Skip to content

hCaptcha Support#12594

Merged
techknowlogick merged 16 commits into
go-gitea:masterfrom
jolheiser:hcaptcha
Oct 3, 2020
Merged

hCaptcha Support#12594
techknowlogick merged 16 commits into
go-gitea:masterfrom
jolheiser:hcaptcha

Conversation

@jolheiser
Copy link
Copy Markdown
Member

@jolheiser jolheiser commented Aug 24, 2020
edited
Loading

This PR aims to add support for hCaptcha

Related to #12582, but may not completely close it.

Since the captcha errors aren't necessarily meaningful to translate to end-users, for now they are just being debug-logged (previously they weren't handled at all, so this is an improvement???)

@jolheiser
Initial work on hCaptcha
85e49dd 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser jolheiser added the type/enhancement An improvement of existing functionality label Aug 24, 2020
@techknowlogick
Copy link
Copy Markdown
Member

techknowlogick commented Aug 24, 2020

Option 2 makes sense, perhaps we could also use the lessons learned from your library and apply them to the recaptcha one.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 24, 2020
@lafriks lafriks added this to the 1.13.0 milestone Aug 25, 2020
@lunny lunny modified the milestones: 1.13.0, 1.14.0 Sep 1, 2020
@jolheiser
Use module
39bb157 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
25f21ff 
# Conflicts:
#	go.mod
#	vendor/modules.txt
#	web_src/less/_form.less
@jolheiser
Format
8f50b3c 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
At least return and debug log a captcha error
b36fa3e 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
8b9254f
@jolheiser jolheiser marked this pull request as ready for review September 4, 2020 20:36
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Sep 4, 2020
edited
Loading

Codecov Report

Merging #12594 into master will decrease coverage by 0.01%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #12594      +/-   ##
==========================================
- Coverage   42.59%   42.57%   -0.02%     
==========================================
  Files         671      672       +1     
  Lines       73625    73676      +51     
==========================================
+ Hits        31363    31370       +7     
- Misses      37180    37228      +48     
+ Partials     5082     5078       -4
Impacted Files Coverage Δ
modules/auth/user_form.go 39.65% <ø> (ø)
modules/auth/user_form_auth_openid.go 0.00% <ø> (ø)
modules/hcaptcha/hcaptcha.go 0.00% <0.00%> (ø)
modules/recaptcha/recaptcha.go 0.00% <0.00%> (ø)
modules/setting/setting.go 47.61% <ø> (ø)
routers/user/auth.go 11.47% <0.00%> (-0.12%) ⬇️
routers/user/auth_openid.go 0.00% <0.00%> (ø)
modules/charset/charset.go 68.53% <0.00%> (-4.50%) ⬇️
services/pull/check.go 47.69% <0.00%> (-0.77%) ⬇️
... and 5 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7670a9d...1fb2a2e. Read the comment docs.

zeripath
zeripath reviewed Sep 4, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@zeripath zeripath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need some way of cancelling these calls. They're potentially preventing Gitea shutdown and I wonder if they could be used in a port exhaustion attack.

Comment thread routers/user/auth.go Outdated
Comment thread routers/user/auth_openid.go Outdated
Comment thread modules/hcaptcha/hcaptcha.go Outdated
Comment thread routers/user/auth.go Outdated
Comment thread routers/user/auth.go Outdated
@jolheiser
Pass context to hCaptcha
2a1877b 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Add context to recaptcha
46f7592 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Copy link
Copy Markdown
Member Author

jolheiser commented Sep 5, 2020

@zeripath Done. 🙂

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 5, 2020
@zeripath
Copy link
Copy Markdown
Contributor

zeripath commented Sep 5, 2020
edited
Loading

Golangci-lint demands a sacrifice... Done

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 2, 2020
@zeripath
Copy link
Copy Markdown
Contributor

zeripath commented Oct 2, 2020

I'd argue this could go into 1.13 as it's ready to be merged

techknowlogick
techknowlogick requested changes Oct 2, 2020
View reviewed changes
Comment thread custom/conf/app.example.ini
@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
715c8f0
@jolheiser
Finish hcaptcha
8ed5d8e 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Update example config
8b3e095 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Apply error fix for recaptcha
d60cdf7 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
techknowlogick
techknowlogick approved these changes Oct 3, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@techknowlogick techknowlogick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks :)

@techknowlogick techknowlogick modified the milestones: 1.14.0, 1.13.0 Oct 3, 2020
@jolheiser
Change recaptcha ChallengeTS to string
b1ad889 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Copy link
Copy Markdown
Member Author

jolheiser commented Oct 3, 2020

A few things to note with the latest changes...

  1. challenge_ts was sometimes returning a timestamp that Go choked on parsing, so both hcaptcha and recaptcha now just marshal it to a string. We weren't using the timestamp, but if it was needed in the future we can look at parsing it then.
  2. There was a potential slice index issue that has been fixed because a successful check meant the ErrorCodes slice was empty.

@techknowlogick techknowlogick merged commit 72636fd into go-gitea:master Oct 3, 2020
@jolheiser jolheiser deleted the hcaptcha branch October 3, 2020 03:38
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality

Projects

None yet

Milestone

1.13.0

Development

Successfully merging this pull request may close these issues.

7 participants

@jolheiser @techknowlogick @codecov-commenter @zeripath @lafriks @lunny @GiteaBot