Fix captcha (#14488)

Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
go-gitea · Jan 27, 2021 · 41c0776 · 41c0776
1 parent 669ff8e
commit 41c0776
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 49 deletions.
diff --git a/modules/cache/cache.go b/modules/cache/cache.go
@@ -27,24 +27,6 @@ func newCache(cacheConfig setting.Cache) (mc.Cache, error) {
 	})
 }
 
-// Cache is the interface that operates the cache data.
-type Cache interface {
-	// Put puts value into cache with key and expire time.
-	Put(key string, val interface{}, timeout int64) error
-	// Get gets cached value by given key.
-	Get(key string) interface{}
-	// Delete deletes cached value by given key.
-	Delete(key string) error
-	// Incr increases cached int-type value by given key as a counter.
-	Incr(key string) error
-	// Decr decreases cached int-type value by given key as a counter.
-	Decr(key string) error
-	// IsExist returns true if cached value exists.
-	IsExist(key string) bool
-	// Flush deletes all cached data.
-	Flush() error
-}
-
 // NewContext start cache service
 func NewContext() error {
 	var err error
@@ -59,7 +41,7 @@ func NewContext() error {
 }
 
 // GetCache returns the currently configured cache
-func GetCache() Cache {
+func GetCache() mc.Cache {
 	return conn
 }
 

diff --git a/modules/context/captcha.go b/modules/context/captcha.go
@@ -7,6 +7,7 @@ package context
 import (
 	"sync"
 
+	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/setting"
 
 	"gitea.com/go-chi/captcha"
@@ -21,6 +22,7 @@ func GetImageCaptcha() *captcha.Captcha {
 		cpt = captcha.NewCaptcha(captcha.Options{
 			SubURL: setting.AppSubURL,
 		})
+		cpt.Store = cache.GetCache()
 	})
 	return cpt
 }
diff --git a/modules/context/context.go b/modules/context/context.go
@@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
+	mc "code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/middlewares"
 	"code.gitea.io/gitea/modules/setting"
@@ -499,23 +500,8 @@ func getCsrfOpts() CsrfOptions {
 
 // Contexter initializes a classic context for a request.
 func Contexter() func(next http.Handler) http.Handler {
-	rnd := templates.HTMLRenderer()
-
-	var c cache.Cache
-	var err error
-	if setting.CacheService.Enabled {
-		c, err = cache.NewCacher(cache.Options{
-			Adapter:       setting.CacheService.Adapter,
-			AdapterConfig: setting.CacheService.Conn,
-			Interval:      setting.CacheService.Interval,
-		})
-		if err != nil {
-			panic(err)
-		}
-	}
-
+	var rnd = templates.HTMLRenderer()
 	var csrfOpts = getCsrfOpts()
-	//var flashEncryptionKey, _ = NewSecret()
 
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
@@ -524,7 +510,7 @@ func Contexter() func(next http.Handler) http.Handler {
 			var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")
 			var ctx = Context{
 				Resp:    NewResponse(resp),
-				Cache:   c,
+				Cache:   mc.GetCache(),
 				Locale:  locale,
 				Link:    link,
 				Render:  rnd,
@@ -571,16 +557,14 @@ func Contexter() func(next http.Handler) http.Handler {
 			}
 			ctx.Resp.Before(func(resp ResponseWriter) {
 				if flash := f.Encode(); len(flash) > 0 {
-					if err == nil {
-						middlewares.SetCookie(resp, "macaron_flash", flash, 0,
-							setting.SessionConfig.CookiePath,
-							middlewares.Domain(setting.SessionConfig.Domain),
-							middlewares.HTTPOnly(true),
-							middlewares.Secure(setting.SessionConfig.Secure),
-							//middlewares.SameSite(opt.SameSite), FIXME: we need a samesite config
-						)
-						return
-					}
+					middlewares.SetCookie(resp, "macaron_flash", flash, 0,
+						setting.SessionConfig.CookiePath,
+						middlewares.Domain(setting.SessionConfig.Domain),
+						middlewares.HTTPOnly(true),
+						middlewares.Secure(setting.SessionConfig.Secure),
+						//middlewares.SameSite(opt.SameSite), FIXME: we need a samesite config
+					)
+					return
 				}
 
 				ctx.SetCookie("macaron_flash", "", -1,

diff --git a/modules/setting/cache.go b/modules/setting/cache.go
@@ -68,6 +68,10 @@ func newCacheService() {
 
 	if CacheService.Enabled {
 		log.Info("Cache Service Enabled")
+	} else {
+		log.Warn("Cache Service Disabled so that captcha disabled too")
+		// captcha depends on cache service
+		Service.EnableCaptcha = false
 	}
 
 	sec = Cfg.Section("cache.last_commit")

diff --git a/routers/routes/web.go b/routers/routes/web.go
@@ -161,7 +161,9 @@ func WebRoutes() *web.Route {
 
 	mailer.InitMailRender(templates.Mailer())
 
-	r.Use(captcha.Captchaer(context.GetImageCaptcha()))
+	if setting.Service.EnableCaptcha {
+		r.Use(captcha.Captchaer(context.GetImageCaptcha()))
+	}
 	// Removed: toolbox.Toolboxer middleware will provide debug informations which seems unnecessary
 	r.Use(context.Contexter())
 	// Removed: SetAutoHead allow a get request redirect to head if get method is not exist

diff --git a/routers/user/auth.go b/routers/user/auth.go
@@ -747,6 +747,7 @@ func LinkAccount(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("link_account")
 	ctx.Data["LinkAccountMode"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
@@ -800,6 +801,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 	ctx.Data["LinkAccountModeSignIn"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
@@ -885,6 +887,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
 	ctx.Data["LinkAccountModeRegister"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
@@ -1063,6 +1066,7 @@ func SignUp(ctx *context.Context) {
 
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
@@ -1083,6 +1087,7 @@ func SignUpPost(ctx *context.Context) {
 
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey

diff --git a/routers/user/auth_openid.go b/routers/user/auth_openid.go
@@ -329,6 +329,7 @@ func RegisterOpenID(ctx *context.Context) {
 	ctx.Data["PageIsOpenIDRegister"] = true
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
@@ -360,6 +361,7 @@ func RegisterOpenIDPost(ctx *context.Context) {
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
 	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = context.GetImageCaptcha()
 	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
 	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
 	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey

diff --git a/templates/user/auth/signup_inner.tmpl b/templates/user/auth/signup_inner.tmpl
@@ -37,7 +37,7 @@
 				{{if and .EnableCaptcha (eq .CaptchaType "image")}}
 					<div class="inline field">
 						<label></label>
-						{{.Captcha.CreateHtml}}
+						{{.Captcha.CreateHTML}}
 					</div>
 					<div class="required inline field {{if .Err_Captcha}}error{{end}}">
 						<label for="captcha">{{.i18n.Tr "captcha"}}</label>

diff --git a/templates/user/auth/signup_openid_register.tmpl b/templates/user/auth/signup_openid_register.tmpl
@@ -23,7 +23,7 @@
 					{{if and .EnableCaptcha (eq .CaptchaType "image")}}
 						<div class="inline field">
 							<label></label>
-							{{.Captcha.CreateHtml}}
+							{{.Captcha.CreateHTML}}
 						</div>
 						<div class="required inline field {{if .Err_Captcha}}error{{end}}">
 							<label for="captcha">{{.i18n.Tr "captcha"}}</label>