hCaptcha Support (#12594)

* Initial work on hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Use module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Format Signed-off-by: jolheiser <john.olheiser@gmail.com> * At least return and debug log a captcha error Signed-off-by: jolheiser <john.olheiser@gmail.com> * Pass context to hCaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * Finish hcaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update example config Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply error fix for recaptcha Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change recaptcha ChallengeTS to string Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-02 22:37:53 -05:00 · 2020-10-02 22:37:53 -05:00 · 72636fd664
commit 72636fd664
parent 5460bf8903
25 changed files with 345 additions and 21 deletions
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@ -83,6 +83,7 @@ type RegisterForm struct {
 	Password           string `binding:"MaxSize(255)"`
 	Retype             string
 	GRecaptchaResponse string `form:"g-recaptcha-response"`
+	HcaptchaResponse   string `form:"h-captcha-response"`
 }

 // Validate validates the fields
--- a/modules/auth/user_form_auth_openid.go
+++ b/modules/auth/user_form_auth_openid.go
@ -25,6 +25,7 @@ type SignUpOpenIDForm struct {
 	UserName           string `binding:"Required;AlphaDashDot;MaxSize(40)"`
 	Email              string `binding:"Required;Email;MaxSize(254)"`
 	GRecaptchaResponse string `form:"g-recaptcha-response"`
+	HcaptchaResponse   string `form:"h-captcha-response"`
 }

 // Validate validates the fields
--- a/modules/hcaptcha/hcaptcha.go
+++ b/modules/hcaptcha/hcaptcha.go
@ -0,0 +1,34 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package hcaptcha
+
+import (
+	"context"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"go.jolheiser.com/hcaptcha"
+)
+
+// Verify calls hCaptcha API to verify token
+func Verify(ctx context.Context, response string) (bool, error) {
+	client, err := hcaptcha.New(setting.Service.HcaptchaSecret, hcaptcha.WithContext(ctx))
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := client.Verify(response, hcaptcha.PostOptions{
+		Sitekey: setting.Service.HcaptchaSitekey,
+	})
+	if err != nil {
+		return false, err
+	}
+
+	var respErr error
+	if len(resp.ErrorCodes) > 0 {
+		respErr = resp.ErrorCodes[0]
+	}
+	return resp.Success, respErr
+}
--- a/modules/recaptcha/recaptcha.go
+++ b/modules/recaptcha/recaptcha.go
@ -5,12 +5,13 @@
 package recaptcha

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
-	"time"
+	"strings"

 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@ -18,18 +19,29 @@ import (

 // Response is the structure of JSON returned from API
 type Response struct {
-	Success     bool      `json:"success"`
-	ChallengeTS time.Time `json:"challenge_ts"`
-	Hostname    string    `json:"hostname"`
-	ErrorCodes  []string  `json:"error-codes"`
+	Success     bool        `json:"success"`
+	ChallengeTS string      `json:"challenge_ts"`
+	Hostname    string      `json:"hostname"`
+	ErrorCodes  []ErrorCode `json:"error-codes"`
 }

 const apiURL = "api/siteverify"

 // Verify calls Google Recaptcha API to verify token
-func Verify(response string) (bool, error) {
-	resp, err := http.PostForm(util.URLJoin(setting.Service.RecaptchaURL, apiURL),
-		url.Values{"secret": {setting.Service.RecaptchaSecret}, "response": {response}})
+func Verify(ctx context.Context, response string) (bool, error) {
+	post := url.Values{
+		"secret":   {setting.Service.RecaptchaSecret},
+		"response": {response},
+	}
+	// Basically a copy of http.PostForm, but with a context
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		util.URLJoin(setting.Service.RecaptchaURL, apiURL), strings.NewReader(post.Encode()))
+	if err != nil {
+		return false, fmt.Errorf("Failed to create CAPTCHA request: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return false, fmt.Errorf("Failed to send CAPTCHA response: %s", err)
 	}
@ -43,6 +55,36 @@ func Verify(response string) (bool, error) {
 	if err != nil {
 		return false, fmt.Errorf("Failed to parse CAPTCHA response: %s", err)
 	}
-
-	return jsonResponse.Success, nil
+	var respErr error
+	if len(jsonResponse.ErrorCodes) > 0 {
+		respErr = jsonResponse.ErrorCodes[0]
+	}
+	return jsonResponse.Success, respErr
+}
+
+// ErrorCode is a reCaptcha error
+type ErrorCode string
+
+// String fulfills the Stringer interface
+func (e ErrorCode) String() string {
+	switch e {
+	case "missing-input-secret":
+		return "The secret parameter is missing."
+	case "invalid-input-secret":
+		return "The secret parameter is invalid or malformed."
+	case "missing-input-response":
+		return "The response parameter is missing."
+	case "invalid-input-response":
+		return "The response parameter is invalid or malformed."
+	case "bad-request":
+		return "The request is invalid or malformed."
+	case "timeout-or-duplicate":
+		return "The response is no longer valid: either is too old or has been used previously."
+	}
+	return string(e)
+}
+
+// Error fulfills the error interface
+func (e ErrorCode) Error() string {
+	return e.String()
 }
--- a/modules/setting/service.go
+++ b/modules/setting/service.go
@ -35,6 +35,8 @@ var Service struct {
 	RecaptchaSecret                         string
 	RecaptchaSitekey                        string
 	RecaptchaURL                            string
+	HcaptchaSecret                          string
+	HcaptchaSitekey                         string
 	DefaultKeepEmailPrivate                 bool
 	DefaultAllowCreateOrganization          bool
 	EnableTimetracking                      bool
@ -76,6 +78,8 @@ func newService() {
 	Service.RecaptchaSecret = sec.Key("RECAPTCHA_SECRET").MustString("")
 	Service.RecaptchaSitekey = sec.Key("RECAPTCHA_SITEKEY").MustString("")
 	Service.RecaptchaURL = sec.Key("RECAPTCHA_URL").MustString("https://www.google.com/recaptcha/")
+	Service.HcaptchaSecret = sec.Key("HCAPTCHA_SECRET").MustString("")
+	Service.HcaptchaSitekey = sec.Key("HCAPTCHA_SITEKEY").MustString("")
 	Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
 	Service.DefaultAllowCreateOrganization = sec.Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").MustBool(true)
 	Service.EnableTimetracking = sec.Key("ENABLE_TIMETRACKING").MustBool(true)
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -59,6 +59,7 @@ const (
 const (
 	ImageCaptcha = "image"
 	ReCaptcha    = "recaptcha"
+	HCaptcha     = "hcaptcha"
 )

 // settings