From 749342f25e67cb342fbd5426a35b7d9b52450164 Mon Sep 17 00:00:00 2001 From: Peter Marheine Date: Tue, 7 Aug 2018 11:08:59 +1000 Subject: [PATCH 1/4] Remove captcha support It uses reCAPTCHA v1, which hasn't worked since March 2018. Signed-off-by: Peter Marheine --- airsonic-main/pom.xml | 6 ------ .../player/controller/RecoverController.java | 18 +----------------- .../src/main/webapp/WEB-INF/jsp/recover.jsp | 6 ------ .../0.0.8/recaptcha4j-0.0.8-sources.jar | Bin 7477 -> 0 bytes .../recaptcha4j/0.0.8/recaptcha4j-0.0.8.jar | Bin 10344 -> 0 bytes .../recaptcha4j/0.0.8/recaptcha4j-0.0.8.pom | 6 ------ 6 files changed, 1 insertion(+), 35 deletions(-) mode change 100644 => 100755 airsonic-main/pom.xml delete mode 100644 repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8-sources.jar delete mode 100644 repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8.jar delete mode 100644 repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8.pom diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml old mode 100644 new mode 100755 index ba26cc0e..d0b9b0e1 --- a/airsonic-main/pom.xml +++ b/airsonic-main/pom.xml @@ -323,12 +323,6 @@ 1.1.0 - - net.tanesha.recaptcha4j - recaptcha4j - 0.0.8 - - de.u-mass lastfm-java diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java index a05ad05a..63b2a6d8 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java @@ -1,8 +1,5 @@ package org.airsonic.player.controller; -import net.tanesha.recaptcha.ReCaptcha; -import net.tanesha.recaptcha.ReCaptchaFactory; -import net.tanesha.recaptcha.ReCaptchaResponse; import org.airsonic.player.domain.User; import org.airsonic.player.service.SecurityService; import org.airsonic.player.service.SettingsService; @@ -49,21 +46,13 @@ public class RecoverController { Map map = new HashMap(); String usernameOrEmail = StringUtils.trimToNull(request.getParameter("usernameOrEmail")); - ReCaptcha captcha = ReCaptchaFactory.newSecureReCaptcha("6LcZ3OMSAAAAANkKMdFdaNopWu9iS03V-nLOuoiH", - "6LcZ3OMSAAAAAPaFg89mEzs-Ft0fIu7wxfKtkwmQ", false); - boolean showCaptcha = true; if (usernameOrEmail != null) { map.put("usernameOrEmail", usernameOrEmail); User user = getUserByUsernameOrEmail(usernameOrEmail); - String challenge = request.getParameter("recaptcha_challenge_field"); - String uresponse = request.getParameter("recaptcha_response_field"); - ReCaptchaResponse captchaResponse = captcha.checkAnswer(request.getRemoteAddr(), challenge, uresponse); - if (!captchaResponse.isValid()) { - map.put("error", "recover.error.invalidcaptcha"); - } else if (user == null) { + if (user == null) { map.put("error", "recover.error.usernotfound"); } else if (user.getEmail() == null) { map.put("error", "recover.error.noemail"); @@ -74,17 +63,12 @@ public class RecoverController { user.setLdapAuthenticated(false); user.setPassword(password); securityService.updateUser(user); - showCaptcha = false; } else { map.put("error", "recover.error.sendfailed"); } } } - if (showCaptcha) { - map.put("captcha", captcha.createRecaptchaHtml(null, null)); - } - return new ModelAndView("recover", "model", map); } diff --git a/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp b/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp index dbcdc7e7..3ee0b042 100644 --- a/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp +++ b/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp @@ -21,12 +21,6 @@ "> - -

- -

-
-

diff --git a/repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8-sources.jar b/repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8-sources.jar deleted file mode 100644 index ce7c4bc1ef9b801cb026946959a617e25c5d698e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7477 zcmai31z40@6JEMQVkHHnyL*wYU06~|5Gm>Il5y7FL>d9t2&+U-?QT3wt~9xB7G{F@po0Pa?; z6#kT0@Ak39?LqKoHAQi#yo|J(I-8=*q2l0x0)&-q3=6`_G(0#`qslSKy|V7W0v_&T zfv`%TqO9d>Bm$Y+Y22DJBUJGrs%lOznaT+wF~2J~C16Gp@c2Ux3B0%yA`T*$BOt1d z5rm+__#+1M@cxCj%Q3M>B(e(FFda>0n}H zVCQ7?uQsIrXk+H&WcSBlsDL65RZt-@5~I_t!RyE8|IZmkt;4UA13*encO44CB< zhM@{dkNY63W6bh{5Y}P2NoKGjl!ZYaxta?MMlZXYCvpQM6<>_TlZIakJyAD~ zqI9ln(fwo6fA#&fkMbxK0RR}n0021t-FG!}Ydb5GpWa|c17bTbfcr>T?7C}`UXVAj zQI35GXf~twJ&NVyw~{`;ylT#J5MHuOP;tI*oQ}sUw+`(l^L!+Q!XR8Suwyt{$s3 z-vDt-K1xCm%45Qwpc*G3-!gY=gT8GEq7WB@m-ialOS|d!i^Y4>PSo^rE&S=Jmst>$ zlve5VyJ$p0%K0n}oC+LltK@bMj@CBmo5c0v6w^~V!(N;MNz|I9ESx{kd@Udx6m;0m zz8~AI?#SoU8th&dYSzXn=;`1?4wz43!Nubud?)y3997{Rw(5RI1jyio$d>YcENrLp ziya@jaDbrE^jKt2k4FYXp+N>u=!P>hO3)0`aYkW`^05qDIc{?CC~D_I!o+i#nOJVoi z=P3e>auD5xE%=LJk%US-$J8lSZ>xUHh1V6~5>qE_I**sn zLXUXw2Ip~1ex{2qMe{K zzbC|B*JkHx)YHA&wW)cV!)g9;ZK|3`{+iBy$tXh_dbaa?1m4kbHz63Jvwn0a-o!A1 zo)#L(mI9Y&O|0kYqvJ_~G7klPq&S1GPW0mAtz37G$3x(v3B%W#zGQj2ZJw>WA*R?- zPl+E|*se}ZO~u5@N5R|7a&HG8D^3z^oS|hQ}3o`MS%Px^gwp-1z9M=$+%%0G7NJ+Qi_q9F^}U5?Fgf=il7FS z`T=oWcD`7SP2>J!KB+2H0bbii6TX%USqrL3FVMsOSD-|(jJb_!b)(_Lp_6S75J^mE z#w74jjcKybz}9ya2)e0YI!EO~v@v}U>(}@=VLmtfhOSpW*M>gw58C$VX8Kr28kbwW z0h?tGd^%_u;VGonfQ!G$*_?-AW;A-`_bB54WPiFU3g?vCuSBRXS;A zaY8c^n?wEq=7~@WQfrk}@8;CNmOIfo*Acg;m7QBTWBx?#;xq~e)cq*0LuqnfmeurO zHDFJN!=5NK_H9c@e(AA1suUG=J}<4<$Es{zldlu=-?K&B_01A2p+#BdL)hN0Ny;ZU zAD(^AW%dL@5<|wZwNC0wiWVnJ7SPCsCK6ui-L&aeAH9uv^y(!QQn9tNKALHW(ER~# zejafF=fO4kJ`FeVn86LuRmu_QWDg!XD7!Ylf>E8(6=g*1W~dP-sKO#k+yljZ2M zxi<~%@lA8X!(&3WGVMNliV9_n`KNpvCsp7RuC{p2`g(bk_E(%6A_sN#*;R4C`_ef9=uUEmuF*61(Q-;06C5v-0^Su8&JDp#JSx6$ zz77$J2D4^B2eK$j=4tjj3u3sVryoEAKps;0pM_px5}xvi`7jAi_ZWW`k!)y0UX~tb z$J@ew$A|b0c{vIkb6Tm;`Ym*|@Wc1Ajq8zDz|L9%>a7uH_Je0(R2Qp?N)Ioy&n!Xb zq<_sA)izKF9XtTgf15Q}|2tzyyBV3-Ihotq{E|A75;~&iIBHyZu}==OOG>+i7Q)BfDX)^IM&)gU0R}paHDN zU`YzY66N+xa`)FN0x$!3=V3|-HONt!HP(mSczOn&Lgg?5!c;OU25pG}+K=t7>gf~T4Q3WE_0L=deO$qGE4I|IhBl)tiL!h8lBSwjIx zkHNu|h>(Mc(Y)bB8v0;uzcmJ+iF2KPq;zY}M5BTE@n=Ho`s3tPt9v~W!s9;Wuq_RO zVqS(z6?^H$-QjldcnXZXgiQ-e6>fk)b+Aw7MS0`uLr1ZJwkDh z99B)>-TM%~2M~2O;^_MeM3O_?G5K*ycaR?h90`T;tv(E%B6(hF_Q0m|vDBMNTq&hJ z*2vG;l(Vw;S4-3tacC0xrwzaAXhoiayPwwQI)$Mv9|kt#Yxi&kDm+j@vp@%{qf}&Q zPSbGKW%^Sz8obMTYd-XJ{ixaa%rOAZOm_mBR?1;eAn(Aph7gruj5LsJcKOGEo zVM{OROc0M#EyfF`*t1y-hASex@`A`K zK7ctx7adEav0hTjpR5)v0X2C`G5}fAb9Oc93B2}{WuC9f5S#ZDmm3_;;NN{awb$Z_ z{Dos|eY($UeZ`RH98-Z*onxIeO;}uD^Ay&84NchRC(3i;CUIK%K?N+hd(zJ~#h7qC^nmfq ze#(%BgA5mt!N5VS(HKUrx$lIW{L}#v`a<2xG<^H}rh@@Htr_ROx8IaAytHb~gj=HM zYEp+D#T{P--Yk{Emm>v;GMV>X8Dg~1c>A-kddO-QlEva9sp8?9AHm8$* z2c^{x_erlq@fIQq2%_NeQvaHGtr4g=PVCUAD+--9fMSJR?5CHgOvw0snlsNgpv zNb|=V(wY05%ql+!Qlgp}xBoJ-q=5U=uQ z5HMG?8?Ucuw41Y9t@CqoA(}74x1}^J$B}Ml=#_chyR_m0xWK38U&s;FG1H?AVo73n zjcH^Z6j!jtA0hM-L0ihNL!92rny*8ie?y-SA4S1zOu8t)V;8cdv_PJZWXmMlxub}L z;z^Mm@7*yvI)p^;-?hc__G0*Xe;3Q_Nb`FJf!65Z5z+M_Wp(76qHFe&nzpc)S^7WX zQLKVnWKVOOn+^p4@V~8R8U8ySvRUxKk*Ys+y?0QW}0^jy^HDu*}dL(|NH0@~(S zGPKcB9@%VHNRgg;5Z)qkJwckmHRa|?quOdfY;Gw)9ss#G-BDxi>^<4-FmhuXFJFr& z@VAYLc@bC@o7#@y(q&3aXPpW|tf38{dL0!zleP+XcpWaAYAg`o%q59t5jG0ZmZESe z!m?F)u1m9LZHL)Px3`@JN)ttZs)9t5o9m_m^HKFkpxkPI$R>a?qwMI2ng4%7{_hrSG|L>{^5 zvcCz1-6#8esEB8j?AN_KqZ@xT!3s;d#?^d z%OF6@dNHj~(nPe|iuyg_h*KiBzW}#`Ve7|m#+rK5bQQv-Hd(f|>0CT@zxOpPu|!qs z(vaz<7rWOYopkyBG26jNx`+XXt@3Di^Ch+x_iSY<&*f?4W`{rP>3npPH9n>=i7)OLaMett z(?{dV$NX|=y$R^IP3@G(^u9!Dc!`jK{BHHFYA+G3IVDH*P3Y5;H1cG!K2l;!-4^kcc<|R;o~30+ zS+y_bc{vwu%H{F?&Am1_a;z<%cblu|YP2RF>WNas3cS9U6D5P!Joj;O(fBsXQ!KpH zMon4q`bul3OzSZn)z`TtAlmBg^H3GQvB_j(znV{jyNgyc{!KvtN0QZi+ z+2i`Ed(TToLomo2$DG;w`D~tPNEq1iCG0#r38RkY)PDAcDO*=;g0EX9j`gA1eT8a5 zrgR~vxcSI8@2qD6fa>&8zMm&tYwD4fx^zXAb}1`Y?lny>>^(?6{kFn*f`KJ?D$J`j zKM1GNT{YdS;bb>aHEZ9=(qJ=rG=MiHVQA{)LQs zq`*f*zK)C_@HE6Bs8g)+++@7Wmk{~-c_8J1 zF;}iL*7K9bJRo5*`POC~oGy7IYp+Fa%Xg?!r|!mPL4Iw6mQya-qZ9Pf_^*S9(C`pl zWVGRg!c|`Asjh1wysagQ^#BIOQ>?lp;%u0dcMmP&GC9S>r{Iyv_$(g|C7A(rxp1^{ za?&>rQ$_S@#K3kY-MIp%D5F?htg6KJ3h)=bA;EXtcx*j%6CRtEG=^747rK&EYq5*+ z&1|0<)@q39x?79N1X#g(>KK-a)rM$~J&`_-W1Q4xCJqY^4GazCbQ6moe}xJ84NkXJ za=kHQW3(osLBD_g+RXNWNzcyxJaWxathUXytT+^$%!%;GnoPg6r&#mTmCGq}g1ALV zBnH4C(F9X=)u1pxw868M#A%i~0UwdIhUTu!+=iCbPrcuvnl|v9Ph{6}Uyu9A_t#G; z(G?iaOH%HNo_|~B5RKS4d8I0XH41y$IL-EjXh^d0Mair=6xz)sZUU-%Qo3HPe|?l9 zNoIVB^F71k(Cy2@chHP0u)Vj8<8=nkbA1c{Bac0s)P)nJ``5JvIm_Q;s9Fz&;j^12 z6GP1hC*4trShSCI#F*=_Qc&?=yEW7|1`N1lNET2rztNJ>7z1*(PyK>*V{e)-Uv_2SLUjDJy-nBh- zlgu>ZZomELZomCl{(G-gHF31FwQ)50Wxw@SQ?Z=q!1aOV+^qJgJu!Uq-2}#=mHd3L z%#jlM|R$WlW))r1I zLv;kJq8FR8_6j_D(_<{tT(ONtJ_3MtiI|6QN4FNxp zF??_W*|-;~KAn4d4CuX4^Ce%Ke&;9Ss#N0vr{pd#xCwWc47Le(nHTy7@gf~3Ja5S1 z;=QE;N5F3$$T7H18xniM$o8eAXagAXU@L^|#lk8LWirL<*mc>3VmV6=p9-zy3^(mb zTGx}cUmO?mDkWvUid!c|p&fn4w@|HR)RD+KZRO=7L%b7i6_jg`@9Z~$tCOuVUUISS zfDAq)uR&#IB&CUQDO+7XWr$4(%g3)vK1Xp@%>2}71`#umm79hKQN&=tDwXkVQ9 zVA@gCwy=6C@G`fO0Mo~lu%B>e)mPz3y!1IG4NVuHaj#PZ$i=v^hv5{@+V18n$jJ-O zZiXN#3Z0Rkj7r&FMNaYQgnf2Iq?Iq-`%>@x)aOs|->zLAUYcm#V`aZLhTcSoO0asR zoo8LQCmL1*QmAdHkr5U?Sj%nTnQSqgS?Ok998Xstjj$u-R(Dc^k-fVy5gkmQN$amIQx4)&^-k3P?-M{|< D&aIuG diff --git a/repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8.jar b/repo/net/tanesha/recaptcha4j/recaptcha4j/0.0.8/recaptcha4j-0.0.8.jar deleted file mode 100644 index 03460d70c55bc327fcde1f1c53fb36455686dfa5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10344 zcmbVS1z1&C*9HkCB`ysj-QcAg>E_a17r1nHcXy+dlt_1%gmg&8=zC3Xc>ED><)h%jNPK$q7C)O$e^HxewqO6{m85#j(?8*?-t0vTR4KP zAr7YC|6+;#lchbx5Nzvc_+Nbpe(7WC=xFX=| zcoEp^?I@c0+>AfTc(RnXOfSsJ>1BJ4T#;28`8&zzT~U@i@%NB|nxrwd_m~HvGlbxi zFm?nd5r=5GLs{VXdc}x-WYDLRY*3?tU&GzA^V|snuJa74gJwvo?#UK|aE%3sNGV-% z)YN)vAg&%;7(k#a!IJp(=238Gy^%>#4PnFv#rbx*5R@q*ScIBD8LmPs#LXUHIB6zN zltoymY@!dklSwz2Jlr(ph>;bVy#ioJJm8-b3g_f4JM}LXO%)svd+q*Ac$q^ZE?J6y z_Q2Cp(wM%Fw7PvZZX`#2D-el^!{lhXL}D3CQAC7?N6<%L$I*^57jb3=NiNn zUg7N+9))Y6cYoYp-zO`pt;DnN5DF^hF%%T=zfV@l%*xgh^7E9F)Q~&?Q+VDcHq|_M z_8L`waDiwrmW*l7ixqHcU+9xJX_#V+qZJNWQ>FzC4>>zyhqi)|rVO+ga_V$7_ZeDK zq-V3xv-b^ec)yT*!LwRosg`8#$EPPT8Mzv9;aR%Lw4wZZJu3dHJ%aPDD2pgHvL-Up zUve9v24 z3F;BWE2rM>yuiAJ5EsKd){JfG#`SjHM*M| zn4gDsjtD;Vm7ilGVdb{?FwvATDDj9loyGn<7o(*zIv2weW;2g5o8%?Ssj?Ymsg|K8 zH%OAx%(&)OVR#_SNp!pVje{t{abEU(Yn}0Sw^`}Tdlt=(5nFbv`Jj*E3o<0-#H*}k z<_S&RmsKBJh3YBxqE%jVm}_y7HNQ11mGJL1D0`3QgU7D;`uK7-Qn$h(Uy#D4e?Ypx z#YI#K6hlsP{(2b0aNl-=tGeE2dYZVJ-s;@8pE1!Ae!LbB{EAT)I4SZ~@e%D~qB7JK z!%ziTv+=*~o>nJZ(cYhMuQ=o>zlj(gk2gT0hB0_pETF{xU zOH4;99hDvg)0Tz~Jfp)|(Wf~&>xD6=YLh49F-DJJ_EDAF2XB>+=~ixMIuCpB7xWU#@`?l1_dU3B9ye6eP9;y_ zo~GpIr^7R6;RT!3Z)()5KA{*dGC+Nc{^qtcd}-x^_U>u0z$%FOu4EOlY@mVieOuWo zlk4+tlteeW{^~f$W<_^NQBye6Dt|EM>JyTK!qaD1z0a}@o^UiuGr`bpi@-DSaHsS4 zXM|&_)vV_|CLXwy=zhSTY$x6Qh@V6vw`tM5In&)}LDlY|jr8`lz%?F1OSE%sCND&j z#!5`jZ{f*DY zqPA|F!JITU6e~j%;7#r}D#mSP*d3~~#aBE!lh3ToGs428<5^ZsW)3U~91#o1rf`&? z;)BsMcH6LiWbT>680jP@L}l?!Le@os9#+HNKzX~s5oigC%+_o8Dp@rmZ~@DaSI>gRVEs4)uGE#5h1b=rITjWsyTbPo3e&ZsT&}zVi2GIRMicJ=ZbF< z0YPusM!p7t|1jioYb$awc`ZQu?1TovY>W4S8rShMNi?*012jT(QL*nA*B2m!m}P|- z^(JWIU1|?${A5L>*xu$%beYSXHfEv1kxSl0S3IXKB>CR0N|F_ula)1n(lH{GM1>_P z@%0O|7s7^<#3-(0_IM}`U%$9a>WLW&9o#)!KVVMXTn54Bo+Jg@Ko74Wg^npnyDH(O zi30AHw8dC=(|VKV!{lq@Fi;ka-;?bH_M#i-kVzQker{<`)LW%mp%|D**HP!L^D8AJ zXf)5+6r21UP=l9-wlV5_u;0OcYC9c5L@!Qq>^K z2egSQwr!lwsk?Gld=GdB;TLs7q6ZVRTw$Od@m#w}JrNcF7Wd-9+s3->flGRUeG{i> zy;Qis=jA+w9Pbtfv5-We6rd%CGL2L{%hyoIfkST|my-o`-MXjP!sEODo^#y zqik2*Eohr%Y&~W0fHkKD&QSy`S_|?M>@E-|zIr=0vu7I2K6K~IC>?YAVn8CQy>sXW zVJCG2Psc1mGJ99fNJSo;V%ED1jrYrhG`3Ilz>H?b4*ouYd3aYE4+KWGM}Z-0m$5hX z)Ni}KygjDrv(40(QSL*_nIf%0aUCZKcr|Mp$s&bF-iTcj+vxr-TQv4gNAq%LyjBIS zLAvI$MhFQ=ur}27>MalK@%znaVKidM?QYS+F?H)TYg@ zOl5PKplz3M6GP)k+4H%znmk^cb>zp!Xt-2C;6ysn1NQ|Ft7`)Tb174@C`mW1X_OMK1IFG5 zz%Os+aAfB4e4c+T$gkF?QNTQXV(e`E_G)wf<;|C^UZ!^|?ZeCHd*pS@p&jh`rbBhW z*8u0pC0Q_2*o$m(7FD5ap zJON=*#Vgo;F=cLQA>|9B3mJ`T0bGXM#`vk@P!MX)pfLPkO0GugidUm|N65li!;)PZ zx1#sfk#oL^#-#6yiIuEaFeq2yc z>~z`VB%Z5KiU~^unid&Lqua`^l4ltsg4t(kXWm=12|zCXN_A7|MFJ6=;6=a)?KaY8@n12E3LYEopzp)Q;?V80UTiJ`LTvzT@ced{bDvs3S z?Q^5UxaG+|g&Pe!f}3S)$sw31;(kpg0?wJrpYP0TmF;6QkW?@xV%otnv*dj)am`4Q zCSsBh%YdOszG{V`=w5*)rV{M(`KR;J-8#CX?LFfTzu#dD|Gv8vAr7`S)(((Aj!Uwj z&gW=e(lipK{-IB^!g>OHiN8SOGl_r-5O6UX86Ysy6%e1%*qsX*ew*V z_qUxjUrSxEXdb+)?oL9E`i%7cO?Dsx3=buSM5?-A_{!0%0HBe#Si?SQ5E1nf`}t0* z6BJN0uNX~IX|ljTAM5ngvFS~V7*NLpt~kjgbSm0pEE5YHbxvOk6Ldt3(HiQMxD9ho zieHMHC2!gVK#Vd7U#K{pE6|1_rp+_ilI0N2FtD|#~Q}?^odLNYZcLb zh5PG+p=d}`@WXw`^6$e(@$aGg{fY4HgsXtex54(P=fx4UB^dew#@0{Vweih|J9zJ}Oy(xBSxuhJk~RG9Kv&jk<%A)ag^ql`?lN zqiTN#(9;>z$#lo+TM{CbvL>T4aUIYFYjE*q_)43i8S0f z_-N91n@2n^0ArrPs}P$)X<1rV1{Lh0&8d{FtP=cnX=rp=FT?H=FIM+i6`Frv8p-<; z*6+)s7U2U>!@3K$tV$RT>=p8tuBD$B>fEeM6q4pZkT5lUAQ>v@`+zoM@1xN}XOp_> zYJ?iqLd|*e(o!!|J$`en8h%qNA)0U%x~c2V3$3r1XU)~sY5P?)J4|m|9rU(%wmi4e zJ#0Q+A6noj1fbqh`4Tm#b@zU%Bzh%(EP2%mVt;kAb_aFapoaP+b~vEws)qO#!t(^? z$Nh&UFs`_-l#WBg#Z^3Y<@lz3dyfN&K}DBBP{Wrw#Gpb~ZeJ@`vF>Wx%!Eaz!po}g z@`6iq--^-V%hYfjWlx=M4&`)JJF#vK6;J8z2yagwU*|#~)7vElAOmz8-9{TuyGBdi zD&*>mH;isaiRI=k=bKfP#xE`5Gs@cX$1nok+r6R!-g){vecNquZR5wn;=MOF!PfxT zhcP=7?)0T;N|nG~_Mt*XxTt1&maXl4hv%TJAb+gSiaZ_Kw-$j-eHf5_E0*Hd#4+Pa$Oe{JbaYDKx=K=k>fEh3lNsOKzZ# zM*XdCokC^t7(t)WM0|U?t=NFJwRvm2u~{JH#c(zHx@}E78W)#*e?a+}t-@V9ub!fn z4<6U}v}hGsB|ZjC9B13a(6EF;Yj}6W%UM^pU@=j~!95HkGn)Dl_48x&dD4EoIS;m# zHcW&#C*;9A$98PIL3Ex3$(L-}GH-&oy44Ho-uUBJsgB@{Tk(+*f?0g;BKtNR8>Ppw zN_Z6+ZY7PuTx*g zUNg+F;LmCk`RX=dj}u!j-B`o0>T?@N^)wZY%1IfKyF~MYUr5^d->Jq?70(}7*3AeKCjf4)X^Urm`A9bx0OD#a+;y(VD*IJ zjVVjOdlJ)aY;4T^hTejffg4jbpZ@h}Nj8|teW#tYt_LwBK3MS79JjN=zs{wg1Q@Ux zdUgH2;xQRMeBRNM!s^EOw2!yzdGyWjhgrOga_6S^N6FP*5L=7itMSh$L4h1qd<*s2 ziAQ`vuZ0GbwlO}Qu5ICa`_;ShGFIW^MZ7l;G2pGh}assVZ)~%GtyAtY>5K_=q!EOz6Zo5|~-o^SlW{|N;-hqF-B&?G9QihsfRTZ_4ex+8hN;s zRG4@eKJQ39Fp#uYU$T-J=*p!o=?;%5vs5Eb$LLWW*a=%`FjFGuH6+ha1{oFaHQQq* z428tM~PFR#L0)6&LqPN4!n90OGlSfpy8XXLWglMavPtFaFneG%%4iJ_~SC}q~iG3!HTyBNC1df^D z2I-{5I^ta;f_(<(%JlqM994%CBBlEYP*eHSoa^U`H$R9Gq0gH)`BOGAnUg3TRfYXtX_%`;V63qQTfkeSo&z9~ZMD2wu>Wp6mF zSWWtT5OtpA%GC_1vZ?aF$SE@KDNSce_U22mZwWCPX^?KP8G}Z39h$h72hyuBcIFo$ z4V@-t5>#1^_l6`q%ScC};bYe@{%8bgm;T5qGd$t%bZcYqFlO>17n)>Ggz2Ukie8Ya zw>~+F!)`&1UAOc2pz7F)@FFG3>-KoW;l`uoQ1_5$+siGbNl!QSmR&yif@2;S9epIg zmU*s@!}pK^Uz<51)pU#_V$O7!em4haS-=r>mws2zo}_1%JvVtDzeqO*id~;eb1YDG zZ>vNVstcMhutnIqmjpEKJcEZ;ZH4XUR^!VvFE-?iligS`C>+}gJ);8`Qf$bkY~X}J zR|hryDjdhv<_>|3tD(7K4bCE! z=}&B)1z66t-bt|&1>F&u@V;{l<|jLr1M2>95+?j z6|grLqt3khB;LlH|}Y*ha47&3Cvq~h?h*?sYmb`QXV zZSs~{aqp^N1%P~RUU>X8dWBPAq+;`ZO$Vs-Q`}0C6e0iP76~izXhm@{Fy~D_ooP%8t7 zQcMe&8p0Yq0|>?E^Y+uW_I1|c4=N<`$3yWno#Gu_jDPa57qd>WgxcmeQ%fs^k0x|jw z4xHh=t{c1^n75J`UjRDp@E4WF;f^92V3$TeQ{&c!sF*RqCbgVxZ$*=dE3CYYTt-nu z{!MefGoL^B+~4bI_Zjma^)xH6GsODOBhBB9ss3(!U&>yYXZeZM{J(&({Qp7z z3GfkA*L_9Jhu!|ACER@_4IK)K`+ozpwXtG!wX$qg)38}!NAs@p3EDj`P1@#!#>cIS z?~$7TIOBh?9_NRvVV$;Th0;K@QbjQm-xxK0xLDHi7K z`m%Fh)fsYemlr zD%bf@r6q8f_=&u^hg6HWpR1jps49=$u6Qz*_@~R5-UNS2W0fs4iEYUaPokAnqSKNd zcR4Kf4;VpXF2EZmPpp~Ph-`bYMgHt5Q&Q^Ud&M>DPK@!m!G~|3E~Wd84t3et=YjnYOx@bA^;Hp zA285ZTM43s$|;4zCB4o!kxkO}o8In2n<5ad)ojWa$4O#YXLshi4!FQC`>J|rAbf%UAF>=xHb-_`#$GNz%Si$Li23OU3kJ5HL;&oo8Q`u`GxoUgvL_afxrCK;aEI!lbC(R56U174_a&xS&N?|yr z>CgS=Fnib}L?Wo;DJEE8xk8OTWGiE=WA(w&btrEr@M(U6C|z#iHQ^1QFYT*n?@P!b zb07luCRMxio)5|$cXXsY>Cy+-*`|4@Lu?SfJ~pWsG+PZlcm zm}GZfP=L$F=lZ;BY92tr()u2n^5eLvlRDiJFU|`aqSVvU37ZUARV>8vc(rX+EWtMB zck7Xi>aTr!sqM7EQJC&T-9V~?_7jQm2K`GXbmk3zdrcU2SLrC+kq0H)eGFc+UC-o4 z_?wyC_xHS^S^+1h^Y7LtPb{W8O**nK@9?lUDvpPF5IdrM6H)f*ri-Iu)7|Y)koI{N z72C+@1s$=~WvV@O(paifVQHEUG7N+<4iLA^7F3-BoiLiIdPwI)m4>w1^c9b=8$PB& zUMTW$u5B(9DO&{bRk)gL1+4?<0CIBCb#GT{@hBIx!C&?%-)2pfh8AjdElJcNAEcoV zoAt;I0()iPpYGsNB^ugnS8|D+-$s8>B?8D`tU1=NzLAm8{miJM2SBE9*LctvXHe+t z$+Me@JWnFUPP#eM`$5uqg202I-bjjjgdUt_=j5x@dhm3kVpk=+9Khmha|=s6q+!3) zBYg|ca4`wYR>nS^liG}6F+1v>K(px@8jVtKrW#UEp3J9q=r(&}ETqSe`q9Dqu1hVG z!OmMd$`TY1Lz4pxBzs19DQRT+yp6!zy5}8qb$O;buMz<&At?{$EBKdU3t}4#7Emj( za7p=WymN02o{o@iF7x&4KhaafMJf}#9QI}Ar2rJW;fn=Rmo*qhn0B%wKASjuMl;_> z+CB7$-!8{C?E=Tj-P5rD$&U5D$<}>wS1mueCuOoHv;_$Cy5cdMVbyjyYkiEObf+di zHwOO*X!W#Fd67usv8VAz#Y9;r%!8n4}L#}OAP68L)I8Mio+%jKAZ*Mq9%Yfqoq(5q9Ohj&g5yxX6zoV#5& zczZIcCoc{C008rAk;?sq?i(7^{ue|cWKHWK>sXG`2#A?&;6G`eSlB)a|sn;LS5VU`V{+?<48S>|p+mCi`2+UvWcV9%{@%XrfBE~Z{HHGM z4<7x;e*L@ix10Niv)A99?}zvcUj1v(Z_N4!Xy^YQ^v|31H{$+B2mj2p|L7vm50mh3 zQ~uSc|FeVNdH0W{ee|2i@8`F{kA7xI{^x#vyc^`D;o!ePV%-0f-ya-uNx%K~e-UM$ AeE - 4.0.0 - net.tanesha.recaptcha4j - recaptcha4j - 0.0.8 - \ No newline at end of file From a928b9ee3ff62a8eb1b5be7f380b6941ca7d7358 Mon Sep 17 00:00:00 2001 From: Peter Marheine Date: Tue, 7 Aug 2018 13:52:48 +1000 Subject: [PATCH 2/4] Add settings for CAPTCHA in account recovery. Allowing users to enable it and specify the site and secret key to use with reCAPTCHA. The old hard-coded keys were insecure; the secret key must not be distributed publicly. The current defaults are the test keys provided at https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do Signed-off-by: Peter Marheine --- .../command/AdvancedSettingsCommand.java | 28 ++++++++++++++++ .../AdvancedSettingsController.java | 9 ++++++ .../player/service/SettingsService.java | 32 +++++++++++++++++++ .../player/i18n/ResourceBundle_en.properties | 9 ++++++ .../webapp/WEB-INF/jsp/advancedSettings.jsp | 29 ++++++++++++++++- 5 files changed, 106 insertions(+), 1 deletion(-) diff --git a/airsonic-main/src/main/java/org/airsonic/player/command/AdvancedSettingsCommand.java b/airsonic-main/src/main/java/org/airsonic/player/command/AdvancedSettingsCommand.java index 71e44cc4..ab11386e 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/command/AdvancedSettingsCommand.java +++ b/airsonic-main/src/main/java/org/airsonic/player/command/AdvancedSettingsCommand.java @@ -45,6 +45,10 @@ public class AdvancedSettingsCommand { private String smtpPassword; private String smtpFrom; + private boolean captchaEnabled; + private String recaptchaSiteKey; + private String recaptchaSecretKey; + public String getDownloadLimit() { return downloadLimit; } @@ -167,4 +171,28 @@ public class AdvancedSettingsCommand { public void setSmtpFrom(String smtpFrom) { this.smtpFrom = smtpFrom; } + + public boolean isCaptchaEnabled() { + return captchaEnabled; + } + + public void setCaptchaEnabled(boolean captchaEnabled) { + this.captchaEnabled = captchaEnabled; + } + + public String getRecaptchaSiteKey() { + return recaptchaSiteKey; + } + + public void setRecaptchaSiteKey(String recaptchaSiteKey) { + this.recaptchaSiteKey = recaptchaSiteKey; + } + + public String getRecaptchaSecretKey() { + return recaptchaSecretKey; + } + + public void setRecaptchaSecretKey(String recaptchaSecretKey) { + this.recaptchaSecretKey = recaptchaSecretKey; + } } diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/AdvancedSettingsController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/AdvancedSettingsController.java index a682bedd..96f9864f 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/AdvancedSettingsController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/AdvancedSettingsController.java @@ -61,6 +61,9 @@ public class AdvancedSettingsController { command.setSmtpUser(settingsService.getSmtpUser()); command.setSmtpFrom(settingsService.getSmtpFrom()); + command.setCaptchaEnabled(settingsService.isCaptchaEnabled()); + command.setRecaptchaSiteKey(settingsService.getRecaptchaSiteKey()); + model.addAttribute("command", command); return "advancedSettings"; } @@ -98,6 +101,12 @@ public class AdvancedSettingsController { settingsService.setSmtpPassword(command.getSmtpPassword()); } + settingsService.setCaptchaEnabled(command.isCaptchaEnabled()); + settingsService.setRecaptchaSiteKey(command.getRecaptchaSiteKey()); + if (StringUtils.isNotEmpty(command.getRecaptchaSecretKey())) { + settingsService.setRecaptchaSecretKey(command.getRecaptchaSecretKey()); + } + settingsService.save(); return "redirect:advancedSettings.view"; diff --git a/airsonic-main/src/main/java/org/airsonic/player/service/SettingsService.java b/airsonic-main/src/main/java/org/airsonic/player/service/SettingsService.java index c9463280..1ba3702f 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/service/SettingsService.java +++ b/airsonic-main/src/main/java/org/airsonic/player/service/SettingsService.java @@ -117,6 +117,10 @@ public class SettingsService { private static final String KEY_IGNORE_SYMLINKS = "IgnoreSymLinks"; private static final String KEY_EXCLUDE_PATTERN_STRING = "ExcludePattern"; + private static final String KEY_CAPTCHA_ENABLED = "CaptchaEnabled"; + private static final String KEY_RECAPTCHA_SITE_KEY = "ReCaptchaSiteKey"; + private static final String KEY_RECAPTCHA_SECRET_KEY = "ReCaptchaSecretKey"; + // Database Settings private static final String KEY_DATABASE_CONFIG_TYPE = "DatabaseConfigType"; private static final String KEY_DATABASE_CONFIG_EMBED_DRIVER = "DatabaseConfigEmbedDriver"; @@ -193,6 +197,10 @@ public class SettingsService { private static final String DEFAULT_SMTP_PASSWORD = null; private static final String DEFAULT_SMTP_FROM = "airsonic@airsonic.org"; + private static final boolean DEFAULT_CAPTCHA_ENABLED = false; + private static final String DEFAULT_RECAPTCHA_SITE_KEY = "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"; + private static final String DEFAULT_RECAPTCHA_SECRET_KEY = "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"; + private static final DataSourceConfigType DEFAULT_DATABASE_CONFIG_TYPE = DataSourceConfigType.LEGACY; private static final String DEFAULT_DATABASE_CONFIG_EMBED_DRIVER = null; private static final String DEFAULT_DATABASE_CONFIG_EMBED_URL = null; @@ -1311,6 +1319,30 @@ public class SettingsService { setString(KEY_SMTP_FROM, smtpFrom); } + public boolean isCaptchaEnabled() { + return getBoolean(KEY_CAPTCHA_ENABLED, DEFAULT_CAPTCHA_ENABLED); + } + + public void setCaptchaEnabled(boolean captchaEnabled) { + setBoolean(KEY_CAPTCHA_ENABLED, captchaEnabled); + } + + public String getRecaptchaSiteKey() { + return getProperty(KEY_RECAPTCHA_SITE_KEY, DEFAULT_RECAPTCHA_SITE_KEY); + } + + public void setRecaptchaSiteKey(String recaptchaSiteKey) { + setString(KEY_RECAPTCHA_SITE_KEY, recaptchaSiteKey); + } + + public String getRecaptchaSecretKey() { + return getProperty(KEY_RECAPTCHA_SECRET_KEY, DEFAULT_RECAPTCHA_SECRET_KEY); + } + + public void setRecaptchaSecretKey(String recaptchaSecretKey) { + setString(KEY_RECAPTCHA_SECRET_KEY, recaptchaSecretKey); + } + public DataSourceConfigType getDatabaseConfigType() { String raw = getString(KEY_DATABASE_CONFIG_TYPE, DEFAULT_DATABASE_CONFIG_TYPE.name()); return DataSourceConfigType.valueOf(StringUtils.upperCase(raw)); diff --git a/airsonic-main/src/main/resources/org/airsonic/player/i18n/ResourceBundle_en.properties b/airsonic-main/src/main/resources/org/airsonic/player/i18n/ResourceBundle_en.properties index b14e9356..09831897 100644 --- a/airsonic-main/src/main/resources/org/airsonic/player/i18n/ResourceBundle_en.properties +++ b/airsonic-main/src/main/resources/org/airsonic/player/i18n/ResourceBundle_en.properties @@ -338,6 +338,9 @@ advancedsettings.smtpEncryption.none=None advancedsettings.smtpEncryption.starttls=STARTTLS advancedsettings.smtpEncryption.ssl=SSL/TLS advancedsettings.smtpFrom=E-mail sender +advancedsettings.enableCaptcha=Require CAPTCHA for account recovery +advancedsettings.recaptchaSiteKey=reCAPTCHA site key +advancedsettings.recaptchaSecretKey=reCAPTCHA secret key # personalSettings.jsp personalsettings.title=Personal settings for {0} personalsettings.language=Language @@ -730,6 +733,12 @@ helppopup.smtpEncryption.title=SMTP Encryption helppopup.smtpEncryption.text=

Encryption method used for connections to the SMTP server. Choose "None" for no encryption.

helppopup.smtpFrom.title=From address helppopup.smtpFrom.text=

The sender address for e-mails originating from the Airsonic server. Must be a valid e-mail address.

+helppopup.captcha.title=CAPTCHA +helppopup.captcha.text=

When enabled, users must solve a CAPTCHA to prove they are human when requesting a password reset.

Requires registration with an external service; see the documentation.

+helppopup.recaptchaSiteKey.title=reCAPTCHA site key +helppopup.recaptchaSiteKey.text=

A site key obtained from the reCAPTCHA admin console.

+helppopup.recaptchaSecretKey.title=reCAPTCHA secret key +helppopup.recaptchaSecretKey.text=

A secret key obtained from the reCAPTCHA admin console. Left unchanged if blank.

helppopup.scanMediaFolders.title=Media folders scanning rules helppopup.scanMediaFolders.text=

Note that subfolder names starting with a dot (.) or @eaDir, as well as Thumbs.db files, are ignored.

# wap/index.jsp diff --git a/airsonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp b/airsonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp index 66937f7a..42fb932e 100644 --- a/airsonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp +++ b/airsonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp @@ -91,7 +91,34 @@ + + + + + + + + + + + + + + +
+ + + +
+ + +
+ + +
@@ -152,4 +179,4 @@ - \ No newline at end of file + From 1b833003fbf1e890b33e536663b09893e7a1f7f5 Mon Sep 17 00:00:00 2001 From: Peter Marheine Date: Tue, 7 Aug 2018 14:09:34 +1000 Subject: [PATCH 3/4] Bring back an optional reCAPTCHA v2 Only showing it in the recovery view, not yet validating the result. Signed-off-by: Peter Marheine --- .../org/airsonic/player/controller/RecoverController.java | 4 ++++ airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java index 63b2a6d8..2c98c397 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java @@ -69,6 +69,10 @@ public class RecoverController { } } + if (settingsService.isCaptchaEnabled()) { + map.put("recaptchaSiteKey", settingsService.getRecaptchaSiteKey()); + } + return new ModelAndView("recover", "model", map); } diff --git a/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp b/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp index 3ee0b042..ff26a610 100644 --- a/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp +++ b/airsonic-main/src/main/webapp/WEB-INF/jsp/recover.jsp @@ -21,6 +21,13 @@ "> + +

+ +

+

+
+

From 8b4037b5492a65108739eda2f5eb6aaa33345e75 Mon Sep 17 00:00:00 2001 From: Peter Marheine Date: Tue, 7 Aug 2018 14:48:53 +1000 Subject: [PATCH 4/4] Check reCAPTCHA v2 responses when enabled Signed-off-by: Peter Marheine --- airsonic-main/pom.xml | 6 ++++++ .../player/controller/RecoverController.java | 14 +++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml index d0b9b0e1..2c66531a 100755 --- a/airsonic-main/pom.xml +++ b/airsonic-main/pom.xml @@ -329,6 +329,12 @@ 0.1.2 + + de.triology.recaptchav2-java + recaptchav2-java + 1.0.2 + + org.apache.cxf diff --git a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java index 2c98c397..e095b349 100644 --- a/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java +++ b/airsonic-main/src/main/java/org/airsonic/player/controller/RecoverController.java @@ -1,5 +1,6 @@ package org.airsonic.player.controller; +import de.triology.recaptchav2java.ReCaptcha; import org.airsonic.player.domain.User; import org.airsonic.player.service.SecurityService; import org.airsonic.player.service.SettingsService; @@ -52,7 +53,18 @@ public class RecoverController { map.put("usernameOrEmail", usernameOrEmail); User user = getUserByUsernameOrEmail(usernameOrEmail); - if (user == null) { + boolean captchaOk; + if (settingsService.isCaptchaEnabled()) { + String recaptchaResponse = request.getParameter("g-recaptcha-response"); + ReCaptcha captcha = new ReCaptcha(settingsService.getRecaptchaSecretKey()); + captchaOk = recaptchaResponse != null && captcha.isValid(recaptchaResponse); + } else { + captchaOk = true; + } + + if (!captchaOk) { + map.put("error", "recover.error.invalidcaptcha"); + } else if (user == null) { map.put("error", "recover.error.usernotfound"); } else if (user.getEmail() == null) { map.put("error", "recover.error.noemail");