From 698e07a3b5ead2eab0198462b72337e7fe16b99d Mon Sep 17 00:00:00 2001
From: Oleksii Kriuchykhin <okriuchykhin@biosistemika.com>
Date: Wed, 23 Nov 2016 14:28:32 +0100
Subject: [PATCH] Enable reCaptcha and auto log in on confirm invitation form
 [SCI-706]

---
 app/controllers/users/invitations_controller.rb | 12 ++++++++++++
 app/views/users/invitations/edit.html.erb       | 11 +++++++++++
 config/initializers/devise.rb                   |  2 +-
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users/invitations_controller.rb b/app/controllers/users/invitations_controller.rb
index 907477c2f..444e02a8f 100644
--- a/app/controllers/users/invitations_controller.rb
+++ b/app/controllers/users/invitations_controller.rb
@@ -2,6 +2,8 @@ module Users
   class InvitationsController < Devise::InvitationsController
     include UsersGenerator
 
+    prepend_before_action :check_captcha, only: [:update]
+
     before_action :check_invite_users_permission, only: :invite_users
 
     def update
@@ -146,6 +148,16 @@ module Users
 
     private
 
+    def check_captcha
+      if Rails.configuration.x.enable_recaptcha
+        unless verify_recaptcha
+          self.resource = resource_class.new
+          resource.invitation_token = update_resource_params[:invitation_token]
+          respond_with_navigational(resource) { render :edit }
+        end
+      end
+    end
+
     def generate_notification(user, target_user, role, org)
       title = I18n.t('notifications.assign_user_to_organization',
                      assigned_user: target_user.name,
diff --git a/app/views/users/invitations/edit.html.erb b/app/views/users/invitations/edit.html.erb
index f50d1bbd5..94fe6255e 100644
--- a/app/views/users/invitations/edit.html.erb
+++ b/app/views/users/invitations/edit.html.erb
@@ -31,6 +31,17 @@
     <span><small><%= t 'users.registrations.new.team_name_help' %></small></span>
   </div>
 
+  <% if Rails.configuration.x.enable_recaptcha %>
+    <div class="form-group <%= 'has-error' if flash[:recaptcha_error] %>">
+      <%= recaptcha_tags %>
+      <% if flash[:recaptcha_error] %>
+        <span class="help-block">
+          <%= flash[:recaptcha_error] %>
+        </span>
+      <% end %>
+    </div>
+  <% end %>
+
   <div class="form-group">
     <%= f.submit "Sign Up", class: "btn btn-primary" %>
   </div>
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 44e150e27..c9372900d 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -147,7 +147,7 @@ Devise.setup do |config|
   # Auto-login after the user accepts the invite. If this is false,
   # the user will need to manually log in after accepting the invite.
   # Default: false
-  config.allow_insecure_sign_in_after_accept = false
+  config.allow_insecure_sign_in_after_accept = true
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without