Check recaptcha response from google API

This commit is contained in:
Jesse 2020-07-08 04:03:41 -04:00
parent 58d2c273bb
commit 882cb91ae0
No known key found for this signature in database
GPG key ID: 1A8AB3257B32D91F

View file

@ -1,6 +1,8 @@
from typing import Any, Dict from typing import Any, Dict
from szurubooru import model, rest, search import requests
from szurubooru import config, model, rest, search
from szurubooru.func import auth, serialization, users, versions from szurubooru.func import auth, serialization, users, versions
_search_executor = search.Executor(search.configs.UserSearchConfig()) _search_executor = search.Executor(search.configs.UserSearchConfig())
@ -31,11 +33,28 @@ def get_users(
def create_user( def create_user(
ctx: rest.Context, _params: Dict[str, str] = {} ctx: rest.Context, _params: Dict[str, str] = {}
) -> rest.Response: ) -> rest.Response:
expect_recaptcha = False
if ctx.user.user_id is None: if ctx.user.user_id is None:
expect_recaptcha = True
auth.verify_privilege(ctx.user, "users:create:self") auth.verify_privilege(ctx.user, "users:create:self")
else: else:
auth.verify_privilege(ctx.user, "users:create:any") auth.verify_privilege(ctx.user, "users:create:any")
# Verify if the recaptcha was correct.
if expect_recaptcha:
resp = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
"secret": config.config["recaptcha_secret"],
"response": ctx.get_param_as_string("recaptchaToken", default=""),
})
# Raise a 400 error if the recaptcha wasn't OK.
if not resp.json()["success"]:
raise rest.errors.HttpBadRequest(
"ValidationError",
"Recaptcha response was invalid."
)
name = ctx.get_param_as_string("name") name = ctx.get_param_as_string("name")
password = ctx.get_param_as_string("password") password = ctx.get_param_as_string("password")
email = ctx.get_param_as_string("email", default="") email = ctx.get_param_as_string("email", default="")