Add option to enable CAPTCHA validation for login (#21638)

Enable this to require captcha validation for user login. You also must enable `ENABLE_CAPTCHA`. Summary: - Consolidate CAPTCHA template - add CAPTCHA handle and context - add `REQUIRE_CAPTCHA_FOR_LOGIN` config and docs - Consolidate CAPTCHA set-up and verification code Partially resolved #6049 Signed-off-by: Xinyu Zhou <i@sourcehut.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-11-23 05:13:18 +08:00 · 2022-11-23 05:13:18 +08:00 · 68e934ab5d
commit 68e934ab5d
parent e77b76425e
14 changed files with 128 additions and 180 deletions
--- a/modules/context/captcha.go
+++ b/modules/context/captcha.go
@ -5,9 +5,15 @@
 package context

 import (
+	"fmt"
 	"sync"

+	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/hcaptcha"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/mcaptcha"
+	"code.gitea.io/gitea/modules/recaptcha"
 	"code.gitea.io/gitea/modules/setting"

 	"gitea.com/go-chi/captcha"
@ -28,3 +34,56 @@ func GetImageCaptcha() *captcha.Captcha {
 	})
 	return cpt
 }
+
+// SetCaptchaData sets common captcha data
+func SetCaptchaData(ctx *Context) {
+	if !setting.Service.EnableCaptcha {
+		return
+	}
+	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
+	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = GetImageCaptcha()
+	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
+	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
+	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
+	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
+	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+}
+
+const (
+	gRecaptchaResponseField = "g-recaptcha-response"
+	hCaptchaResponseField   = "h-captcha-response"
+	mCaptchaResponseField   = "m-captcha-response"
+)
+
+// VerifyCaptcha verifies Captcha data
+// No-op if captchas are not enabled
+func VerifyCaptcha(ctx *Context, tpl base.TplName, form interface{}) {
+	if !setting.Service.EnableCaptcha {
+		return
+	}
+
+	var valid bool
+	var err error
+	switch setting.Service.CaptchaType {
+	case setting.ImageCaptcha:
+		valid = GetImageCaptcha().VerifyReq(ctx.Req)
+	case setting.ReCaptcha:
+		valid, err = recaptcha.Verify(ctx, ctx.Req.Form.Get(gRecaptchaResponseField))
+	case setting.HCaptcha:
+		valid, err = hcaptcha.Verify(ctx, ctx.Req.Form.Get(hCaptchaResponseField))
+	case setting.MCaptcha:
+		valid, err = mcaptcha.Verify(ctx, ctx.Req.Form.Get(mCaptchaResponseField))
+	default:
+		ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
+		return
+	}
+	if err != nil {
+		log.Debug("%v", err)
+	}
+
+	if !valid {
+		ctx.Data["Err_Captcha"] = true
+		ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tpl, form)
+	}
+}