form: fix captcha

wouldn't compile (not sure why i didn't notice) and after fixing, the
check was being performed after deleting the invite so would always
fail.
pull/189/head
Harvey Tindall 3 years ago
parent d9f8785372
commit 1c942186aa
No known key found for this signature in database
GPG Key ID: BBC65952848FB1A2

@ -628,6 +628,11 @@ func (app *appContext) NewUser(gc *gin.Context) {
var req newUserDTO
gc.BindJSON(&req)
app.debug.Printf("%s: New user attempt", req.Code)
if app.config.Section("captcha").Key("enabled").MustBool(false) && !app.verifyCaptcha(req.Code, req.CaptchaID, req.CaptchaText) {
app.info.Printf("%s: New user failed: Captcha Incorrect", req.Code)
respond(400, "errorCaptcha", gc)
return
}
if !app.checkInvite(req.Code, false, "") {
app.info.Printf("%s New user failed: invalid code", req.Code)
respond(401, "errorInvalidCode", gc)
@ -651,11 +656,6 @@ func (app *appContext) NewUser(gc *gin.Context) {
respond(400, "errorNoEmail", gc)
return
}
if app.config.Section("captcha").Key("enabled").MustBool(false) && !verifyCaptcha(req.Captcha) {
app.info.Printf("%s: New user failed: Captcha Incorrect", req.Code)
respond(400, "errorCaptcha", gc)
return
}
f, success := app.newUser(req, false)
if !success {
f(gc)

@ -23,7 +23,8 @@ type newUserDTO struct {
DiscordContact bool `json:"discord_contact"` // Whether or not to use discord for notifications/pwrs
MatrixPIN string `json:"matrix_pin" example:"A1-B2-3C"` // Matrix verification PIN (if used)
MatrixContact bool `json:"matrix_contact"` // Whether or not to use matrix for notifications/pwrs
Captcha string `json:"captcha"` // Captcha text (if enabled)
CaptchaID string `json:"captcha_id"` // Captcha ID (if enabled)
CaptchaText string `json:"captcha_text"` // Captcha text (if enabled)
}
type newUserResponse struct {

@ -263,7 +263,8 @@ interface sendDTO {
discord_contact?: boolean;
matrix_pin?: string;
matrix_contact?: boolean;
captcha?: string;
captcha_id?: string;
captcha_text?: string;
}
let captchaVerified = false;
@ -338,7 +339,8 @@ const create = (event: SubmitEvent) => {
}
}
if (window.captcha) {
send.captcha = captchaInput.value;
send.captcha_id = captchaID;
send.captcha_text = captchaInput.value;
}
_post("/newUser", send, (req: XMLHttpRequest) => {
if (req.readyState == 4) {

@ -323,10 +323,12 @@ func (app *appContext) GenCaptcha(gc *gin.Context) {
func (app *appContext) verifyCaptcha(code, id, text string) bool {
inv, ok := app.storage.invites[code]
if !ok || inv.Captchas == nil {
app.debug.Printf("Couldn't find invite \"%s\"", code)
return false
}
c, ok := inv.Captchas[id]
if !ok {
app.debug.Printf("Couldn't find Captcha \"%s\"", id)
return false
}
return strings.ToLower(c.Text) == strings.ToLower(text)

Loading…
Cancel
Save