Check recaptcha response from google API
This commit is contained in:
parent
58d2c273bb
commit
882cb91ae0
1 changed files with 20 additions and 1 deletions
|
@ -1,6 +1,8 @@
|
||||||
from typing import Any, Dict
|
from typing import Any, Dict
|
||||||
|
|
||||||
from szurubooru import model, rest, search
|
import requests
|
||||||
|
|
||||||
|
from szurubooru import config, model, rest, search
|
||||||
from szurubooru.func import auth, serialization, users, versions
|
from szurubooru.func import auth, serialization, users, versions
|
||||||
|
|
||||||
_search_executor = search.Executor(search.configs.UserSearchConfig())
|
_search_executor = search.Executor(search.configs.UserSearchConfig())
|
||||||
|
@ -31,11 +33,28 @@ def get_users(
|
||||||
def create_user(
|
def create_user(
|
||||||
ctx: rest.Context, _params: Dict[str, str] = {}
|
ctx: rest.Context, _params: Dict[str, str] = {}
|
||||||
) -> rest.Response:
|
) -> rest.Response:
|
||||||
|
expect_recaptcha = False
|
||||||
|
|
||||||
if ctx.user.user_id is None:
|
if ctx.user.user_id is None:
|
||||||
|
expect_recaptcha = True
|
||||||
auth.verify_privilege(ctx.user, "users:create:self")
|
auth.verify_privilege(ctx.user, "users:create:self")
|
||||||
else:
|
else:
|
||||||
auth.verify_privilege(ctx.user, "users:create:any")
|
auth.verify_privilege(ctx.user, "users:create:any")
|
||||||
|
|
||||||
|
# Verify if the recaptcha was correct.
|
||||||
|
if expect_recaptcha:
|
||||||
|
resp = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
|
||||||
|
"secret": config.config["recaptcha_secret"],
|
||||||
|
"response": ctx.get_param_as_string("recaptchaToken", default=""),
|
||||||
|
})
|
||||||
|
|
||||||
|
# Raise a 400 error if the recaptcha wasn't OK.
|
||||||
|
if not resp.json()["success"]:
|
||||||
|
raise rest.errors.HttpBadRequest(
|
||||||
|
"ValidationError",
|
||||||
|
"Recaptcha response was invalid."
|
||||||
|
)
|
||||||
|
|
||||||
name = ctx.get_param_as_string("name")
|
name = ctx.get_param_as_string("name")
|
||||||
password = ctx.get_param_as_string("password")
|
password = ctx.get_param_as_string("password")
|
||||||
email = ctx.get_param_as_string("email", default="")
|
email = ctx.get_param_as_string("email", default="")
|
||||||
|
|
Reference in a new issue