diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml
index d0b9b0e1..2c66531a 100755
--- a/airsonic-main/pom.xml
+++ b/airsonic-main/pom.xml
@@ -329,6 +329,12 @@
0.1.2
+
+ de.triology.recaptchav2-java
+ recaptchav2-java
+ 1.0.2
+
+
org.apache.cxf
diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java
index 2c98c397..e095b349 100644
--- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java
+++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java
@@ -1,5 +1,6 @@
package org.airsonic.player.controller;
+import de.triology.recaptchav2java.ReCaptcha;
import org.airsonic.player.domain.User;
import org.airsonic.player.service.SecurityService;
import org.airsonic.player.service.SettingsService;
@@ -52,7 +53,18 @@ public class RecoverController {
map.put("usernameOrEmail", usernameOrEmail);
User user = getUserByUsernameOrEmail(usernameOrEmail);
- if (user == null) {
+ boolean captchaOk;
+ if (settingsService.isCaptchaEnabled()) {
+ String recaptchaResponse = request.getParameter("g-recaptcha-response");
+ ReCaptcha captcha = new ReCaptcha(settingsService.getRecaptchaSecretKey());
+ captchaOk = recaptchaResponse != null && captcha.isValid(recaptchaResponse);
+ } else {
+ captchaOk = true;
+ }
+
+ if (!captchaOk) {
+ map.put("error", "recover.error.invalidcaptcha");
+ } else if (user == null) {
map.put("error", "recover.error.usernotfound");
} else if (user.getEmail() == null) {
map.put("error", "recover.error.noemail");