mirror of
https://github.com/simple-login/app.git
synced 2024-09-21 07:25:59 +08:00
add hCaptcha check
This commit is contained in:
parent
307e3c93c6
commit
efe1ab641f
|
@ -31,6 +31,11 @@
|
|||
</div>
|
||||
-->
|
||||
|
||||
{% if HCAPTCHA_SITEKEY %}
|
||||
<div class="h-captcha" data-sitekey="{{ HCAPTCHA_SITEKEY }}"></div>
|
||||
<script src="https://hcaptcha.com/1/api.js" async defer></script>
|
||||
{% endif %}
|
||||
|
||||
<small class="text-center mt-3">
|
||||
By clicking Create Account, you agree to abide by
|
||||
<a href="https://simplelogin.io/terms">SimpleLogin's Terms and Conditions.</a>
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
import requests
|
||||
from flask import request, flash, render_template, redirect, url_for
|
||||
from flask_login import current_user
|
||||
from flask_wtf import FlaskForm
|
||||
|
@ -6,7 +7,7 @@ from wtforms import StringField, validators
|
|||
from app import email_utils, config
|
||||
from app.auth.base import auth_bp
|
||||
from app.auth.views.login_utils import get_referral
|
||||
from app.config import URL
|
||||
from app.config import URL, HCAPTCHA_SECRET, HCAPTCHA_SITEKEY
|
||||
from app.email_utils import (
|
||||
email_domain_can_be_used_as_mailbox,
|
||||
personal_email_already_used,
|
||||
|
@ -39,9 +40,34 @@ def register():
|
|||
next_url = request.args.get("next")
|
||||
|
||||
if form.validate_on_submit():
|
||||
# only check if hcaptcha is enabled
|
||||
if HCAPTCHA_SECRET:
|
||||
# check with hCaptcha
|
||||
token = request.form.get("h-captcha-response")
|
||||
params = {"secret": HCAPTCHA_SECRET, "response": token}
|
||||
hcaptcha_res = requests.post(
|
||||
"https://hcaptcha.com/siteverify", data=params
|
||||
).json()
|
||||
# return something like
|
||||
# {'success': True,
|
||||
# 'challenge_ts': '2020-07-23T10:03:25',
|
||||
# 'hostname': '127.0.0.1'}
|
||||
if not hcaptcha_res["success"]:
|
||||
LOG.warning(
|
||||
"User put wrong captcha %s %s", form.email.data, hcaptcha_res,
|
||||
)
|
||||
flash("Wrong Captcha", "error")
|
||||
return render_template(
|
||||
"auth/register.html",
|
||||
form=form,
|
||||
next_url=next_url,
|
||||
HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
|
||||
)
|
||||
|
||||
email = form.email.data.strip().lower()
|
||||
if not email_domain_can_be_used_as_mailbox(email):
|
||||
flash("You cannot use this email address as your personal inbox.", "error")
|
||||
|
||||
else:
|
||||
if personal_email_already_used(email):
|
||||
flash(f"Email {email} already used", "error")
|
||||
|
@ -63,7 +89,12 @@ def register():
|
|||
|
||||
return render_template("auth/register_waiting_activation.html")
|
||||
|
||||
return render_template("auth/register.html", form=form, next_url=next_url)
|
||||
return render_template(
|
||||
"auth/register.html",
|
||||
form=form,
|
||||
next_url=next_url,
|
||||
HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
|
||||
)
|
||||
|
||||
|
||||
def send_activation_email(user, next_url):
|
||||
|
|
Loading…
Reference in a new issue