Merge branch 'pleroma-conversations' into 'develop'

[akkoma] / lib / pleroma / captcha / captcha.ex

diff --git a/lib/pleroma/captcha/captcha.ex b/lib/pleroma/captcha/captcha.ex
index 04769d4b2b87582458fde62653df1a0474c86167..c2765a5b8941ab2bc89f0d1ec6618ae31cbddff1 100644 (file)
--- a/lib/pleroma/captcha/captcha.ex
+++ b/lib/pleroma/captcha/captcha.ex
@@ -1,12 +1,18 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Captcha do
+  import Pleroma.Web.Gettext
+
+  alias Calendar.DateTime
   alias Plug.Crypto.KeyGenerator
   alias Plug.Crypto.MessageEncryptor
-  alias Calendar.DateTime
 
   use GenServer
 
   @doc false
-  def start_link() do
+  def start_link(_) do
     GenServer.start_link(__MODULE__, [], name: __MODULE__)
   end
 
@@ -18,7 +24,7 @@ defmodule Pleroma.Captcha do
   @doc """
   Ask the configured captcha service for a new captcha
   """
-  def new() do
+  def new do
     GenServer.call(__MODULE__, :new)
   end
 
@@ -54,8 +60,6 @@ defmodule Pleroma.Captcha do
         |> :erlang.term_to_binary()
         |> MessageEncryptor.encrypt(secret, sign_secret)
 
-      IO.inspect(%{new_captcha | answer_data: encrypted_captcha_answer})
-
       {
         :reply,
         # Repalce the answer with the encrypted answer
@@ -71,7 +75,7 @@ defmodule Pleroma.Captcha do
     secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
     sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")
 
-    # If the time found is less than (current_time - seconds_valid), then the time has already passed.
+    # If the time found is less than (current_time-seconds_valid) then the time has already passed
     # Later we check that the time found is more than the presumed invalidatation time, that means
     # that the data is still valid and the captcha can be checked
     seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])
@@ -80,11 +84,27 @@ defmodule Pleroma.Captcha do
     result =
       with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
            %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
-        if DateTime.after?(at, valid_if_after),
-          do: method().validate(token, captcha, answer_md5),
-          else: {:error, "CAPTCHA expired"}
+        try do
+          if DateTime.before?(at, valid_if_after),
+            do: throw({:error, dgettext("errors", "CAPTCHA expired")})
+
+          if not is_nil(Cachex.get!(:used_captcha_cache, token)),
+            do: throw({:error, dgettext("errors", "CAPTCHA already used")})
+
+          res = method().validate(token, captcha, answer_md5)
+          # Throw if an error occurs
+          if res != :ok, do: throw(res)
+
+          # Mark this captcha as used
+          {:ok, _} =
+            Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid))
+
+          :ok
+        catch
+          :throw, e -> e
+        end
       else
-        _ -> {:error, "Invalid answer data"}
+        _ -> {:error, dgettext("errors", "Invalid answer data")}
       end
 
     {:reply, result, state}