mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-24 05:52:48 +00:00
Merge pull request #15906 from overleaf/jdt-disable-staging-captchas-if-trusted
allow for list of trusted users to skip captchas GitOrigin-RevId: d398e98f63e4dc800a5b4ac59c8c9b672a200a15
This commit is contained in:
parent
8584918151
commit
53708fb03e
2 changed files with 17 additions and 0 deletions
|
@ -26,6 +26,11 @@ async function initializeDeviceHistory(req) {
|
|||
}
|
||||
|
||||
async function canSkipCaptcha(req, res) {
|
||||
const trustedUser =
|
||||
req.body?.email && Settings.recaptcha.trustedUsers.includes(req.body.email)
|
||||
if (trustedUser) {
|
||||
return res.json(true)
|
||||
}
|
||||
await initializeDeviceHistory(req)
|
||||
const canSkip = req.deviceHistory.has(req.body?.email)
|
||||
Metrics.inc('captcha_pre_flight', 1, {
|
||||
|
@ -36,6 +41,9 @@ async function canSkipCaptcha(req, res) {
|
|||
|
||||
function validateCaptcha(action) {
|
||||
return expressify(async function (req, res, next) {
|
||||
const trustedUser =
|
||||
req.body?.email &&
|
||||
Settings.recaptcha.trustedUsers.includes(req.body.email)
|
||||
if (!Settings.recaptcha?.siteKey || Settings.recaptcha.disabled[action]) {
|
||||
if (action === 'login') {
|
||||
AuthenticationController.setAuditInfo(req, { captcha: 'disabled' })
|
||||
|
@ -43,6 +51,11 @@ function validateCaptcha(action) {
|
|||
Metrics.inc('captcha', 1, { path: action, status: 'disabled' })
|
||||
return next()
|
||||
}
|
||||
if (trustedUser && action === 'login') {
|
||||
AuthenticationController.setAuditInfo(req, { captcha: 'trusted' })
|
||||
Metrics.inc('captcha', 1, { path: action, status: 'trusted' })
|
||||
return next()
|
||||
}
|
||||
const reCaptchaResponse = req.body['g-recaptcha-response']
|
||||
if (action === 'login') {
|
||||
await initializeDeviceHistory(req)
|
||||
|
|
|
@ -680,6 +680,10 @@ module.exports = {
|
|||
endpoint:
|
||||
process.env.RECAPTCHA_ENDPOINT ||
|
||||
'https://www.google.com/recaptcha/api/siteverify',
|
||||
trustedUsers: (process.env.CAPTCHA_TRUSTED_USERS || '')
|
||||
.split(',')
|
||||
.map(x => x.trim())
|
||||
.filter(x => x !== ''),
|
||||
disabled: {
|
||||
invite: true,
|
||||
login: true,
|
||||
|
|
Loading…
Reference in a new issue