mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-16 03:13:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

Added recaptcha check for POST requests

Browse source
This commit is contained in:
Parminder Singh 2019-08-11 15:18:21 +05:30
parent f852c99eee
commit 170e8e4e5f
1 changed files with 52 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
clientapi/routing/auth_fallback.go
View file

@ -131,18 +131,8 @@ func AuthFallback(
if req.Method == http.MethodGet { if req.Method == http.MethodGet {
// Handle Recaptcha // Handle Recaptcha
if authType == authtypes.LoginTypeRecaptcha { if authType == authtypes.LoginTypeRecaptcha {
if cfg.Matrix.RecaptchaEnabled { if err := checkRecaptchaEnabled(&cfg, w, req); err != nil {
if cfg.Matrix.RecaptchaPublicKey == "" { return err
return writeErrorMessage(w, req,
"This Homeserver doesn't have a recaptcha public key",
http.StatusInternalServerError,
)
}
} else {
return writeErrorMessage(w, req,
"Recaptcha login is disabled on this Homeserver",
http.StatusBadRequest,
)
} }
serveRecaptcha() serveRecaptcha()
@ -153,24 +143,36 @@ func AuthFallback(
JSON: jsonerror.NotFound("Unknown auth stage type"), JSON: jsonerror.NotFound("Unknown auth stage type"),
} }
} else if req.Method == http.MethodPost { } else if req.Method == http.MethodPost {
clientIP := req.RemoteAddr // Handle Recaptcha
err := req.ParseForm() if authType == authtypes.LoginTypeRecaptcha {
if err != nil { if err := checkRecaptchaEnabled(&cfg, w, req); err != nil {
res := httputil.LogThenError(req, err) return err
return &res }
clientIP := req.RemoteAddr
err := req.ParseForm()
if err != nil {
res := httputil.LogThenError(req, err)
return &res
}
response := req.Form.Get("g-recaptcha-response")
if err := validateRecaptcha(&cfg, response, clientIP); err != nil {
util.GetLogger(req.Context()).Error(err)
return err
}
// Success. Add recaptcha as a completed login flow
AddCompletedSessionStage(sessionID, authtypes.LoginTypeRecaptcha)
serveSuccess()
return nil
} }
response := req.Form.Get("g-recaptcha-response") return &util.JSONResponse{
if err := validateRecaptcha(&cfg, response, clientIP); err != nil { Code: http.StatusNotFound,
util.GetLogger(req.Context()).Error(err) JSON: jsonerror.NotFound("Unknown auth stage type"),
return err
} }
// Success. Add recaptcha as a completed login flow
AddCompletedSessionStage(sessionID, authtypes.LoginTypeRecaptcha)
serveSuccess()
return nil
} }
return &util.JSONResponse{ return &util.JSONResponse{
Code: http.StatusMethodNotAllowed, Code: http.StatusMethodNotAllowed,
@ -178,7 +180,29 @@ func AuthFallback(
} }
} }
// WriteErrorMessage writes an error response with the given header and message // checkRecaptchaEnabled creates an error response if recaptcha is not usable on homeserver.
func checkRecaptchaEnabled(
cfg *config.Dendrite,
w http.ResponseWriter,
req *http.Request,
) *util.JSONResponse {
if cfg.Matrix.RecaptchaEnabled {
if cfg.Matrix.RecaptchaPublicKey == "" {
return writeErrorMessage(w, req,
"This Homeserver doesn't have a recaptcha public key",
http.StatusInternalServerError,
)
}
} else {
return writeErrorMessage(w, req,
"Recaptcha login is disabled on this Homeserver",
http.StatusBadRequest,
)
}
return nil
}
// writeErrorMessage writes an error response with the given header and message
func writeErrorMessage( func writeErrorMessage(
w http.ResponseWriter, req *http.Request, w http.ResponseWriter, req *http.Request,
message string, header int, message string, header int,