Merge pull request #15906 from overleaf/jdt-disable-staging-captchas-if-trusted

allow for list of trusted users to skip captchas

GitOrigin-RevId: d398e98f63e4dc800a5b4ac59c8c9b672a200a15
This commit is contained in:
Jimmy Domagala-Tang 2023-11-28 10:58:51 -05:00 committed by Copybot
parent 8584918151
commit 53708fb03e
2 changed files with 17 additions and 0 deletions

View file

@ -26,6 +26,11 @@ async function initializeDeviceHistory(req) {
} }
async function canSkipCaptcha(req, res) { async function canSkipCaptcha(req, res) {
const trustedUser =
req.body?.email && Settings.recaptcha.trustedUsers.includes(req.body.email)
if (trustedUser) {
return res.json(true)
}
await initializeDeviceHistory(req) await initializeDeviceHistory(req)
const canSkip = req.deviceHistory.has(req.body?.email) const canSkip = req.deviceHistory.has(req.body?.email)
Metrics.inc('captcha_pre_flight', 1, { Metrics.inc('captcha_pre_flight', 1, {
@ -36,6 +41,9 @@ async function canSkipCaptcha(req, res) {
function validateCaptcha(action) { function validateCaptcha(action) {
return expressify(async function (req, res, next) { return expressify(async function (req, res, next) {
const trustedUser =
req.body?.email &&
Settings.recaptcha.trustedUsers.includes(req.body.email)
if (!Settings.recaptcha?.siteKey || Settings.recaptcha.disabled[action]) { if (!Settings.recaptcha?.siteKey || Settings.recaptcha.disabled[action]) {
if (action === 'login') { if (action === 'login') {
AuthenticationController.setAuditInfo(req, { captcha: 'disabled' }) AuthenticationController.setAuditInfo(req, { captcha: 'disabled' })
@ -43,6 +51,11 @@ function validateCaptcha(action) {
Metrics.inc('captcha', 1, { path: action, status: 'disabled' }) Metrics.inc('captcha', 1, { path: action, status: 'disabled' })
return next() return next()
} }
if (trustedUser && action === 'login') {
AuthenticationController.setAuditInfo(req, { captcha: 'trusted' })
Metrics.inc('captcha', 1, { path: action, status: 'trusted' })
return next()
}
const reCaptchaResponse = req.body['g-recaptcha-response'] const reCaptchaResponse = req.body['g-recaptcha-response']
if (action === 'login') { if (action === 'login') {
await initializeDeviceHistory(req) await initializeDeviceHistory(req)

View file

@ -680,6 +680,10 @@ module.exports = {
endpoint: endpoint:
process.env.RECAPTCHA_ENDPOINT || process.env.RECAPTCHA_ENDPOINT ||
'https://www.google.com/recaptcha/api/siteverify', 'https://www.google.com/recaptcha/api/siteverify',
trustedUsers: (process.env.CAPTCHA_TRUSTED_USERS || '')
.split(',')
.map(x => x.trim())
.filter(x => x !== ''),
disabled: { disabled: {
invite: true, invite: true,
login: true, login: true,