mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Add option to enable CAPTCHA validation for login (#21638)
Enable this to require captcha validation for user login. You also must enable `ENABLE_CAPTCHA`. Summary: - Consolidate CAPTCHA template - add CAPTCHA handle and context - add `REQUIRE_CAPTCHA_FOR_LOGIN` config and docs - Consolidate CAPTCHA set-up and verification code Partially resolved #6049 Signed-off-by: Xinyu Zhou <i@sourcehut.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
Xinyu Zhou
GitHub
@@ -17,11 +17,8 @@ import (
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/eventsource"
|
||||
"code.gitea.io/gitea/modules/hcaptcha"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/mcaptcha"
|
||||
"code.gitea.io/gitea/modules/password"
|
||||
"code.gitea.io/gitea/modules/recaptcha"
|
||||
"code.gitea.io/gitea/modules/session"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
@@ -163,6 +160,10 @@ func SignIn(ctx *context.Context) {
|
||||
ctx.Data["PageIsLogin"] = true
|
||||
ctx.Data["EnableSSPI"] = auth.IsSSPIEnabled()
|
||||
|
||||
if setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin {
|
||||
context.SetCaptchaData(ctx)
|
||||
}
|
||||
|
||||
ctx.HTML(http.StatusOK, tplSignIn)
|
||||
}
|
||||
|
||||
@@ -189,6 +190,16 @@ func SignInPost(ctx *context.Context) {
|
||||
}
|
||||
|
||||
form := web.GetForm(ctx).(*forms.SignInForm)
|
||||
|
||||
if setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin {
|
||||
context.SetCaptchaData(ctx)
|
||||
|
||||
context.VerifyCaptcha(ctx, tplSignIn, form)
|
||||
if ctx.Written() {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
u, source, err := auth_service.UserSignIn(form.UserName, form.Password)
|
||||
if err != nil {
|
||||
if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) {
|
||||
@@ -383,14 +394,7 @@ func SignUp(ctx *context.Context) {
|
||||
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
|
||||
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
context.SetCaptchaData(ctx)
|
||||
ctx.Data["PageIsSignUp"] = true
|
||||
|
||||
// Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
|
||||
@@ -406,14 +410,7 @@ func SignUpPost(ctx *context.Context) {
|
||||
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
|
||||
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
context.SetCaptchaData(ctx)
|
||||
ctx.Data["PageIsSignUp"] = true
|
||||
|
||||
// Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
|
||||
@@ -427,31 +424,9 @@ func SignUpPost(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if setting.Service.EnableCaptcha {
|
||||
var valid bool
|
||||
var err error
|
||||
switch setting.Service.CaptchaType {
|
||||
case setting.ImageCaptcha:
|
||||
valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
|
||||
case setting.ReCaptcha:
|
||||
valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
|
||||
case setting.HCaptcha:
|
||||
valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
|
||||
case setting.MCaptcha:
|
||||
valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
|
||||
default:
|
||||
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Debug("%s", err.Error())
|
||||
}
|
||||
|
||||
if !valid {
|
||||
ctx.Data["Err_Captcha"] = true
|
||||
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUp, &form)
|
||||
return
|
||||
}
|
||||
context.VerifyCaptcha(ctx, tplSignUp, form)
|
||||
if ctx.Written() {
|
||||
return
|
||||
}
|
||||
|
||||
if !form.IsEmailDomainAllowed() {
|
||||
|
||||
@@ -14,10 +14,6 @@ import (
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/hcaptcha"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/mcaptcha"
|
||||
"code.gitea.io/gitea/modules/recaptcha"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/web"
|
||||
auth_service "code.gitea.io/gitea/services/auth"
|
||||
@@ -221,28 +217,8 @@ func LinkAccountPostRegister(ctx *context.Context) {
|
||||
}
|
||||
|
||||
if setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha {
|
||||
var valid bool
|
||||
var err error
|
||||
switch setting.Service.CaptchaType {
|
||||
case setting.ImageCaptcha:
|
||||
valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
|
||||
case setting.ReCaptcha:
|
||||
valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
|
||||
case setting.HCaptcha:
|
||||
valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
|
||||
case setting.MCaptcha:
|
||||
valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
|
||||
default:
|
||||
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Debug("%s", err.Error())
|
||||
}
|
||||
|
||||
if !valid {
|
||||
ctx.Data["Err_Captcha"] = true
|
||||
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplLinkAccount, &form)
|
||||
context.VerifyCaptcha(ctx, tplLinkAccount, form)
|
||||
if ctx.Written() {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,10 +13,7 @@ import (
|
||||
"code.gitea.io/gitea/modules/auth/openid"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
"code.gitea.io/gitea/modules/hcaptcha"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/mcaptcha"
|
||||
"code.gitea.io/gitea/modules/recaptcha"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/modules/web"
|
||||
@@ -357,14 +354,7 @@ func RegisterOpenIDPost(ctx *context.Context) {
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsOpenIDRegister"] = true
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
context.SetCaptchaData(ctx)
|
||||
ctx.Data["OpenID"] = oid
|
||||
|
||||
if setting.Service.AllowOnlyInternalRegistration {
|
||||
@@ -373,42 +363,11 @@ func RegisterOpenIDPost(ctx *context.Context) {
|
||||
}
|
||||
|
||||
if setting.Service.EnableCaptcha {
|
||||
var valid bool
|
||||
var err error
|
||||
switch setting.Service.CaptchaType {
|
||||
case setting.ImageCaptcha:
|
||||
valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
|
||||
case setting.ReCaptcha:
|
||||
if err := ctx.Req.ParseForm(); err != nil {
|
||||
ctx.ServerError("", err)
|
||||
return
|
||||
}
|
||||
valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
|
||||
case setting.HCaptcha:
|
||||
if err := ctx.Req.ParseForm(); err != nil {
|
||||
ctx.ServerError("", err)
|
||||
return
|
||||
}
|
||||
valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
|
||||
case setting.MCaptcha:
|
||||
if err := ctx.Req.ParseForm(); err != nil {
|
||||
ctx.ServerError("", err)
|
||||
return
|
||||
}
|
||||
valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
|
||||
default:
|
||||
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Debug("%s", err.Error())
|
||||
}
|
||||
|
||||
if !valid {
|
||||
ctx.Data["Err_Captcha"] = true
|
||||
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUpOID, &form)
|
||||
if err := ctx.Req.ParseForm(); err != nil {
|
||||
ctx.ServerError("", err)
|
||||
return
|
||||
}
|
||||
context.VerifyCaptcha(ctx, tplSignUpOID, form)
|
||||
}
|
||||
|
||||
length := setting.MinPasswordLength
|
||||
|
||||
Reference in New Issue
Block a user