From 53708fb03eea903c8e0e6a4630f519cc302f9539 Mon Sep 17 00:00:00 2001 From: Jimmy Domagala-Tang Date: Tue, 28 Nov 2023 10:58:51 -0500 Subject: [PATCH] Merge pull request #15906 from overleaf/jdt-disable-staging-captchas-if-trusted allow for list of trusted users to skip captchas GitOrigin-RevId: d398e98f63e4dc800a5b4ac59c8c9b672a200a15 --- .../app/src/Features/Captcha/CaptchaMiddleware.js | 13 +++++++++++++ services/web/config/settings.defaults.js | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/services/web/app/src/Features/Captcha/CaptchaMiddleware.js b/services/web/app/src/Features/Captcha/CaptchaMiddleware.js index 39880d8dfd..1ee038e687 100644 --- a/services/web/app/src/Features/Captcha/CaptchaMiddleware.js +++ b/services/web/app/src/Features/Captcha/CaptchaMiddleware.js @@ -26,6 +26,11 @@ async function initializeDeviceHistory(req) { } async function canSkipCaptcha(req, res) { + const trustedUser = + req.body?.email && Settings.recaptcha.trustedUsers.includes(req.body.email) + if (trustedUser) { + return res.json(true) + } await initializeDeviceHistory(req) const canSkip = req.deviceHistory.has(req.body?.email) Metrics.inc('captcha_pre_flight', 1, { @@ -36,6 +41,9 @@ async function canSkipCaptcha(req, res) { function validateCaptcha(action) { return expressify(async function (req, res, next) { + const trustedUser = + req.body?.email && + Settings.recaptcha.trustedUsers.includes(req.body.email) if (!Settings.recaptcha?.siteKey || Settings.recaptcha.disabled[action]) { if (action === 'login') { AuthenticationController.setAuditInfo(req, { captcha: 'disabled' }) @@ -43,6 +51,11 @@ function validateCaptcha(action) { Metrics.inc('captcha', 1, { path: action, status: 'disabled' }) return next() } + if (trustedUser && action === 'login') { + AuthenticationController.setAuditInfo(req, { captcha: 'trusted' }) + Metrics.inc('captcha', 1, { path: action, status: 'trusted' }) + return next() + } const reCaptchaResponse = req.body['g-recaptcha-response'] if (action === 'login') { await initializeDeviceHistory(req) diff --git a/services/web/config/settings.defaults.js b/services/web/config/settings.defaults.js index 39af36af28..15a3b3623e 100644 --- a/services/web/config/settings.defaults.js +++ b/services/web/config/settings.defaults.js @@ -680,6 +680,10 @@ module.exports = { endpoint: process.env.RECAPTCHA_ENDPOINT || 'https://www.google.com/recaptcha/api/siteverify', + trustedUsers: (process.env.CAPTCHA_TRUSTED_USERS || '') + .split(',') + .map(x => x.trim()) + .filter(x => x !== ''), disabled: { invite: true, login: true,