Fix captcha (#14488)

Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
3 years ago · 41c0776568
parent 669ff8e9b1
commit 41c0776568
9 changed files with 30 additions and 49 deletions
--- a/modules/cache/cache.go
+++ b/modules/cache/cache.go
@ -27,24 +27,6 @@ func newCache(cacheConfig setting.Cache) (mc.Cache, error) {
 	})
 }
 // Cache is the interface that operates the cache data.
 type Cache interface {
 	// Put puts value into cache with key and expire time.
 	Put(key string, val interface{}, timeout int64) error
 	// Get gets cached value by given key.
 	Get(key string) interface{}
 	// Delete deletes cached value by given key.
 	Delete(key string) error
 	// Incr increases cached int-type value by given key as a counter.
 	Incr(key string) error
 	// Decr decreases cached int-type value by given key as a counter.
 	Decr(key string) error
 	// IsExist returns true if cached value exists.
 	IsExist(key string) bool
 	// Flush deletes all cached data.
 	Flush() error
 }
 // NewContext start cache service
 func NewContext() error {
 	var err error
@ -59,7 +41,7 @@ func NewContext() error {
 }
 // GetCache returns the currently configured cache
-func GetCache() Cache {
+func GetCache() mc.Cache {
 	return conn
 }
--- a/modules/context/captcha.go
+++ b/modules/context/captcha.go
@ -7,6 +7,7 @@ package context
 import (
 	"sync"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/setting"
 	"gitea.com/go-chi/captcha"
@ -21,6 +22,7 @@ func GetImageCaptcha() *captcha.Captcha {
 		cpt = captcha.NewCaptcha(captcha.Options{
 			SubURL: setting.AppSubURL,
 		})
 		cpt.Store = cache.GetCache()
 	})
 	return cpt
 }
--- a/modules/context/context.go
+++ b/modules/context/context.go
@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
 	mc "code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/middlewares"
 	"code.gitea.io/gitea/modules/setting"
@ -499,23 +500,8 @@ func getCsrfOpts() CsrfOptions {
 // Contexter initializes a classic context for a request.
 func Contexter() func(next http.Handler) http.Handler {
-	rnd := templates.HTMLRenderer()
+	var rnd = templates.HTMLRenderer()
 	var c cache.Cache
 	var err error
 	if setting.CacheService.Enabled {
 		c, err = cache.NewCacher(cache.Options{
 			Adapter:       setting.CacheService.Adapter,
 			AdapterConfig: setting.CacheService.Conn,
 			Interval:      setting.CacheService.Interval,
 		})
 		if err != nil {
 			panic(err)
 		}
 	}
 	var csrfOpts = getCsrfOpts()
 	//var flashEncryptionKey, _ = NewSecret()
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
@ -524,7 +510,7 @@ func Contexter() func(next http.Handler) http.Handler {
 			var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")
 			var ctx = Context{
 				Resp:    NewResponse(resp),
-				Cache:   c,
+				Cache:   mc.GetCache(),
 				Locale:  locale,
 				Link:    link,
 				Render:  rnd,
@ -571,16 +557,14 @@ func Contexter() func(next http.Handler) http.Handler {
 			}
 			ctx.Resp.Before(func(resp ResponseWriter) {
 				if flash := f.Encode(); len(flash) > 0 {
-					if err == nil {
+					middlewares.SetCookie(resp, "macaron_flash", flash, 0,
-						middlewares.SetCookie(resp, "macaron_flash", flash, 0,
+						setting.SessionConfig.CookiePath,
-							setting.SessionConfig.CookiePath,
+						middlewares.Domain(setting.SessionConfig.Domain),
-							middlewares.Domain(setting.SessionConfig.Domain),
+						middlewares.HTTPOnly(true),
-							middlewares.HTTPOnly(true),
+						middlewares.Secure(setting.SessionConfig.Secure),
-							middlewares.Secure(setting.SessionConfig.Secure),
+						//middlewares.SameSite(opt.SameSite), FIXME: we need a samesite config
-							//middlewares.SameSite(opt.SameSite), FIXME: we need a samesite config
+					)
-						)
+					return
 						return
 					}
 				}
 				ctx.SetCookie("macaron_flash", "", -1,
--- a/modules/setting/cache.go
+++ b/modules/setting/cache.go
@ -68,6 +68,10 @@ func newCacheService() {
 	if CacheService.Enabled {
 		log.Info("Cache Service Enabled")
 	} else {
 		log.Warn("Cache Service Disabled so that captcha disabled too")
 		// captcha depends on cache service
 		Service.EnableCaptcha = false
 	}
 	sec = Cfg.Section("cache.last_commit")
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@ -161,7 +161,9 @@ func WebRoutes() *web.Route {
 	mailer.InitMailRender(templates.Mailer())
-	r.Use(captcha.Captchaer(context.GetImageCaptcha()))
+	if setting.Service.EnableCaptcha {
 		r.Use(captcha.Captchaer(context.GetImageCaptcha()))
 	}
 	// Removed: toolbox.Toolboxer middleware will provide debug informations which seems unnecessary
 	r.Use(context.Contexter())
 	// Removed: SetAutoHead allow a get request redirect to head if get method is not exist
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@ -747,6 +747,7 @@ func LinkAccount(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("link_account")
 	ctx.Data["LinkAccountMode"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
@ -800,6 +801,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 	ctx.Data["LinkAccountModeSignIn"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
@ -885,6 +887,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
 	ctx.Data["LinkAccountModeRegister"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
@ -1063,6 +1066,7 @@ func SignUp(ctx *context.Context) {
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
@ -1083,6 +1087,7 @@ func SignUpPost(ctx *context.Context) {
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@ -329,6 +329,7 @@ func RegisterOpenID(ctx *context.Context) {
 	ctx.Data["PageIsOpenIDRegister"] = true
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
@ -360,6 +361,7 @@ func RegisterOpenIDPost(ctx *context.Context) {
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
--- a/templates/user/auth/signup_inner.tmpl
+++ b/templates/user/auth/signup_inner.tmpl
@ -37,7 +37,7 @@
 				{{if and .EnableCaptcha (eq .CaptchaType "image")}}
 					<div class="inline field">
 						<label></label>
-						{{.Captcha.CreateHtml}}
+						{{.Captcha.CreateHTML}}
 					</div>
 					<div class="required inline field {{if .Err_Captcha}}error{{end}}">
 						<label for="captcha">{{.i18n.Tr "captcha"}}</label>
--- a/templates/user/auth/signup_openid_register.tmpl
+++ b/templates/user/auth/signup_openid_register.tmpl
@ -23,7 +23,7 @@
 					{{if and .EnableCaptcha (eq .CaptchaType "image")}}
 						<div class="inline field">
 							<label></label>
-							{{.Captcha.CreateHtml}}
+							{{.Captcha.CreateHTML}}
 						</div>
 						<div class="required inline field {{if .Err_Captcha}}error{{end}}">
 							<label for="captcha">{{.i18n.Tr "captcha"}}</label>