Finish the CAPTCHA stuff

README.md

@@ -62,8 +62,7 @@ tests locally:
 ## TODOs
 
 1. Post preview
-1. There was something else but I forget...
-1. CAPTCHA
+1. Need to check b64 input for the return_url param probably
 1. "All new posts flagged" mode (require approval for new posts)
 1. Tests for mod-only user?
 

cpanfile

@@ -9,3 +9,4 @@ requires 'CSS::Minifier::XS';
 requires 'Text::Markdown';
 requires 'HTML::Restrict';
 requires 'IO::Socket::SSL';
+requires 'Roman::Unicode';

lib/PostText.pm

@@ -135,7 +135,7 @@ sub startup($self) {
 
     $r->get('/rules')->to('page#rules')->name('rules_page');
 
-    $r->any('/captcha/:return_url')
+    $r->any([qw{GET POST}], '/captcha/:return_url')
         ->to('page#captcha')
         ->name('captcha_page');
 
@@ -183,7 +183,7 @@ sub startup($self) {
         ->to('remark#by_id')
         ->name('single_remark');
 
-    $remark->get('/flag/:remark_id', [remark_id => qr/\d+/])
+    $human_remark->get('/flag/:remark_id', [remark_id => qr/\d+/])
         ->to('remark#flag')
         ->name('flag_remark');
 

lib/PostText/Controller/Page.pm

@@ -33,7 +33,8 @@ sub captcha($self) {
             }
             else {
                 $self->stash(
-                    error => 'Sounds like something a robot would say...'
+                    status => 400,
+                    error  => 'Sounds like something a robot would say...'
                     )
             }
         }

t/human.t

@@ -0,0 +1,104 @@
+use Mojo::Base -strict;
+use Test::More;
+use Test::Mojo;
+
+my $t               = Test::Mojo->new('PostText');
+my %good_human      = (answer => 1,   number => 'Ⅰ');
+my %bad_bot         = (answer => 2,   number => 'Ⅰ');
+my %invalid_captcha = (answer => 'a', number => 'Ⅰ');
+my $flag_thread_url =
+    '/captcha/H4sIABSTzmQAA8soKSmw0tfPyU9OzMnILy6xMjYwMNDPKM1NzNMvyShKTUzRT8tJTNc3BABRx5B2%0AKQAAAA==%0A';
+my $bump_thread_url =
+    '/captcha/H4sIAImTzmQAA8soKSmw0tfPyU9OzMnILy6xMjYwMNDPKM1NzNMvyShKTUzRTyrNLdA3BAD5ek7T%0AKQAAAA==%0A';
+my $flag_remark_url =
+    '/captcha/H4sIAAKazmQAA8soKSmw0tfPyU9OzMnILy6xMjYwMNDPKM1NzNMvSs1NLMrWT8tJTNc3BAAN5VIw%0AKQAAAA==%0A';
+
+subtest 'Bumping thread', sub {
+    $t->get_ok('/thread/list')->status_is(200)
+        ->element_exists('a[href*="bump"]')
+        ->text_like(h2 => qr/Threads List/);
+
+    $t->get_ok('/thread/single/1')->status_is(200)
+        ->element_exists('a[href*="bump"]')
+        ->text_like(h2 => qr/Thread #1/);
+
+    $t->get_ok('/human/thread/bump/1')->status_is(302)
+        ->header_like(Location => qr/captcha/);
+
+    # Bad CAPTCHA
+    $t->post_ok($bump_thread_url, form => \%bad_bot)
+        ->status_is(400)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Sounds like something a robot would say/);
+
+    $t->post_ok($bump_thread_url, form => \%invalid_captcha)
+        ->status_is(400)
+        ->element_exists('p[class="field-with-error"]')
+        ->text_like(p => qr/Should be a single number/);
+
+    # Solved CAPTCHA
+    $t->post_ok($bump_thread_url, form => \%good_human)
+        ->status_is(302)
+        ->header_like(Location => qr{human/thread/bump/1});
+
+    $t->reset_session;
+};
+
+subtest 'Flagging thread', sub {
+    $t->get_ok('/thread/list')->status_is(200)
+        ->element_exists('a[href*="flag"]')
+        ->text_like(h2 => qr/Threads List/);
+
+    $t->get_ok('/thread/single/1')->status_is(200)
+        ->element_exists('a[href*="flag"]')
+        ->text_like(h2 => qr/Thread #1/);
+
+    $t->get_ok('/human/thread/flag/1')->status_is(302)
+        ->header_like(Location => qr/captcha/);
+
+    # Bad CAPTCHA
+    $t->post_ok($flag_thread_url, form => \%bad_bot)
+        ->status_is(400)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Sounds like something a robot would say/);
+
+    $t->post_ok($flag_thread_url, form => \%invalid_captcha)
+        ->status_is(400)
+        ->element_exists('p[class="field-with-error"]')
+        ->text_like(p => qr/Should be a single number/);
+
+    # Solved CAPTCHA
+    $t->post_ok($flag_thread_url, form => \%good_human)
+        ->status_is(302)
+        ->header_like(Location => qr{human/thread/flag/1});
+
+    $t->reset_session;
+};
+
+subtest 'Flagging remark', sub {
+    $t->get_ok('/remark/single/1')->status_is(200)
+        ->element_exists('a[href*="flag"]')
+        ->text_like(h2 => qr/Remark #1/);
+
+    $t->get_ok('/human/remark/flag/1')->status_is(302)
+        ->header_like(Location => qr/captcha/);
+
+    # Bad CAPTCHA
+    $t->post_ok($flag_remark_url, form => \%bad_bot)
+        ->status_is(400)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Sounds like something a robot would say/);
+
+    $t->post_ok($flag_remark_url, form => \%invalid_captcha)
+        ->status_is(400)
+        ->element_exists('p[class="field-with-error"]')
+        ->text_like(p => qr/Should be a single number/);
+
+    # Solved CAPTCHA
+    $t->post_ok($flag_remark_url, form => \%good_human)
+        ->status_is(302)
+        ->header_like(Location => qr{human/remark/flag/1});
+};
+
+
+done_testing;

t/remark.t

@@ -61,20 +61,4 @@ subtest 'Post new remark', sub {
         ->text_like(p => qr/Must be between/);
 };
 
-subtest 'Flagging remark', sub {
-    $t->get_ok('/remark/single/1')->status_is(200)
-        ->element_exists('a[href*="flag"]')
-        ->text_like(h2 => qr/Remark #1/);
-
-    $t->get_ok('/human/remark/flag/1')->status_is(302)
-        ->header_like(Location => qr/captcha/);
-
-    # Solved CAPTCHA
-    $tx->req->cookies({is_human => 1});
-
-    $t->get_ok('/human/thread/flag/1')->status_is(200)
-        ->element_exists('p[class="stash-with-info"]')
-        ->text_like(p => qr/Thread #1 has been flagged/);
-};
-
 done_testing;

t/thread.t

@@ -87,44 +87,4 @@ subtest 'Post new thread', sub {
         ->text_like(h2 => qr/Thread #\d+/);
 };
 
-subtest 'Bumping thread', sub {
-    $t->get_ok('/thread/list')->status_is(200)
-        ->element_exists('a[href*="bump"]')
-        ->text_like(h2 => qr/Threads List/);
-
-    $t->get_ok('/thread/single/1')->status_is(200)
-        ->element_exists('a[href*="bump"]')
-        ->text_like(h2 => qr/Thread #1/);
-
-    $t->get_ok('/human/thread/bump/1')->status_is(302)
-        ->header_like(Location => qr/captcha/);
-
-    # Solved CAPTCHA
-    $tx->req->cookies({is_human => 1});
-
-    $t->get_ok('/human/thread/bump/1')->status_is(200)
-        ->element_exists('p[class="stash-with-info"]')
-        ->text_like(p => qr/Thread #1 has been bumped/);
-};
-
-subtest 'Flagging thread', sub {
-    $t->get_ok('/thread/list')->status_is(200)
-        ->element_exists('a[href*="flag"]')
-        ->text_like(h2 => qr/Threads List/);
-
-    $t->get_ok('/thread/single/1')->status_is(200)
-        ->element_exists('a[href*="flag"]')
-        ->text_like(h2 => qr/Thread #1/);
-
-    $t->get_ok('/human/thread/flag/1')->status_is(302)
-        ->header_like(Location => qr/captcha/);
-
-    # Solved CAPTCHA
-    $tx->req->cookies({is_human => 1});
-
-    $t->get_ok('/human/thread/flag/1')->status_is(200)
-        ->element_exists('p[class="stash-with-info"]')
-        ->text_like(p => qr/Thread #1 has been flagged/);
-};
-
 done_testing;

templates/page/captcha.html.ep

@@ -13,8 +13,8 @@
 <form method="post" class="form-body">
   <div class="form-field">
     <% if (my $error = validation->error('answer')) { =%>
-    <p class="field-with-error">Must be between <%= $error->[2] %>
-      and <%= $error->[3] %> characters.</p>
+    <p class="field-with-error">Should be a single number between
+      <%= $error->[2] %> and <%= $error->[3] %>.</p>
     <% } =%>
     <%= label_for answer => "What roman numeral is this?: $roman_numeral" %>
     <%= text_field 'answer', (