From 8b4037b5492a65108739eda2f5eb6aaa33345e75 Mon Sep 17 00:00:00 2001 From: Peter Marheine Date: Tue, 7 Aug 2018 14:48:53 +1000 Subject: [PATCH] Check reCAPTCHA v2 responses when enabled Signed-off-by: Peter Marheine --- airsonic-main/pom.xml | 6 ++++++ .../player/controller/RecoverController.java | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml index d0b9b0e1..2c66531a 100755 --- a/airsonic-main/pom.xml +++ b/airsonic-main/pom.xml @@ -329,6 +329,12 @@ 0.1.2 + + de.triology.recaptchav2-java + recaptchav2-java + 1.0.2 + + org.apache.cxf diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java index 2c98c397..e095b349 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java @@ -1,5 +1,6 @@ package org.airsonic.player.controller; +import de.triology.recaptchav2java.ReCaptcha; import org.airsonic.player.domain.User; import org.airsonic.player.service.SecurityService; import org.airsonic.player.service.SettingsService; @@ -52,7 +53,18 @@ public class RecoverController { map.put("usernameOrEmail", usernameOrEmail); User user = getUserByUsernameOrEmail(usernameOrEmail); - if (user == null) { + boolean captchaOk; + if (settingsService.isCaptchaEnabled()) { + String recaptchaResponse = request.getParameter("g-recaptcha-response"); + ReCaptcha captcha = new ReCaptcha(settingsService.getRecaptchaSecretKey()); + captchaOk = recaptchaResponse != null && captcha.isValid(recaptchaResponse); + } else { + captchaOk = true; + } + + if (!captchaOk) { + map.put("error", "recover.error.invalidcaptcha"); + } else if (user == null) { map.put("error", "recover.error.usernotfound"); } else if (user.getEmail() == null) { map.put("error", "recover.error.noemail");