Merge pull request #243 from simple-login/hcaptcha
Ask for Hcaptcha on sign up page if enabled
This commit is contained in:
commit
782844e2b9
|
@ -31,6 +31,11 @@
|
|||
</div>
|
||||
-->
|
||||
|
||||
{% if HCAPTCHA_SITEKEY %}
|
||||
<div class="h-captcha" data-sitekey="{{ HCAPTCHA_SITEKEY }}"></div>
|
||||
<script src="https://hcaptcha.com/1/api.js" async defer></script>
|
||||
{% endif %}
|
||||
|
||||
<small class="text-center mt-3">
|
||||
By clicking Create Account, you agree to abide by
|
||||
<a href="https://simplelogin.io/terms">SimpleLogin's Terms and Conditions.</a>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import requests
|
||||
from flask import request, flash, render_template, redirect, url_for
|
||||
from flask_login import current_user
|
||||
from flask_wtf import FlaskForm
|
||||
|
@ -6,7 +7,7 @@ from wtforms import StringField, validators
|
|||
from app import email_utils, config
|
||||
from app.auth.base import auth_bp
|
||||
from app.auth.views.login_utils import get_referral
|
||||
from app.config import URL
|
||||
from app.config import URL, HCAPTCHA_SECRET, HCAPTCHA_SITEKEY
|
||||
from app.email_utils import (
|
||||
email_domain_can_be_used_as_mailbox,
|
||||
personal_email_already_used,
|
||||
|
@ -39,9 +40,34 @@ def register():
|
|||
next_url = request.args.get("next")
|
||||
|
||||
if form.validate_on_submit():
|
||||
# only check if hcaptcha is enabled
|
||||
if HCAPTCHA_SECRET:
|
||||
# check with hCaptcha
|
||||
token = request.form.get("h-captcha-response")
|
||||
params = {"secret": HCAPTCHA_SECRET, "response": token}
|
||||
hcaptcha_res = requests.post(
|
||||
"https://hcaptcha.com/siteverify", data=params
|
||||
).json()
|
||||
# return something like
|
||||
# {'success': True,
|
||||
# 'challenge_ts': '2020-07-23T10:03:25',
|
||||
# 'hostname': '127.0.0.1'}
|
||||
if not hcaptcha_res["success"]:
|
||||
LOG.warning(
|
||||
"User put wrong captcha %s %s", form.email.data, hcaptcha_res,
|
||||
)
|
||||
flash("Wrong Captcha", "error")
|
||||
return render_template(
|
||||
"auth/register.html",
|
||||
form=form,
|
||||
next_url=next_url,
|
||||
HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
|
||||
)
|
||||
|
||||
email = form.email.data.strip().lower()
|
||||
if not email_domain_can_be_used_as_mailbox(email):
|
||||
flash("You cannot use this email address as your personal inbox.", "error")
|
||||
|
||||
else:
|
||||
if personal_email_already_used(email):
|
||||
flash(f"Email {email} already used", "error")
|
||||
|
@ -63,7 +89,12 @@ def register():
|
|||
|
||||
return render_template("auth/register_waiting_activation.html")
|
||||
|
||||
return render_template("auth/register.html", form=form, next_url=next_url)
|
||||
return render_template(
|
||||
"auth/register.html",
|
||||
form=form,
|
||||
next_url=next_url,
|
||||
HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
|
||||
)
|
||||
|
||||
|
||||
def send_activation_email(user, next_url):
|
||||
|
|
|
@ -292,3 +292,6 @@ ALERT_SPF = "spf"
|
|||
|
||||
# Disable onboarding emails
|
||||
DISABLE_ONBOARDING = "DISABLE_ONBOARDING" in os.environ
|
||||
|
||||
HCAPTCHA_SECRET = os.environ.get("HCAPTCHA_SECRET")
|
||||
HCAPTCHA_SITEKEY = os.environ.get("HCAPTCHA_SITEKEY")
|
||||
|
|
|
@ -145,4 +145,8 @@ DISABLE_ONBOARDING=true
|
|||
|
||||
# By default use postfix port 25. This param is used to override the Postfix port,
|
||||
# useful when using another SMTP server when developing locally
|
||||
# POSTFIX_PORT=1025
|
||||
# POSTFIX_PORT=1025
|
||||
|
||||
# set the 2 below variables to enable hCaptcha
|
||||
# HCAPTCHA_SECRET=very_long_string
|
||||
# HCAPTCHA_SITEKEY=00000000-0000-0000-0000-000000000000
|
Loading…
Reference in New Issue