form: fix captcha

wouldn't compile (not sure why i didn't notice) and after fixing, the check was being performed after deleting the invite so would always fail.
2024-12-22 09:00:10 +00:00 · 2022-01-13 20:39:51 +00:00 · 2022-01-13 20:39:51 +00:00 · 1c942186aa
commit 1c942186aa
parent d9f8785372
4 changed files with 13 additions and 8 deletions
--- a/api.go
+++ b/api.go
@ -628,6 +628,11 @@ func (app *appContext) NewUser(gc *gin.Context) {
 	var req newUserDTO
 	gc.BindJSON(&req)
 	app.debug.Printf("%s: New user attempt", req.Code)
+	if app.config.Section("captcha").Key("enabled").MustBool(false) && !app.verifyCaptcha(req.Code, req.CaptchaID, req.CaptchaText) {
+		app.info.Printf("%s: New user failed: Captcha Incorrect", req.Code)
+		respond(400, "errorCaptcha", gc)
+		return
+	}
 	if !app.checkInvite(req.Code, false, "") {
 		app.info.Printf("%s New user failed: invalid code", req.Code)
 		respond(401, "errorInvalidCode", gc)
@ -651,11 +656,6 @@ func (app *appContext) NewUser(gc *gin.Context) {
 		respond(400, "errorNoEmail", gc)
 		return
 	}
-	if app.config.Section("captcha").Key("enabled").MustBool(false) && !verifyCaptcha(req.Captcha) {
-		app.info.Printf("%s: New user failed: Captcha Incorrect", req.Code)
-		respond(400, "errorCaptcha", gc)
-		return
-	}
 	f, success := app.newUser(req, false)
 	if !success {
 		f(gc)
--- a/models.go
+++ b/models.go
@ -23,7 +23,8 @@ type newUserDTO struct {
 	DiscordContact  bool   `json:"discord_contact"`                             // Whether or not to use discord for notifications/pwrs
 	MatrixPIN       string `json:"matrix_pin" example:"A1-B2-3C"`               // Matrix verification PIN (if used)
 	MatrixContact   bool   `json:"matrix_contact"`                              // Whether or not to use matrix for notifications/pwrs
-	Captcha         string `json:"captcha"`                                     // Captcha text (if enabled)
+	CaptchaID       string `json:"captcha_id"`                                  // Captcha ID (if enabled)
+	CaptchaText     string `json:"captcha_text"`                                // Captcha text (if enabled)
 }

 type newUserResponse struct {
--- a/ts/form.ts
+++ b/ts/form.ts
@ -263,7 +263,8 @@ interface sendDTO {
    discord_contact?: boolean;
    matrix_pin?: string;
    matrix_contact?: boolean;
-    captcha?: string;
+    captcha_id?: string;
+    captcha_text?: string;
 }

 let captchaVerified = false;
@ -338,7 +339,8 @@ const create = (event: SubmitEvent) => {
        }
    }
    if (window.captcha) {
-        send.captcha = captchaInput.value;
+        send.captcha_id = captchaID;
+        send.captcha_text = captchaInput.value;
    }
    _post("/newUser", send, (req: XMLHttpRequest) => {
        if (req.readyState == 4) {
--- a/views.go
+++ b/views.go
@ -323,10 +323,12 @@ func (app *appContext) GenCaptcha(gc *gin.Context) {
 func (app *appContext) verifyCaptcha(code, id, text string) bool {
 	inv, ok := app.storage.invites[code]
 	if !ok || inv.Captchas == nil {
+		app.debug.Printf("Couldn't find invite \"%s\"", code)
 		return false
 	}
 	c, ok := inv.Captchas[id]
 	if !ok {
+		app.debug.Printf("Couldn't find Captcha \"%s\"", id)
 		return false
 	}
 	return strings.ToLower(c.Text) == strings.ToLower(text)