Protect user registration with captcha (#1480)

* Protect user registration with captcha * PR feedback
2025-07-02 00:22:50 -05:00 · 2021-07-22 12:29:06 -05:00
parent 46fa6f6673
commit 7a135ae7cd
9 changed files with 64 additions and 13 deletions
--- a/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Core/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -60,7 +60,7 @@ namespace Bit.Core.IdentityServer
            //}

            string bypassToken = null;
-            if (_captchaValidationService.ServiceEnabled && (_currentContext.IsBot || _captchaValidationService.RequireCaptcha))
+            if (_captchaValidationService.RequireCaptchaValidation(_currentContext))
            {
                var user = await _userManager.FindByEmailAsync(context.UserName.ToLowerInvariant());
                var captchaResponse = context.Request.Raw["captchaResponse"]?.ToString();
@ -69,7 +69,7 @@ namespace Bit.Core.IdentityServer
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Captcha required.",
                        new Dictionary<string, object> {
-                            { "HCaptcha_SiteKey", _captchaValidationService.SiteKey },
+                            { _captchaValidationService.SiteKeyResponseKeyName, _captchaValidationService.SiteKey },
                        });
                    return;
                }