X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fcaptcha%2Fkocaptcha.ex;h=34a6114928eb47ae782e546e0d8fad5b7722ad17;hb=040ab352a543bdaa7ac4c078db0fc24f0db37d5a;hp=7f9637ad0f5c67c1a3d0520f05cdcc8fe3bd4ae4;hpb=ef6829382aa32c03cf8536422537a9c219bd0035;p=akkoma diff --git a/lib/pleroma/captcha/kocaptcha.ex b/lib/pleroma/captcha/kocaptcha.ex index 7f9637ad0..34a611492 100644 --- a/lib/pleroma/captcha/kocaptcha.ex +++ b/lib/pleroma/captcha/kocaptcha.ex @@ -1,11 +1,11 @@ -defmodule Pleroma.Captcha.Kocaptcha do - alias Calendar.DateTime +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only +defmodule Pleroma.Captcha.Kocaptcha do alias Pleroma.Captcha.Service @behaviour Service - @ets __MODULE__.Ets - @impl Service def new() do endpoint = Pleroma.Config.get!([__MODULE__, :endpoint]) @@ -17,40 +17,21 @@ defmodule Pleroma.Captcha.Kocaptcha do {:ok, res} -> json_resp = Poison.decode!(res.body) - token = json_resp["token"] - - true = :ets.insert(@ets, {token, json_resp["md5"], DateTime.now_utc()}) - - %{type: :kocaptcha, token: token, url: endpoint <> json_resp["url"]} - end - end - - @impl Service - def validate(token, captcha) do - with false <- is_nil(captcha), - [{^token, saved_md5, _}] <- :ets.lookup(@ets, token), - true <- :crypto.hash(:md5, captcha) |> Base.encode16() == String.upcase(saved_md5) do - # Clear the saved value - :ets.delete(@ets, token) - - true - else - _ -> false + %{ + type: :kocaptcha, + token: json_resp["token"], + url: endpoint <> json_resp["url"], + answer_data: json_resp["md5"] + } end end @impl Service - def cleanup() do - seconds_retained = Pleroma.Config.get!([Pleroma.Captcha, :seconds_retained]) - - # Go through captchas and remove expired ones - :ets.tab2list(@ets) - |> Enum.each(fn {token, _, time_inserted} -> - # time created + expiration time = time when the captcha should be removed - remove_time = DateTime.add!(time_inserted, seconds_retained) - if DateTime.after?(DateTime.now_utc(), remove_time), do: :ets.delete(@ets, token) - end) - - :ok + def validate(_token, captcha, answer_data) do + # Here the token is unsed, because the unencrypted captcha answer is just passed to method + if not is_nil(captcha) and + :crypto.hash(:md5, captcha) |> Base.encode16() == String.upcase(answer_data), + do: :ok, + else: {:error, "Invalid CAPTCHA"} end end