Check reCAPTCHA v2 responses when enabled

Signed-off-by: Peter Marheine <peter@taricorp.net>
master
Peter Marheine 6 years ago
parent 1b833003fb
commit 8b4037b549
  1. 6
      airsonic-main/pom.xml
  2. 14
      airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java

@ -329,6 +329,12 @@
<version>0.1.2</version> <version>0.1.2</version>
</dependency> </dependency>
<dependency>
<groupId>de.triology.recaptchav2-java</groupId>
<artifactId>recaptchav2-java</artifactId>
<version>1.0.2</version>
</dependency>
<!-- SONOS API / WSDL SUPPORT --> <!-- SONOS API / WSDL SUPPORT -->
<dependency> <dependency>
<groupId>org.apache.cxf</groupId> <groupId>org.apache.cxf</groupId>

@ -1,5 +1,6 @@
package org.airsonic.player.controller; package org.airsonic.player.controller;
import de.triology.recaptchav2java.ReCaptcha;
import org.airsonic.player.domain.User; import org.airsonic.player.domain.User;
import org.airsonic.player.service.SecurityService; import org.airsonic.player.service.SecurityService;
import org.airsonic.player.service.SettingsService; import org.airsonic.player.service.SettingsService;
@ -52,7 +53,18 @@ public class RecoverController {
map.put("usernameOrEmail", usernameOrEmail); map.put("usernameOrEmail", usernameOrEmail);
User user = getUserByUsernameOrEmail(usernameOrEmail); User user = getUserByUsernameOrEmail(usernameOrEmail);
if (user == null) { boolean captchaOk;
if (settingsService.isCaptchaEnabled()) {
String recaptchaResponse = request.getParameter("g-recaptcha-response");
ReCaptcha captcha = new ReCaptcha(settingsService.getRecaptchaSecretKey());
captchaOk = recaptchaResponse != null && captcha.isValid(recaptchaResponse);
} else {
captchaOk = true;
}
if (!captchaOk) {
map.put("error", "recover.error.invalidcaptcha");
} else if (user == null) {
map.put("error", "recover.error.usernotfound"); map.put("error", "recover.error.usernotfound");
} else if (user.getEmail() == null) { } else if (user.getEmail() == null) {
map.put("error", "recover.error.noemail"); map.put("error", "recover.error.noemail");

Loading…
Cancel
Save