X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fcaptcha%2Fcaptcha.ex;h=cf75c3adc3bb0b41b5c74e82c461d6f312fb2875;hb=a81342a234a3808e2115c888a45c524e39a6ab60;hp=04769d4b2b87582458fde62653df1a0474c86167;hpb=b386e560ba22ca93b56ba74ffc134fe7e6de8b2d;p=akkoma diff --git a/lib/pleroma/captcha/captcha.ex b/lib/pleroma/captcha/captcha.ex index 04769d4b2..cf75c3adc 100644 --- a/lib/pleroma/captcha/captcha.ex +++ b/lib/pleroma/captcha/captcha.ex @@ -1,12 +1,18 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Captcha do + import Pleroma.Web.Gettext + + alias Calendar.DateTime alias Plug.Crypto.KeyGenerator alias Plug.Crypto.MessageEncryptor - alias Calendar.DateTime use GenServer @doc false - def start_link() do + def start_link(_) do GenServer.start_link(__MODULE__, [], name: __MODULE__) end @@ -18,7 +24,7 @@ defmodule Pleroma.Captcha do @doc """ Ask the configured captcha service for a new captcha """ - def new() do + def new do GenServer.call(__MODULE__, :new) end @@ -44,7 +50,7 @@ defmodule Pleroma.Captcha do token = new_captcha[:token] secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt") sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign") - # Basicallty copy what Phoenix.Token does here, add the time to + # Basically copy what Phoenix.Token does here, add the time to # the actual data and make it a binary to then encrypt it encrypted_captcha_answer = %{ @@ -54,11 +60,9 @@ defmodule Pleroma.Captcha do |> :erlang.term_to_binary() |> MessageEncryptor.encrypt(secret, sign_secret) - IO.inspect(%{new_captcha | answer_data: encrypted_captcha_answer}) - { :reply, - # Repalce the answer with the encrypted answer + # Replace the answer with the encrypted answer %{new_captcha | answer_data: encrypted_captcha_answer}, state } @@ -71,20 +75,37 @@ defmodule Pleroma.Captcha do secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt") sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign") - # If the time found is less than (current_time - seconds_valid), then the time has already passed. + # If the time found is less than (current_time-seconds_valid) then the time has already passed # Later we check that the time found is more than the presumed invalidatation time, that means # that the data is still valid and the captcha can be checked seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid]) valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid) result = - with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret), + with false <- is_nil(answer_data), + {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret), %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do - if DateTime.after?(at, valid_if_after), - do: method().validate(token, captcha, answer_md5), - else: {:error, "CAPTCHA expired"} + try do + if DateTime.before?(at, valid_if_after), + do: throw({:error, dgettext("errors", "CAPTCHA expired")}) + + if not is_nil(Cachex.get!(:used_captcha_cache, token)), + do: throw({:error, dgettext("errors", "CAPTCHA already used")}) + + res = method().validate(token, captcha, answer_md5) + # Throw if an error occurs + if res != :ok, do: throw(res) + + # Mark this captcha as used + {:ok, _} = + Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid)) + + :ok + catch + :throw, e -> e + end else - _ -> {:error, "Invalid answer data"} + _ -> {:error, dgettext("errors", "Invalid answer data")} end {:reply, result, state}