOKEN_DB"),                      # Or path to database file if using sqlite3.
         # The following settings are not used with sqlite3:
-        'USER': os.getenv("DB_USER"),
-        'PASSWORD': os.getenv("DB_PASSWORD"),
+        'USER': os.getenv("SPOKEN_DB_USER"),
+        'PASSWORD': os.getenv("SPOKEN_DB_PASSWORD"),
         # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
         'HOST': '',
         'PORT': '',                      # Set to empty string for default.
@@ -150,7 +154,7 @@
 
 LANGUAGE_CODE = 'en-us'
 
-TIME_ZONE = 'Asia/Calcutta'
+TIME_ZONE = 'Asia/Kolkata'
 
 USE_I18N = True
 
diff --git a/requirements.txt b/requirements.txt
@@ -15,3 +15,4 @@ django-debug-toolbar==1.4
 python-dotenv==0.10.3
 nltk==3.5
 sklearn==0.0
+requests>=2.25.0
diff --git a/static/website/templates/new-question.html b/static/website/templates/new-question.html
@@ -54,6 +54,13 @@ <h4>
                 <label for="id_body">Question:</label>
                 {% render_field form.body class+="form-control" %}
             </div>
+
+            <!-- reCAPTCHA widget, only for users without a role -->
+            {% if require_recaptcha %}
+            <div class="form-group" style="margin-top: 20px; margin-bottom: 15px;">
+                <div class="g-recaptcha" data-sitekey="{{ recaptcha_site_key }}"></div>
+            </div>
+            {% endif %}
         </div>
     </div>
     <input class="btn btn-success" type="submit" value="Submit Question"> 
@@ -76,6 +83,7 @@ <h4 class="modal-title" id="myModalLabel">Similar Questions</h4>
     </div><!-- /.modal -->
 
 <script src="{% static 'website/js/nicEdit.js' %}" type="text/javascript"></script>
+<script src="https://www.google.com/recaptcha/api.js" async defer></script>
 <script type="text/javascript">
 bkLib.onDomLoaded(function() {
 	new nicEditor({
diff --git a/website/views.py b/website/views.py
@@ -1,4 +1,5 @@
 import json
+import requests
 
 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
 from django.shortcuts import render, get_object_or_404
@@ -318,6 +319,50 @@ def filter(request, category=None, tutorial=None, minute_range=None, second_rang
 def new_question(request):
     context = {}
     if request.method == 'POST':
+        # check if user has a role 
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        
+        # only require captcha for users without a role
+        if not user_has_role:
+            
+            recaptcha_response = request.POST.get('g-recaptcha-response', '')
+            
+            if not recaptcha_response:
+                messages.error(request, "Please complete the reCAPTCHA verification.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+            
+            # verify with google
+            recaptcha_verification_url = "https://www.google.com/recaptcha/api/siteverify"
+            recaptcha_data = {
+                'secret': settings.RECAPTCHA_SECRET_KEY,
+                'response': recaptcha_response
+            }
+            
+            try:
+                recaptcha_result = requests.post(recaptcha_verification_url, data=recaptcha_data, timeout=5)
+                recaptcha_result.raise_for_status()
+                recaptcha_json = recaptcha_result.json()
+            except requests.RequestException as e:
+                messages.error(request, "Error verifying reCAPTCHA. Please try again.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+            
+            # check if verification was successful
+            if not recaptcha_json.get('success', False):
+                messages.error(request, "reCAPTCHA verification failed. Please try again.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+        
         form = NewQuestionForm(request.POST)
         if form.is_valid():
             cleaned_data = form.cleaned_data
@@ -331,35 +376,51 @@ def new_question(request):
             question.body = cleaned_data['body']
             question.views = 1
             question.save()
+            # Run spam detection
+            action = handle_spam(question, request.user)
+
+            if action == "AUTO_DELETE":
+                messages.error(request, " Your question is being marked as spam and your account has been deactivated.")
+                user_logout(request)
+                return HttpResponseRedirect('/')
+
+            elif action == "FLAGGED":
+                messages.warning(request, " Your question is pending moderator review.")
+                # Don’t send email for flagged content
+                return HttpResponseRedirect('/')
+
+            else:  # APPROVED
+                
+                subject = 'New Forum Question'
+                message = f"""
+                    The following new question has been posted in the Spoken Tutorial Forum: <br>
+                    Title: <b>{question.title}</b><br>
+                    Category: <b>{question.category}</b><br>
+                    Tutorial: <b>{question.tutorial}</b><br>
+                    Link: <a href="http://forums.spoken-tutorial.org/question/{question.id}">
+                        http://forums.spoken-tutorial.org/question/{question.id}
+                    </a><br>
+                    Question: <b>{question.body}</b><br>
+                """
+                email = EmailMultiAlternatives(
+                    subject, '', 'forums',
+                    ['team@spoken-tutorial.org', 'team@fossee.in'],
+                    headers={"Content-type": "text/html;charset=iso-8859-1"}
+                )
+                email.attach_alternative(message, "text/html")
+                email.send(fail_silently=True)
+                return HttpResponseRedirect('/')
 
-            # Sending email when a new question is asked
-            subject = 'New Forum Question'
-            message = """
-                The following new question has been posted in the Spoken Tutorial Forum: <br>
-                Title: <b>{0}</b><br>
-                Category: <b>{1}</b><br>
-                Tutorial: <b>{2}</b><br>
-                Link: <a href="{3}">{3}</a><br>
-                Question: <b>{4}</b><br>
-            """.format(
-                question.title,
-                question.category,
-                question.tutorial,
-                'http://forums.spoken-tutorial.org/question/' + str(question.id),
-                question.body
-            )
-            email = EmailMultiAlternatives(
-                subject, '', 'forums',
-                ['team@spoken-tutorial.org', 'team@fossee.in'],
-                headers={"Content-type": "text/html;charset=iso-8859-1"}
-            )
-            email.attach_alternative(message, "text/html")
-            email.send(fail_silently=True)
-            # End of email send
+        # If form not valid -> re-render with errors
+        context['form'] = form
+        context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+        # check if user needs to complete captcha
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        context['require_recaptcha'] = not user_has_role
+        return render(request, 'website/templates/new-question.html', context)
 
-            return HttpResponseRedirect('/')
     else:
-        # get values from URL.
+        # GET request -> render empty form
         category = request.GET.get('category', None)
         tutorial = request.GET.get('tutorial', None)
         minute_range = request.GET.get('minute_range', None)
@@ -368,10 +429,11 @@ def new_question(request):
         form = NewQuestionForm(category=category, tutorial=tutorial,
                                minute_range=minute_range, second_range=second_range)
         context['category'] = category
-
-    context['form'] = form
-    context.update(csrf(request))
-    return render(request, 'website/templates/new-question.html', context)
+        context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+        # check if user needs to complete captcha
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        context['require_recaptcha'] = not user_has_role
+        return render(request, 'website/templates/new-question.html', context)
 
 # Notification Section
 
