mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 01:33:52 +01:00
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message.
This commit is contained in:
parent
0b9e1e7b56
commit
1829b55bb0
4 changed files with 115 additions and 7 deletions
|
@ -29,7 +29,8 @@ class Codes(object):
|
|||
NOT_FOUND = "M_NOT_FOUND"
|
||||
UNKNOWN_TOKEN = "M_UNKNOWN_TOKEN"
|
||||
LIMIT_EXCEEDED = "M_LIMIT_EXCEEDED"
|
||||
NEEDS_CAPTCHA = "M_NEEDS_CAPTCHA"
|
||||
CAPTCHA_NEEDED = "M_CAPTCHA_NEEDED"
|
||||
CAPTCHA_INVALID = "M_CAPTCHA_INVALID"
|
||||
|
||||
|
||||
class CodeMessageException(Exception):
|
||||
|
@ -102,6 +103,19 @@ class StoreError(SynapseError):
|
|||
pass
|
||||
|
||||
|
||||
class InvalidCaptchaError(SynapseError):
|
||||
def __init__(self, code=400, msg="Invalid captcha.", error_url=None,
|
||||
errcode=Codes.CAPTCHA_INVALID):
|
||||
super(InvalidCaptchaError, self).__init__(code, msg, errcode)
|
||||
self.error_url = error_url
|
||||
|
||||
def error_dict(self):
|
||||
return cs_error(
|
||||
self.msg,
|
||||
self.errcode,
|
||||
error_url=self.error_url,
|
||||
)
|
||||
|
||||
class LimitExceededError(SynapseError):
|
||||
"""A client has sent too many requests and is being throttled.
|
||||
"""
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
from twisted.internet import defer
|
||||
|
||||
from synapse.types import UserID
|
||||
from synapse.api.errors import SynapseError, RegistrationError
|
||||
from synapse.api.errors import SynapseError, RegistrationError, InvalidCaptchaError
|
||||
from ._base import BaseHandler
|
||||
import synapse.util.stringutils as stringutils
|
||||
from synapse.http.client import PlainHttpClient
|
||||
|
@ -38,7 +38,7 @@ class RegistrationHandler(BaseHandler):
|
|||
self.distributor.declare("registered_user")
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def register(self, localpart=None, password=None, threepidCreds=None):
|
||||
def register(self, localpart=None, password=None, threepidCreds=None, captcha_info={}):
|
||||
"""Registers a new client on the server.
|
||||
|
||||
Args:
|
||||
|
@ -51,6 +51,19 @@ class RegistrationHandler(BaseHandler):
|
|||
Raises:
|
||||
RegistrationError if there was a problem registering.
|
||||
"""
|
||||
if captcha_info:
|
||||
captcha_response = yield self._validate_captcha(
|
||||
captcha_info["ip"],
|
||||
captcha_info["private_key"],
|
||||
captcha_info["challenge"],
|
||||
captcha_info["response"]
|
||||
)
|
||||
if not captcha_response["valid"]:
|
||||
raise InvalidCaptchaError(
|
||||
error_url=captcha_response["error_url"]
|
||||
)
|
||||
else:
|
||||
logger.info("Valid captcha entered from %s", captcha_info["ip"])
|
||||
|
||||
if threepidCreds:
|
||||
for c in threepidCreds:
|
||||
|
@ -153,5 +166,37 @@ class RegistrationHandler(BaseHandler):
|
|||
)
|
||||
defer.returnValue(data)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _validate_captcha(self, ip_addr, private_key, challenge, response):
|
||||
"""Validates the captcha provided.
|
||||
|
||||
Returns:
|
||||
dict: Containing 'valid'(bool) and 'error_url'(str) if invalid.
|
||||
|
||||
"""
|
||||
response = yield self._submit_captcha(ip_addr, private_key, challenge, response)
|
||||
# parse Google's response. Lovely format..
|
||||
lines = response.split('\n')
|
||||
json = {
|
||||
"valid": lines[0] == 'true',
|
||||
"error_url": "http://www.google.com/recaptcha/api/challenge?error=%s" % lines[1]
|
||||
}
|
||||
defer.returnValue(json)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _submit_captcha(self, ip_addr, private_key, challenge, response):
|
||||
client = PlainHttpClient(self.hs)
|
||||
data = yield client.post_urlencoded_get_raw(
|
||||
"www.google.com:80",
|
||||
"/recaptcha/api/verify",
|
||||
accept_partial=True, # twisted dislikes google's response, no content length.
|
||||
args={
|
||||
'privatekey': private_key,
|
||||
'remoteip': ip_addr,
|
||||
'challenge': challenge,
|
||||
'response': response
|
||||
}
|
||||
)
|
||||
defer.returnValue(data)
|
||||
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
from twisted.internet import defer, reactor
|
||||
from twisted.internet.error import DNSLookupError
|
||||
from twisted.web.client import _AgentBase, _URI, readBody, FileBodyProducer
|
||||
from twisted.web.client import _AgentBase, _URI, readBody, FileBodyProducer, PartialDownloadError
|
||||
from twisted.web.http_headers import Headers
|
||||
|
||||
from synapse.http.endpoint import matrix_endpoint
|
||||
|
@ -189,6 +189,32 @@ class TwistedHttpClient(HttpClient):
|
|||
|
||||
defer.returnValue(json.loads(body))
|
||||
|
||||
# XXX FIXME : I'm so sorry.
|
||||
@defer.inlineCallbacks
|
||||
def post_urlencoded_get_raw(self, destination, path, accept_partial=False, args={}):
|
||||
if destination in _destination_mappings:
|
||||
destination = _destination_mappings[destination]
|
||||
|
||||
query_bytes = urllib.urlencode(args, True)
|
||||
|
||||
response = yield self._create_request(
|
||||
destination.encode("ascii"),
|
||||
"POST",
|
||||
path.encode("ascii"),
|
||||
producer=FileBodyProducer(StringIO(urllib.urlencode(args))),
|
||||
headers_dict={"Content-Type": ["application/x-www-form-urlencoded"]}
|
||||
)
|
||||
|
||||
try:
|
||||
body = yield readBody(response)
|
||||
defer.returnValue(body)
|
||||
except PartialDownloadError as e:
|
||||
if accept_partial:
|
||||
defer.returnValue(e.response)
|
||||
else:
|
||||
raise e
|
||||
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _create_request(self, destination, method, path_bytes, param_bytes=b"",
|
||||
query_bytes=b"", producer=None, headers_dict={},
|
||||
|
|
|
@ -51,15 +51,38 @@ class RegisterRestServlet(RestServlet):
|
|||
if 'threepidCreds' in register_json:
|
||||
threepidCreds = register_json['threepidCreds']
|
||||
|
||||
captcha = {}
|
||||
if self.hs.config.enable_registration_captcha:
|
||||
if not "challenge" in register_json or not "response" in register_json:
|
||||
raise SynapseError(400, "Captcha response is required", errcode=Codes.NEEDS_CAPTCHA)
|
||||
challenge = None
|
||||
user_response = None
|
||||
try:
|
||||
captcha_type = register_json["captcha"]["type"]
|
||||
if captcha_type != "m.login.recaptcha":
|
||||
raise SynapseError(400, "Sorry, only m.login.recaptcha requests are supported.")
|
||||
challenge = register_json["captcha"]["challenge"]
|
||||
user_response = register_json["captcha"]["response"]
|
||||
except KeyError:
|
||||
raise SynapseError(400, "Captcha response is required", errcode=Codes.CAPTCHA_NEEDED)
|
||||
|
||||
# TODO determine the source IP : May be an X-Forwarding-For header depending on config
|
||||
ip_addr = request.getClientIP()
|
||||
#if self.hs.config.captcha_ip_origin_is_x_forwarded:
|
||||
# # use the header
|
||||
|
||||
captcha = {
|
||||
"ip": ip_addr,
|
||||
"private_key": self.hs.config.recaptcha_private_key,
|
||||
"challenge": challenge,
|
||||
"response": user_response
|
||||
}
|
||||
|
||||
|
||||
handler = self.handlers.registration_handler
|
||||
(user_id, token) = yield handler.register(
|
||||
localpart=desired_user_id,
|
||||
password=password,
|
||||
threepidCreds=threepidCreds)
|
||||
threepidCreds=threepidCreds,
|
||||
captcha_info=captcha)
|
||||
|
||||
result = {
|
||||
"user_id": user_id,
|
||||
|
|
Loading…
Reference in a new issue