Add config for enabling/disabling recaptcha

2020-07-08 04:38:47 -04:00 · 2020-07-08 04:38:47 -04:00 · b771dd6791
commit b771dd6791
parent a36e228fc3
6 changed files with 20 additions and 6 deletions
--- a/client/html/user_registration.tpl
+++ b/client/html/user_registration.tpl
@ -38,8 +38,7 @@

        <div class='messages'></div>
        <div class='buttons'>
-            <div id="recaptcha"></div>
-            <br>
+            <% if(ctx.enableRecaptcha) print(`<div id="recaptcha"></div><br>`); %>
            <input type='submit' value='Create an account'/>
        </div>
    </form>
--- a/client/js/api.js
+++ b/client/js/api.js
@ -108,6 +108,10 @@ class Api extends events.EventTarget {
        return !!remoteConfig.enableSafety;
    }

+    recaptchaEnabled() {
+        return !!remoteConfig.enableRecaptcha;
+    }
+
    hasPrivilege(lookup) {
        let minViableRank = null;
        for (let p of Object.keys(remoteConfig.privileges)) {
--- a/client/js/views/registration_view.js
+++ b/client/js/views/registration_view.js
@ -10,12 +10,17 @@ const RECAPTCHA_SITE_KEY = "site key";
 class RegistrationView extends events.EventTarget {
    constructor() {
        super();
+
+        // Show the recaptcha only for anonymous users.
+        const showRecaptcha = (!api.isLoggedIn() && api.recaptchaEnabled());
+
        this._hostNode = document.getElementById("content-holder");
        views.replaceContent(
            this._hostNode,
            template({
                userNamePattern: api.getUserNameRegex(),
                passwordPattern: api.getPasswordRegex(),
+                enableRecaptcha: showRecaptcha,
            })
        );
        views.syncScrollPosition();
@ -23,8 +28,7 @@ class RegistrationView extends events.EventTarget {
        this._formNode.addEventListener("submit", (e) => this._evtSubmit(e));
        this.setRecaptchaToken = this.setRecaptchaToken.bind(this);

-        // Show the recaptcha for anonymous users.
-        if (!api.isLoggedIn())
+        if (showRecaptcha)
            this.renderRecaptcha();
    }

@ -36,7 +40,6 @@ class RegistrationView extends events.EventTarget {
    }

    setRecaptchaToken(token) {
-        console.log("Recaptcha token:", token);
        this.recaptchaToken = token;
    }

--- a/server/config.yaml.dist
+++ b/server/config.yaml.dist
@ -7,6 +7,13 @@ name: szurubooru
 domain: # example: http://example.com
 # used to salt the users' password hashes and generate filenames for static content
 secret: change
+
+# Whether solving a captcha is required for registration for anonymous users.
+enable_recaptcha: no
+
+# A reCAPTCHA v2 secret token.
+# https://developers.google.com/recaptcha/intro
+# https://developers.google.com/recaptcha/docs/display
 recaptcha_secret: change

 # Delete thumbnails and source files on post delete
--- a/server/szurubooru/api/info_api.py
+++ b/server/szurubooru/api/info_api.py
@ -49,6 +49,7 @@ def get_info(ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.Response:
            "privileges": util.snake_case_to_lower_camel_case_keys(
                config.config["privileges"]
            ),
+            "enableRecaptcha": config.config["enable_recaptcha"],
        },
    }
    if auth.has_privilege(ctx.user, "posts:view:featured"):
--- a/server/szurubooru/api/user_api.py
+++ b/server/szurubooru/api/user_api.py
@ -42,7 +42,7 @@ def create_user(
        auth.verify_privilege(ctx.user, "users:create:any")

    # Verify if the recaptcha was correct.
-    if expect_recaptcha:
+    if expect_recaptcha and config.config["enable_recaptcha"]:
        resp = requests.post("https://www.google.com/recaptcha/api/siteverify", data={
            "secret": config.config["recaptcha_secret"],
            "response": ctx.get_param_as_string("recaptchaToken", default=""),