1
0
mirror of https://github.com/iv-org/invidious.git synced 2024-12-19 20:54:28 -05:00

Add second hand to image CAPTCHA

This commit is contained in:
Omar Roth 2018-11-25 18:26:21 -06:00
parent 9ce02e579d
commit 934c81b02f
2 changed files with 8 additions and 2 deletions
src/invidious

View File

@ -262,6 +262,10 @@ def validate_response(challenge, token, user_id, operation, key, db)
end
def generate_captcha(key, db)
second = Random::Secure.rand(12)
second_angle = second * 30
second = second * 5
minute = Random::Secure.rand(12)
minute_angle = minute * 30
minute = minute * 5
@ -290,6 +294,7 @@ def generate_captcha(key, db)
<text x="50" y="15" text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text>
<circle cx="50" cy="50" r="3" fill="black"></circle>
<line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line>
<line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line>
<line id="hour" transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line>
</svg>
@ -303,7 +308,7 @@ def generate_captcha(key, db)
image = "data:image/png;base64,#{image}"
end
answer = "#{hour}:#{minute.to_s.rjust(2, '0')}"
answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}"
answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer)
challenge, token = create_response(answer, "sign_in", key, db)

View File

@ -28,7 +28,8 @@
<img style="width:100%" src='<%= captcha.not_nil![:image] %>'/>
<input type="hidden" name="token" value="<%= captcha.not_nil![:token] %>">
<input type="hidden" name="challenge" value="<%= captcha.not_nil![:challenge] %>">
<input required type="text" name="answer" type="text" placeholder="h:mm">
<label for="answer">Time (h:mm:ss):</label>
<input required type="text" name="answer" type="text" placeholder="h:mm:ss">
<label>
<a href="/login?referer=<%= URI.escape(referer) %>&type=invidious&captcha=text">Text CAPTCHA</a>