Allow a (hidden undocumented) key to m.login.recaptcha to specify a shared secret to allow bots to bypass the ReCAPTCHA test (SYN-60)
This commit is contained in:
parent
b5c9d99424
commit
3a8a94448a
|
@ -24,6 +24,7 @@ class CaptchaConfig(Config):
|
|||
self.captcha_ip_origin_is_x_forwarded = (
|
||||
args.captcha_ip_origin_is_x_forwarded
|
||||
)
|
||||
self.captcha_bypass_secret = args.captcha_bypass_secret
|
||||
|
||||
@classmethod
|
||||
def add_arguments(cls, parser):
|
||||
|
@ -44,3 +45,7 @@ class CaptchaConfig(Config):
|
|||
help="When checking captchas, use the X-Forwarded-For (XFF) header"
|
||||
+ " as the client IP and not the actual client IP."
|
||||
)
|
||||
group.add_argument(
|
||||
"--captcha_bypass_secret", type=str,
|
||||
help="A secret key used to bypass the captcha test entirely."
|
||||
)
|
||||
|
|
|
@ -142,6 +142,24 @@ class RegisterRestServlet(RestServlet):
|
|||
if not self.hs.config.enable_registration_captcha:
|
||||
raise SynapseError(400, "Captcha not required.")
|
||||
|
||||
yield self._check_recaptcha(request, register_json)
|
||||
|
||||
session[LoginType.RECAPTCHA] = True # mark captcha as done
|
||||
self._save_session(session)
|
||||
defer.returnValue({
|
||||
"next": [LoginType.PASSWORD, LoginType.EMAIL_IDENTITY]
|
||||
})
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _check_recaptcha(self, request, register_json):
|
||||
if "captcha_bypass_secret" in register_json:
|
||||
if (register_json["captcha_bypass_secret"] ==
|
||||
self.hs.config.captcha_bypass_secret):
|
||||
defer.returnValue(None)
|
||||
else:
|
||||
raise SynapseError(400, "Captcha bypass secret incorrect",
|
||||
errcode=Codes.CAPTCHA_NEEDED)
|
||||
|
||||
challenge = None
|
||||
user_response = None
|
||||
try:
|
||||
|
@ -166,11 +184,6 @@ class RegisterRestServlet(RestServlet):
|
|||
challenge,
|
||||
user_response
|
||||
)
|
||||
session[LoginType.RECAPTCHA] = True # mark captcha as done
|
||||
self._save_session(session)
|
||||
defer.returnValue({
|
||||
"next": [LoginType.PASSWORD, LoginType.EMAIL_IDENTITY]
|
||||
})
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _do_email_identity(self, request, register_json, session):
|
||||
|
|
Loading…
Reference in New Issue