Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hCaptcha Support #12594

Merged
merged 16 commits into from
Oct 3, 2020
Merged

hCaptcha Support #12594

merged 16 commits into from
Oct 3, 2020

Conversation

jolheiser
Copy link
Member

@jolheiser jolheiser commented Aug 24, 2020
edited
Loading

This PR aims to add support for hCaptcha

Related to #12582, but may not completely close it.

Since the captcha errors aren't necessarily meaningful to translate to end-users, for now they are just being debug-logged (previously they weren't handled at all, so this is an improvement???)

@jolheiser
Initial work on hCaptcha
85e49dd 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser jolheiser added the type/enhancement An improvement of existing functionality label Aug 24, 2020
@techknowlogick
Copy link
Member

Option 2 makes sense, perhaps we could also use the lessons learned from your library and apply them to the recaptcha one.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 24, 2020
@lafriks lafriks added this to the 1.13.0 milestone Aug 25, 2020
@lunny lunny modified the milestones: 1.13.0, 1.14.0 Sep 1, 2020
@jolheiser
Use module
39bb157 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
25f21ff 
# Conflicts:
#	go.mod
#	vendor/modules.txt
#	web_src/less/_form.less
@jolheiser
Format
8f50b3c 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
At least return and debug log a captcha error
b36fa3e 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
8b9254f
@jolheiser jolheiser marked this pull request as ready for review September 4, 2020 20:36
@codecov-commenter
Copy link

codecov-commenter commented Sep 4, 2020
edited
Loading

Codecov Report

Merging #12594 into master will decrease coverage by 0.01%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #12594      +/-   ##
==========================================
- Coverage   42.59%   42.57%   -0.02%     
==========================================
  Files         671      672       +1     
  Lines       73625    73676      +51     
==========================================
+ Hits        31363    31370       +7     
- Misses      37180    37228      +48     
+ Partials     5082     5078       -4
Impacted Files Coverage Δ
modules/auth/user_form.go 39.65% <ø> (ø)
modules/auth/user_form_auth_openid.go 0.00% <ø> (ø)
modules/hcaptcha/hcaptcha.go 0.00% <0.00%> (ø)
modules/recaptcha/recaptcha.go 0.00% <0.00%> (ø)
modules/setting/setting.go 47.61% <ø> (ø)
routers/user/auth.go 11.47% <0.00%> (-0.12%) ⬇️
routers/user/auth_openid.go 0.00% <0.00%> (ø)
modules/charset/charset.go 68.53% <0.00%> (-4.50%) ⬇️
services/pull/check.go 47.69% <0.00%> (-0.77%) ⬇️
... and 5 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7670a9d...1fb2a2e. Read the comment docs.

zeripath
zeripath reviewed Sep 4, 2020
View reviewed changes
Copy link
Contributor

@zeripath zeripath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need some way of cancelling these calls. They're potentially preventing Gitea shutdown and I wonder if they could be used in a port exhaustion attack.

routers/user/auth.go Outdated Show resolved Hide resolved
routers/user/auth_openid.go Outdated Show resolved Hide resolved
modules/hcaptcha/hcaptcha.go Outdated Show resolved Hide resolved
routers/user/auth.go Outdated Show resolved Hide resolved
routers/user/auth.go Outdated Show resolved Hide resolved
@jolheiser
Pass context to hCaptcha
2a1877b 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Add context to recaptcha
46f7592 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Copy link
Member Author

@zeripath Done. 🙂

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 5, 2020
@zeripath
Copy link
Contributor

zeripath commented Sep 5, 2020
edited
Loading

Golangci-lint demands a sacrifice... Done

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 2, 2020
@zeripath
Copy link
Contributor

zeripath commented Oct 2, 2020

I'd argue this could go into 1.13 as it's ready to be merged

@jolheiser
Merge branch 'master' of github.com:go-gitea/gitea into hcaptcha
715c8f0
@jolheiser
Finish hcaptcha
8ed5d8e 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Update example config
8b3e095 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Apply error fix for recaptcha
d60cdf7 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
techknowlogick
techknowlogick approved these changes Oct 3, 2020
View reviewed changes
Copy link
Member

@techknowlogick techknowlogick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks :)

@techknowlogick techknowlogick modified the milestones: 1.14.0, 1.13.0 Oct 3, 2020
@jolheiser
Change recaptcha ChallengeTS to string
b1ad889 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
@jolheiser
Copy link
Member Author

A few things to note with the latest changes...

  1. challenge_ts was sometimes returning a timestamp that Go choked on parsing, so both hcaptcha and recaptcha now just marshal it to a string. We weren't using the timestamp, but if it was needed in the future we can look at parsing it then.
  2. There was a potential slice index issue that has been fixed because a successful check meant the ErrorCodes slice was empty.

@techknowlogick techknowlogick merged commit 72636fd into go-gitea:master Oct 3, 2020
@jolheiser jolheiser deleted the hcaptcha branch October 3, 2020 03:38
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath approved these changes

@lafriks lafriks lafriks approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.13.0
Development

Successfully merging this pull request may close these issues.
7 participants
@jolheiser @techknowlogick @codecov-commenter @zeripath @lafriks @lunny @GiteaBot