Mirrors
/
synapse-old
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow a (hidden undocumented) key to m.login.recaptcha to specify a shared secret to allow bots to bypass the ReCAPTCHA test (SYN-60)

This commit is contained in:
Paul "LeoNerd" Evans 2014-09-23 14:29:08 +01:00
parent b5c9d99424
commit 3a8a94448a
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
synapse/config/captcha.py
View File

@ -24,6 +24,7 @@ class CaptchaConfig(Config):
self.captcha_ip_origin_is_x_forwarded = ( self.captcha_ip_origin_is_x_forwarded = (
args.captcha_ip_origin_is_x_forwarded args.captcha_ip_origin_is_x_forwarded
) )
self.captcha_bypass_secret = args.captcha_bypass_secret
@classmethod @classmethod
def add_arguments(cls, parser): def add_arguments(cls, parser):
@ -44,3 +45,7 @@ class CaptchaConfig(Config):
help="When checking captchas, use the X-Forwarded-For (XFF) header" help="When checking captchas, use the X-Forwarded-For (XFF) header"
+ " as the client IP and not the actual client IP." + " as the client IP and not the actual client IP."
) )
group.add_argument(
"--captcha_bypass_secret", type=str,
help="A secret key used to bypass the captcha test entirely."
)

23
synapse/rest/register.py
View File

@ -142,6 +142,24 @@ class RegisterRestServlet(RestServlet):
if not self.hs.config.enable_registration_captcha: if not self.hs.config.enable_registration_captcha:
raise SynapseError(400, "Captcha not required.") raise SynapseError(400, "Captcha not required.")
yield self._check_recaptcha(request, register_json)
session[LoginType.RECAPTCHA] = True # mark captcha as done
self._save_session(session)
defer.returnValue({
"next": [LoginType.PASSWORD, LoginType.EMAIL_IDENTITY]
})
@defer.inlineCallbacks
def _check_recaptcha(self, request, register_json):
if "captcha_bypass_secret" in register_json:
if (register_json["captcha_bypass_secret"] ==
self.hs.config.captcha_bypass_secret):
defer.returnValue(None)
else:
raise SynapseError(400, "Captcha bypass secret incorrect",
errcode=Codes.CAPTCHA_NEEDED)
challenge = None challenge = None
user_response = None user_response = None
try: try:
@ -166,11 +184,6 @@ class RegisterRestServlet(RestServlet):
challenge, challenge,
user_response user_response
) )
session[LoginType.RECAPTCHA] = True # mark captcha as done
self._save_session(session)
defer.returnValue({
"next": [LoginType.PASSWORD, LoginType.EMAIL_IDENTITY]
})
@defer.inlineCallbacks @defer.inlineCallbacks
def _do_email_identity(self, request, register_json, session): def _do_email_identity(self, request, register_json, session):