From 993d81c2ce98a6579b3110a6013c00090dfddaea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Sieb=C3=B6rger?= <drs@sieborger.nom.za>
Date: Mon, 29 Jan 2018 14:58:42 +0200
Subject: Allow the list subscription form to be protected from spam bots using
 reCAPTCHA.

---
 Mailman/Cgi/listinfo.py  | 10 ++++++++++
 Mailman/Cgi/subscribe.py | 22 ++++++++++++++++++++++
 2 files changed, 32 insertions(+)

(limited to 'Mailman/Cgi')

diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py
index b8704486..91f5b6bb 100644
--- a/Mailman/Cgi/listinfo.py
+++ b/Mailman/Cgi/listinfo.py
@@ -243,6 +243,16 @@ def list_listinfo(mlist, lang):
     replacements['<mm-displang-box>'] = displang
     replacements['<mm-lang-form-start>'] = mlist.FormatFormStart('listinfo')
     replacements['<mm-fullname-box>'] = mlist.FormatBox('fullname', size=30)
+    # If reCAPTCHA is enabled, display its user interface
+    if mm_cfg.RECAPTCHA_SITE_KEY:
+        replacements['<mm-recaptcha-ui>'] = (
+            """<tr><td>&nbsp;</td><td>
+            <script src="https://www.google.com/recaptcha/api.js"></script>
+            <div class="g-recaptcha" data-sitekey="%s"></div>
+            </td></tr>"""
+            % mm_cfg.RECAPTCHA_SITE_KEY)
+    else:
+        replacements['<mm-recaptcha-ui>'] = ''
 
     # Do the expansion.
     doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang))
diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py
index 232048d7..a53efefd 100755
--- a/Mailman/Cgi/subscribe.py
+++ b/Mailman/Cgi/subscribe.py
@@ -22,6 +22,9 @@ import os
 import cgi
 import time
 import signal
+import urllib
+import urllib2
+import json
 
 from Mailman import mm_cfg
 from Mailman import Utils
@@ -131,6 +134,25 @@ def process_form(mlist, doc, cgidata, lang):
              os.environ.get('HTTP_X_FORWARDED_FOR',
              os.environ.get('REMOTE_ADDR',
                             'unidentified origin')))
+
+    # Check reCAPTCHA submission, if enabled
+    if mm_cfg.RECAPTCHA_SECRET_KEY:
+        request = urllib2.Request(
+            url = 'https://www.google.com/recaptcha/api/siteverify',
+            data = urllib.urlencode({
+                'secret': mm_cfg.RECAPTCHA_SECRET_KEY,
+                'response': cgidata.getvalue('g-recaptcha-response', ''),
+                'remoteip': remote}))
+        try:
+            httpresp = urllib2.urlopen(request)
+            captcha_response = json.load(httpresp)
+            httpresp.close()
+            if not captcha_response['success']:
+                results.append(_('reCAPTCHA validation failed: %s' %
+                    ', '.join(captcha_response['error-codes'])))
+        except urllib2.URLError as e:
+            results.append(_('reCAPTCHA could not be validated: %s' % e.reason))
+
     # Are we checking the hidden data?
     if mm_cfg.SUBSCRIBE_FORM_SECRET:
         now = int(time.time())
-- 
cgit v1.2.3