Add config opion for XFF headers when performing ReCaptcha auth.

2024-11-16 15:01:23 +01:00 · 2014-09-05 22:51:11 -07:00 · 2014-09-05 22:51:11 -07:00 · 37e53513b6
commit 37e53513b6
parent 1829b55bb0
3 changed files with 12 additions and 2 deletions
--- a/synapse/config/captcha.py
+++ b/synapse/config/captcha.py
@ -20,6 +20,7 @@ class CaptchaConfig(Config):
        super(CaptchaConfig, self).__init__(args)
        self.recaptcha_private_key = args.recaptcha_private_key
        self.enable_registration_captcha = args.enable_registration_captcha
+        self.captcha_ip_origin_is_x_forwarded = args.captcha_ip_origin_is_x_forwarded

    @classmethod
    def add_arguments(cls, parser):
@ -34,3 +35,8 @@ class CaptchaConfig(Config):
            help="Enables ReCaptcha checks when registering, preventing signup "+
            "unless a captcha is answered. Requires a valid ReCaptcha public/private key."
        )
+        group.add_argument(
+            "--captcha_ip_origin_is_x_forwarded", type=bool, default=False,
+            help="When checking captchas, use the X-Forwarded-For (XFF) header as the client IP "+
+            "and not the actual client IP."
+        )
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@ -59,6 +59,7 @@ class RegistrationHandler(BaseHandler):
                captcha_info["response"]
            )
            if not captcha_response["valid"]:
+                logger.info("Invalid captcha entered from %s", captcha_info["ip"])
                raise InvalidCaptchaError(
                    error_url=captcha_response["error_url"]
                )
--- a/synapse/rest/register.py
+++ b/synapse/rest/register.py
@ -66,8 +66,11 @@ class RegisterRestServlet(RestServlet):
            
            # TODO determine the source IP : May be an X-Forwarding-For header depending on config
            ip_addr = request.getClientIP()
-            #if self.hs.config.captcha_ip_origin_is_x_forwarded:
-            #    # use the header
+            if self.hs.config.captcha_ip_origin_is_x_forwarded:
+                # use the header
+                if request.requestHeaders.hasHeader("X-Forwarded-For"):
+                    ip_addr = request.requestHeaders.getRawHeaders(
+                        "X-Forwarded-For")[0]
            
            captcha = {
                "ip": ip_addr,