Pleroma/lib/pleroma/captcha/kocaptcha.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Captcha.Kocaptcha do
  alias Pleroma.Captcha.Service
  @behaviour Service

  @impl Service
  def new do
    endpoint = Pleroma.Config.get!([__MODULE__, :endpoint])

    case Pleroma.HTTP.get(endpoint <> "/new") do
      {:error, _} ->
        %{error: :kocaptcha_service_unavailable}

      {:ok, res} ->
        json_resp = Jason.decode!(res.body)

        %{
          type: :kocaptcha,
          token: json_resp["token"],
          url: endpoint <> json_resp["url"],
          answer_data: json_resp["md5"],
          seconds_valid: Pleroma.Config.get([Pleroma.Captcha, :seconds_valid])
        }
    end
  end

  @impl Service
  def validate(_token, captcha, answer_data) do
    # Here the token is unsed, because the unencrypted captcha answer is just passed to method
    if not is_nil(captcha) and
         :crypto.hash(:md5, captcha) |> Base.encode16() == String.upcase(answer_data),
       do: :ok,
       else: {:error, :invalid}
  end
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 07:49:20 +01:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`defmodule Pleroma.Captcha.Kocaptcha do`
			`alias Pleroma.Captcha.Service`
			`@behaviour Service`

			`@impl Service`
[Credo] Remove parentesis on argument-less functions 2019-03-05 04:18:43 +01:00			`def new do`
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`endpoint = Pleroma.Config.get!([__MODULE__, :endpoint])`
Formatting fixes 2018-12-15 20:08:26 +01:00
Use Pleroma.HTTP instead of Tesla Closes #2275 As discovered in the issue, captcha used Tesla.get instead of Pleroma.HTTP. I've also grep'ed the repo and changed the other place where this was used. 2020-11-01 10:05:39 +01:00			`case Pleroma.HTTP.get(endpoint <> "/new") do`
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`{:error, _} ->`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`%{error: :kocaptcha_service_unavailable}`
Formatting fixes 2018-12-15 20:08:26 +01:00
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`{:ok, res} ->`
Switch to Jason over Poison 2019-05-13 22:37:38 +02:00			`json_resp = Jason.decode!(res.body)`
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`%{`
			`type: :kocaptcha,`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 20:39:08 +01:00			`token: json_resp["token"],`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`url: endpoint <> json_resp["url"],`
Expose seconds_valid in Pleroma Captcha API endpoint 2020-07-29 23:07:22 +02:00			`answer_data: json_resp["md5"],`
			`seconds_valid: Pleroma.Config.get([Pleroma.Captcha, :seconds_valid])`
Make captcha (kocaptcha) stateless Also rename seconds_retained to seconds_valid since that's how it is now. Put it down from 180 to 20 seconds. The answer data is now stored in an encrypted text transfered to the client and back, so no ETS is needed 2018-12-20 22:32:37 +01:00			`}`
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`end`
			`end`
Add a configurable auto-cleanup for captchas 2018-12-16 20:04:43 +01:00
			`@impl Service`
Move the encryption out of kocaptcha into general captcha module That way there won't be a need to reimplement it for other captcha services 2018-12-22 20:39:08 +01:00			`def validate(_token, captcha, answer_data) do`
			`# Here the token is unsed, because the unencrypted captcha answer is just passed to method`
			`if not is_nil(captcha) and`
			`:crypto.hash(:md5, captcha) \|> Base.encode16() == String.upcase(answer_data),`
			`do: :ok,`
Add tests for account registration with captcha enabled and improve errors 2020-04-29 18:48:08 +02:00			`else: {:error, :invalid}`
Add a configurable auto-cleanup for captchas 2018-12-16 20:04:43 +01:00			`end`
Separate captcha implementation into a behaviour and use it 2018-12-15 20:06:44 +01:00			`end`