Enable reCaptcha and auto log in on confirm invitation form [SCI-706]

app/controllers/users/invitations_controller.rb

@@ -2,6 +2,8 @@ module Users
   class InvitationsController < Devise::InvitationsController
     include UsersGenerator
 
+    prepend_before_action :check_captcha, only: [:update]
+
     before_action :check_invite_users_permission, only: :invite_users
 
     def update
@@ -146,6 +148,16 @@ module Users
 
     private
 
+    def check_captcha
+      if Rails.configuration.x.enable_recaptcha
+        unless verify_recaptcha
+          self.resource = resource_class.new
+          resource.invitation_token = update_resource_params[:invitation_token]
+          respond_with_navigational(resource) { render :edit }
+        end
+      end
+    end
+
     def generate_notification(user, target_user, role, org)
       title = I18n.t('notifications.assign_user_to_organization',
                      assigned_user: target_user.name,

app/views/users/invitations/edit.html.erb

@@ -31,6 +31,17 @@
     <span><small><%= t 'users.registrations.new.team_name_help' %></small></span>
   </div>
 
+  <% if Rails.configuration.x.enable_recaptcha %>
+    <div class="form-group <%= 'has-error' if flash[:recaptcha_error] %>">
+      <%= recaptcha_tags %>
+      <% if flash[:recaptcha_error] %>
+        <span class="help-block">
+          <%= flash[:recaptcha_error] %>
+        </span>
+      <% end %>
+    </div>
+  <% end %>
+
   <div class="form-group">
     <%= f.submit "Sign Up", class: "btn btn-primary" %>
   </div>

config/initializers/devise.rb

@@ -147,7 +147,7 @@ Devise.setup do |config|
   # Auto-login after the user accepts the invite. If this is false,
   # the user will need to manually log in after accepting the invite.
   # Default: false
-  config.allow_insecure_sign_in_after_accept = false
+  config.allow_insecure_sign_in_after_accept = true
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without