mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Add config opion for XFF headers when performing ReCaptcha auth.
This commit is contained in:
parent
1829b55bb0
commit
37e53513b6
@ -20,6 +20,7 @@ class CaptchaConfig(Config):
|
|||||||
super(CaptchaConfig, self).__init__(args)
|
super(CaptchaConfig, self).__init__(args)
|
||||||
self.recaptcha_private_key = args.recaptcha_private_key
|
self.recaptcha_private_key = args.recaptcha_private_key
|
||||||
self.enable_registration_captcha = args.enable_registration_captcha
|
self.enable_registration_captcha = args.enable_registration_captcha
|
||||||
|
self.captcha_ip_origin_is_x_forwarded = args.captcha_ip_origin_is_x_forwarded
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def add_arguments(cls, parser):
|
def add_arguments(cls, parser):
|
||||||
@ -34,3 +35,8 @@ class CaptchaConfig(Config):
|
|||||||
help="Enables ReCaptcha checks when registering, preventing signup "+
|
help="Enables ReCaptcha checks when registering, preventing signup "+
|
||||||
"unless a captcha is answered. Requires a valid ReCaptcha public/private key."
|
"unless a captcha is answered. Requires a valid ReCaptcha public/private key."
|
||||||
)
|
)
|
||||||
|
group.add_argument(
|
||||||
|
"--captcha_ip_origin_is_x_forwarded", type=bool, default=False,
|
||||||
|
help="When checking captchas, use the X-Forwarded-For (XFF) header as the client IP "+
|
||||||
|
"and not the actual client IP."
|
||||||
|
)
|
@ -59,6 +59,7 @@ class RegistrationHandler(BaseHandler):
|
|||||||
captcha_info["response"]
|
captcha_info["response"]
|
||||||
)
|
)
|
||||||
if not captcha_response["valid"]:
|
if not captcha_response["valid"]:
|
||||||
|
logger.info("Invalid captcha entered from %s", captcha_info["ip"])
|
||||||
raise InvalidCaptchaError(
|
raise InvalidCaptchaError(
|
||||||
error_url=captcha_response["error_url"]
|
error_url=captcha_response["error_url"]
|
||||||
)
|
)
|
||||||
|
@ -66,8 +66,11 @@ class RegisterRestServlet(RestServlet):
|
|||||||
|
|
||||||
# TODO determine the source IP : May be an X-Forwarding-For header depending on config
|
# TODO determine the source IP : May be an X-Forwarding-For header depending on config
|
||||||
ip_addr = request.getClientIP()
|
ip_addr = request.getClientIP()
|
||||||
#if self.hs.config.captcha_ip_origin_is_x_forwarded:
|
if self.hs.config.captcha_ip_origin_is_x_forwarded:
|
||||||
# # use the header
|
# use the header
|
||||||
|
if request.requestHeaders.hasHeader("X-Forwarded-For"):
|
||||||
|
ip_addr = request.requestHeaders.getRawHeaders(
|
||||||
|
"X-Forwarded-For")[0]
|
||||||
|
|
||||||
captcha = {
|
captcha = {
|
||||||
"ip": ip_addr,
|
"ip": ip_addr,
|
||||||
|
Loading…
Reference in New Issue
Block a user