fixes issue with PROXY_KEY when used together with proof-of-work captcha

src/user/web/pow-captcha.ts

@@ -213,7 +213,7 @@ router.post("/challenge", (req, res) => {
   }
   const { action, refreshToken, proxyKey } = data.data;
   if (config.proxyKey && proxyKey !== config.proxyKey) {
-    res.status(400).json({ error: "Invalid proxy password" });
+    res.status(401).json({ error: "Invalid proxy password" });
     return;
   }
 

src/user/web/views/partials/user_challenge_widget.ejs

@@ -303,6 +303,10 @@
       _csrf: document.querySelector("meta[name=csrf-token]").getAttribute("content"),
     };
 
+    if (localStorage.getItem("captcha-proxy-key")) {
+      body.proxyKey = localStorage.getItem("captcha-proxy-key");
+    }
+
     fetch("/user/captcha/verify", {
       method: "POST",
       credentials: "same-origin",

src/user/web/views/user_request_token.ejs

@@ -61,7 +61,11 @@
     const refreshToken = token && action === "refresh" ? JSON.parse(token).token : undefined;
     const keyInput = document.getElementById("proxy-key");
     const proxyKey = (keyInput && keyInput.value) || undefined;
-    localStorage.setItem("captcha-proxy-key", proxyKey);
+    if (!proxyKey?.length) {
+      localStorage.removeItem("captcha-proxy-key");
+    } else {
+      localStorage.setItem("captcha-proxy-key", proxyKey);
+    }
 
     fetch("/user/captcha/challenge", {
       method: "POST",