nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-02 08:32:50 -05:00
Code Activity

Protect user registration with captcha (#1480)

Browse Source 
* Protect user registration with captcha

* PR feedback
This commit is contained in:
Matt Gibson
2021-07-22 12:29:06 -05:00
committed by GitHub
parent 46fa6f6673
commit 7a135ae7cd
9 changed files with 64 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Core/Services/ICaptchaValidationService.cs
View File

@ -1,13 +1,14 @@
using System.Threading.Tasks;
using Bit.Core.Context;
using Bit.Core.Models.Table;
namespace Bit.Core.Services
{
public interface ICaptchaValidationService
{
bool ServiceEnabled { get; }
string SiteKey { get; }
bool RequireCaptcha { get; }
string SiteKeyResponseKeyName { get; }
bool RequireCaptchaValidation(ICurrentContext currentContext);
Task<bool> ValidateCaptchaResponseAsync(string captchResponse, string clientIpAddress);
string GenerateCaptchaBypassToken(User user);
bool ValidateCaptchaBypassToken(string encryptedToken, User user);

13
src/Core/Services/Implementations/HCaptchaValidationService.cs
View File

@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.Net.Http;
using System.Threading.Tasks;
using Bit.Core.Context;
using Bit.Core.Models.Table;
using Bit.Core.Settings;
using Bit.Core.Utilities;
@ -33,9 +34,8 @@ namespace Bit.Core.Services
_dataProtector = dataProtectorProvider.CreateProtector("CaptchaServiceDataProtector");
}
public bool ServiceEnabled => true;
public string SiteKeyResponseKeyName => "HCaptcha_SiteKey";
public string SiteKey => _globalSettings.Captcha.HCaptchaSiteKey;
public bool RequireCaptcha => _globalSettings.Captcha.RequireCaptcha;
public string GenerateCaptchaBypassToken(User user) =>
$"{TokenClearTextPrefix}{_dataProtector.Protect(CaptchaBypassTokenContent(user))}";
@ -44,9 +44,9 @@ namespace Bit.Core.Services
CoreHelpers.TokenIsValid(TokenName, _dataProtector, encryptedToken[TokenClearTextPrefix.Length..],
user.Email, user.Id, TokenLifetimeInHours);
public async Task<bool> ValidateCaptchaResponseAsync(string captchResponse, string clientIpAddress)
public async Task<bool> ValidateCaptchaResponseAsync(string captchaResponse, string clientIpAddress)
{
if (string.IsNullOrWhiteSpace(captchResponse))
if (string.IsNullOrWhiteSpace(captchaResponse))
{
return false;
}
@ -59,7 +59,7 @@ namespace Bit.Core.Services
RequestUri = new Uri("https://hcaptcha.com/siteverify"),
Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "response", captchResponse.TrimStart("hcaptcha|".ToCharArray()) },
{ "response", captchaResponse.TrimStart("hcaptcha|".ToCharArray()) },
{ "secret", _globalSettings.Captcha.HCaptchaSecretKey },
{ "sitekey", SiteKey },
{ "remoteip", clientIpAddress }
@ -87,6 +87,9 @@ namespace Bit.Core.Services
return (bool)jsonResponse.success;
}
public bool RequireCaptchaValidation(ICurrentContext currentContext) =>
currentContext.IsBot || _globalSettings.Captcha.ForceCaptchaRequired;
private static string CaptchaBypassTokenContent(User user) =>
string.Join(' ', new object[] {
TokenName,

5
src/Core/Services/NoopImplementations/NoopCaptchaValidationService.cs
View File

@ -1,13 +1,14 @@
using System.Threading.Tasks;
using Bit.Core.Context;
using Bit.Core.Models.Table;
namespace Bit.Core.Services
{
public class NoopCaptchaValidationService : ICaptchaValidationService
{
public bool ServiceEnabled => false;
public string SiteKeyResponseKeyName => null;
public string SiteKey => null;
public bool RequireCaptcha => false;
public bool RequireCaptchaValidation(ICurrentContext currentContext) => false;
public string GenerateCaptchaBypassToken(User user) => "";
public bool ValidateCaptchaBypassToken(string encryptedToken, User user) => false;