Protect user registration with captcha (#1480)

* Protect user registration with captcha * PR feedback
2025-07-02 00:22:50 -05:00 · 2021-07-22 12:29:06 -05:00
parent 46fa6f6673
commit 7a135ae7cd
9 changed files with 64 additions and 13 deletions
--- a/src/Core/Utilities/CaptchaProtectedAttribute.cs
+++ b/src/Core/Utilities/CaptchaProtectedAttribute.cs
@ -0,0 +1,37 @@
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.Services;
+using Bit.Core.Models.Api;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Core.Utilities
+{
+    public class CaptchaProtectedAttribute : ActionFilterAttribute
+    {
+        public string ModelParameterName { get; set; } = "model";
+
+        public override void OnActionExecuting(ActionExecutingContext context)
+        {
+            var currentContext = context.HttpContext.RequestServices.GetRequiredService<ICurrentContext>();
+            var captchaValidationService = context.HttpContext.RequestServices.GetRequiredService<ICaptchaValidationService>();
+
+            if (captchaValidationService.RequireCaptchaValidation(currentContext))
+            {
+                var captchaResponse = (context.ActionArguments[ModelParameterName] as ICaptchaProtectedModel)?.CaptchaResponse;
+
+                if (string.IsNullOrWhiteSpace(captchaResponse))
+                {
+                    throw new BadRequestException(captchaValidationService.SiteKeyResponseKeyName, captchaValidationService.SiteKey);
+                }
+
+                var captchaValid = captchaValidationService.ValidateCaptchaResponseAsync(captchaResponse,
+                    currentContext.IpAddress).GetAwaiter().GetResult();
+                if (!captchaValid)
+                {
+                    throw new BadRequestException("Captcha is invalid. Please refresh and try again");
+                }
+            }
+        }
+    }
+}