diff --git a/authentication/templates/login.html b/authentication/templates/login.html
index 0dfae589ed5969411d1930b21e24b16e1fc0267b..68859550dc8a8c72519d2ab9f4a7a6a3ec0e80c1 100644
--- a/authentication/templates/login.html
+++ b/authentication/templates/login.html
@@ -69,7 +69,7 @@
</div>
-
+ <div class="g-recaptcha" data-sitekey={{captcha_site_key}}></div>
<div class="container-login100-form-btn">
<button class="login100-form-btn" type="submit">
Login
@@ -100,6 +100,8 @@
<script src="../static/../static/vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
<script src="../static/js/login.js"></script>
+ <!--===============================================================================================-->
+ <script src='https://www.google.com/recaptcha/api.js'></script>
</body>
diff --git a/authentication/templates/login_admin.html b/authentication/templates/login_admin.html
index ca2cad7d4f40dea55792e3d7eac14320972b4b61..fca44f4cf9d0bd8344d9cbca7dae0e8189a75cd1 100644
--- a/authentication/templates/login_admin.html
+++ b/authentication/templates/login_admin.html
@@ -54,7 +54,7 @@
<div class="work_info">
<form class="login100-form validate-form" method="POST">
{% csrf_token %}
-
+ <input type="hidden" name="source" value="admin" />
<div class="login100-form-title p-b-43">
Halo, Admin
</div>
@@ -84,7 +84,7 @@
</div>
</div>
-
+ <div class="g-recaptcha" data-sitekey="6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"></div>
<div class="container-login100-form-btn">
<button class="login100-form-btn" type="submit">
Login
@@ -116,6 +116,9 @@
<script src="../static/../static/vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
<script src="../static/js/login.js"></script>
+ <!--===============================================================================================-->
+ <script src='https://www.google.com/recaptcha/api.js'></script>
+
</body>
diff --git a/authentication/tests.py b/authentication/tests.py
index 85d09f60d9b428681a141669ae2267cf842a18f5..66be76191b4e0e79803b115c0a735d722b0090ec 100644
--- a/authentication/tests.py
+++ b/authentication/tests.py
@@ -80,7 +80,7 @@ class LoginPageContributorTest(TestCase):
self.view = Login
self.template_name = "login.html"
self.login_credential = {
- "email": "kontributor@gov.id", "pass": "kontributor"}
+ "email": "kontributor@gov.id", "pass": "kontributor", "g-recaptcha-response" : "testcaptcha"}
self.error_message = {
"empty_email_or_password": "Email atau Password anda kosong.",
"wrong_email_or_password": "Email atau Password anda salah.",
@@ -114,11 +114,11 @@ class LoginPageContributorTest(TestCase):
self.assertContains(response, "Kata Sandi")
def test_kontributor_login_missing_email_or_password(self):
- response = self.client.post(self.url, {"email": "kontributor@gov.id"})
+ response = self.client.post(self.url, {"email": "kontributor@gov.id", "g-recaptcha-response" : "testcaptcha"})
self.assertIn("error_message", response.context_data)
self.assertIn(self.error_message["empty_email_or_password"],
response.context_data["error_message"])
- response = self.client.post(self.url, {"pass": "kontributor"})
+ response = self.client.post(self.url, {"pass": "kontributor", "g-recaptcha-response" : "testcaptcha"})
self.assertIn("error_message", response.context_data)
self.assertIn(self.error_message["empty_email_or_password"],
response.context_data["error_message"])
@@ -126,19 +126,19 @@ class LoginPageContributorTest(TestCase):
def test_kontributor_login_wrong_email_or_password(self):
# Wrong password
response = self.client.post(
- self.url, {"email": "kontributor@gov.id", "pass": "kontributor1"})
+ self.url, {"email": "kontributor@gov.id", "pass": "kontributor1", "g-recaptcha-response" : "testcaptcha"})
self.assertIn("error_message", response.context_data)
self.assertIn(self.error_message["wrong_email_or_password"],
response.context_data["error_message"])
# Wrong email
response = self.client.post(
- self.url, {"email": "kontributor1@gov.id", "pass": "kontributor"})
+ self.url, {"email": "kontributor1@gov.id", "pass": "kontributor", "g-recaptcha-response" : "testcaptcha"})
self.assertIn("error_message", response.context_data)
self.assertIn(self.error_message["wrong_email_or_password"],
response.context_data["error_message"])
# Wrong email and password
response = self.client.post(
- self.url, {"email": "kontributor1@gov.id", "pass": "kontributor1"})
+ self.url, {"email": "kontributor1@gov.id", "pass": "kontributor1", "g-recaptcha-response" : "testcaptcha"})
self.assertIn("error_message", response.context_data)
self.assertIn(self.error_message["wrong_email_or_password"],
response.context_data["error_message"])
diff --git a/authentication/views.py b/authentication/views.py
index 8e50ca975d598bb7b506a76150576191abbc6e71..03408cbaf9d5204e6bf89900b327cc6f1e564691 100644
--- a/authentication/views.py
+++ b/authentication/views.py
@@ -1,7 +1,10 @@
from django.contrib.auth import authenticate, login
from django.http import HttpResponseRedirect, QueryDict
from django.views.generic import TemplateView
-
+from django.conf import settings
+from django.contrib import messages
+import urllib
+import json
class Login(TemplateView):
@@ -27,30 +30,46 @@ class Login(TemplateView):
def get(self, request, *args, **kwargs):
context = self.get_context_data(**kwargs)
+ context['captcha_site_key'] = settings.GOOGLE_RECAPTCHA_SITE_KEY
return self.render_to_response(context=context)
def post(self, request, *args, **kwargs):
email = request.POST.get("email", None)
password = request.POST.get("pass", None)
+ context = self.get_context_data(*args, **kwargs)
if email is None or password is None:
context = self.get_context_data(*args, **kwargs)
context["error_message"] = "Email atau Password anda kosong."
return self.render_to_response(context=context)
- else:
- user = authenticate(email=email, password=password)
- if user is not None:
- login(request, user)
- redirect_to = "/"
- querystring = QueryDict(request.META['QUERY_STRING'])
- if request.user.is_admin:
- redirect_to = "/sukses-admin/"
- elif request.user.is_contributor:
- redirect_to = "/sukses-kontributor/"
- if 'next' in querystring:
- redirect_to = querystring['next']
- return HttpResponseRedirect(redirect_to)
+ else:
+ recaptcha_response = request.POST.get('g-recaptcha-response')
+ url = 'https://www.google.com/recaptcha/api/siteverify'
+ values = {
+ 'secret': settings.GOOGLE_RECAPTCHA_SECRET_KEY,
+ 'response': recaptcha_response
+ }
+ data = urllib.parse.urlencode(values).encode()
+ req = urllib.request.Request(url, data=data)
+ response = urllib.request.urlopen(req)
+ result = json.loads(response.read().decode())
+
+ if result['success']:
+ user = authenticate(email=email, password=password)
+ if user is not None:
+ login(request, user)
+ redirect_to = "/"
+ querystring = QueryDict(request.META['QUERY_STRING'])
+ if request.user.is_admin:
+ redirect_to = "/sukses-admin/"
+ elif request.user.is_contributor:
+ redirect_to = "/sukses-kontributor/"
+ if 'next' in querystring:
+ redirect_to = querystring['next']
+ return HttpResponseRedirect(redirect_to)
+ else:
+ context["error_message"] = "Email atau Password anda salah."
+ return self.render_to_response(context=context)
else:
- context = self.get_context_data(*args, **kwargs)
- context["error_message"] = "Email atau Password anda salah."
- return self.render_to_response(context=context)
+ messages.error(request, 'Invalid reCAPTCHA. Please try again.')
+ return self.render_to_response(context=context)
diff --git a/digipus/settings.py b/digipus/settings.py
index a1c930660339988f60d34dad5d86c7f561ce7473..d5f32c78246e7d4b8caaedcbef66ba9dca186448 100644
--- a/digipus/settings.py
+++ b/digipus/settings.py
@@ -14,6 +14,7 @@ import os
import dj_database_url
from decouple import config
+from django.contrib.messages import constants as messages
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -145,6 +146,16 @@ USE_L10N = True
USE_TZ = True
+MESSAGE_TAGS = {
+ messages.DEBUG: 'alert-info',
+ messages.INFO: 'alert-info',
+ messages.SUCCESS: 'alert-success',
+ messages.WARNING: 'alert-warning',
+ messages.ERROR: 'alert-danger',
+}
+
+GOOGLE_RECAPTCHA_SECRET_KEY = config('GOOGLE_RECHAPTCHA', default= "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe")
+GOOGLE_RECAPTCHA_SITE_KEY = config('CLIENT_RECHAPTCHA', default= "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI")
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.0/howto/static-files/