Add config opion for XFF headers when performing ReCaptcha auth.

This commit is contained in:
Kegan Dougal 2014-09-05 22:51:11 -07:00
parent 1829b55bb0
commit 37e53513b6
3 changed files with 12 additions and 2 deletions

View File

@ -20,6 +20,7 @@ class CaptchaConfig(Config):
super(CaptchaConfig, self).__init__(args) super(CaptchaConfig, self).__init__(args)
self.recaptcha_private_key = args.recaptcha_private_key self.recaptcha_private_key = args.recaptcha_private_key
self.enable_registration_captcha = args.enable_registration_captcha self.enable_registration_captcha = args.enable_registration_captcha
self.captcha_ip_origin_is_x_forwarded = args.captcha_ip_origin_is_x_forwarded
@classmethod @classmethod
def add_arguments(cls, parser): def add_arguments(cls, parser):
@ -34,3 +35,8 @@ class CaptchaConfig(Config):
help="Enables ReCaptcha checks when registering, preventing signup "+ help="Enables ReCaptcha checks when registering, preventing signup "+
"unless a captcha is answered. Requires a valid ReCaptcha public/private key." "unless a captcha is answered. Requires a valid ReCaptcha public/private key."
) )
group.add_argument(
"--captcha_ip_origin_is_x_forwarded", type=bool, default=False,
help="When checking captchas, use the X-Forwarded-For (XFF) header as the client IP "+
"and not the actual client IP."
)

View File

@ -59,6 +59,7 @@ class RegistrationHandler(BaseHandler):
captcha_info["response"] captcha_info["response"]
) )
if not captcha_response["valid"]: if not captcha_response["valid"]:
logger.info("Invalid captcha entered from %s", captcha_info["ip"])
raise InvalidCaptchaError( raise InvalidCaptchaError(
error_url=captcha_response["error_url"] error_url=captcha_response["error_url"]
) )

View File

@ -66,8 +66,11 @@ class RegisterRestServlet(RestServlet):
# TODO determine the source IP : May be an X-Forwarding-For header depending on config # TODO determine the source IP : May be an X-Forwarding-For header depending on config
ip_addr = request.getClientIP() ip_addr = request.getClientIP()
#if self.hs.config.captcha_ip_origin_is_x_forwarded: if self.hs.config.captcha_ip_origin_is_x_forwarded:
# # use the header # use the header
if request.requestHeaders.hasHeader("X-Forwarded-For"):
ip_addr = request.requestHeaders.getRawHeaders(
"X-Forwarded-For")[0]
captcha = { captcha = {
"ip": ip_addr, "ip": ip_addr,