Add option to enable CAPTCHA validation for login

modules/context/captcha.go

@@ -5,9 +5,15 @@
 package context
 
 import (
+	"fmt"
 	"sync"
 
+	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/hcaptcha"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/mcaptcha"
+	"code.gitea.io/gitea/modules/recaptcha"
 	"code.gitea.io/gitea/modules/setting"
 
 	"gitea.com/go-chi/captcha"
@@ -28,3 +34,55 @@ func GetImageCaptcha() *captcha.Captcha {
 	})
 	return cpt
 }
+
+// SetCaptchaData sets common captcha data
+func SetCaptchaData(ctx *Context) {
+	if !setting.Service.EnableCaptcha {
+		return
+	}
+	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
+	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
+	ctx.Data["Captcha"] = GetImageCaptcha()
+	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
+	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
+	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
+	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
+	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+}
+
+const (
+	GRecaptchaResponseField = "g-recaptcha-response"
+	HcaptchaResponseField   = "h-captcha-response"
+	McaptchaResponseField   = "m-captcha-response"
+)
+
+// VerifyCaptcha verifies Captcha data
+func VerifyCaptcha(ctx *Context, tpl base.TplName, form interface{}) {
+	if !setting.Service.EnableCaptcha {
+		return
+	}
+
+	var valid bool
+	var err error
+	switch setting.Service.CaptchaType {
+	case setting.ImageCaptcha:
+		valid = GetImageCaptcha().VerifyReq(ctx.Req)
+	case setting.ReCaptcha:
+		valid, err = recaptcha.Verify(ctx, ctx.Req.Form.Get(GRecaptchaResponseField))
+	case setting.HCaptcha:
+		valid, err = hcaptcha.Verify(ctx, ctx.Req.Form.Get(HcaptchaResponseField))
+	case setting.MCaptcha:
+		valid, err = mcaptcha.Verify(ctx, ctx.Req.Form.Get(McaptchaResponseField))
+	default:
+		ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
+		return
+	}
+	if err != nil {
+		log.Debug("%s", err.Error())
+	}
+
+	if !valid {
+		ctx.Data["Err_Captcha"] = true
+		ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tpl, form)
+	}
+}

routers/web/auth/auth.go

@@ -17,11 +17,8 @@ import (
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/eventsource"
-	"code.gitea.io/gitea/modules/hcaptcha"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/mcaptcha"
 	"code.gitea.io/gitea/modules/password"
-	"code.gitea.io/gitea/modules/recaptcha"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
@@ -171,14 +168,7 @@ func SignIn(ctx *context.Context) {
 	ctx.Data["EnableSSPI"] = auth.IsSSPIEnabled()
 
 	if setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin {
-		ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
-		ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
-		ctx.Data["Captcha"] = context.GetImageCaptcha()
-		ctx.Data["CaptchaType"] = setting.Service.CaptchaType
-		ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
-		ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
-		ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
-		ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+		context.SetCaptchaData(ctx)
 	}
 
 	ctx.HTML(http.StatusOK, tplSignIn)
@@ -209,37 +199,10 @@ func SignInPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.SignInForm)
 
 	if setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin {
-		ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
-		ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
-		ctx.Data["Captcha"] = context.GetImageCaptcha()
-		ctx.Data["CaptchaType"] = setting.Service.CaptchaType
-		ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
-		ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
-		ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
-		ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
-
-		var valid bool
-		var err error
-		switch setting.Service.CaptchaType {
-		case setting.ImageCaptcha:
-			valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
-		case setting.ReCaptcha:
-			valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
-		case setting.HCaptcha:
-			valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
-		case setting.MCaptcha:
-			valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
-		default:
-			ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
-			return
-		}
-		if err != nil {
-			log.Debug("%s", err.Error())
-		}
+		context.SetCaptchaData(ctx)
 
-		if !valid {
-			ctx.Data["Err_Captcha"] = true
-			ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignIn, &form)
+		context.VerifyCaptcha(ctx, tplSignIn, form)
+		if ctx.Written() {
 			return
 		}
 	}
@@ -459,14 +422,7 @@ func SignUp(ctx *context.Context) {
 
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
 
-	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
-	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
-	ctx.Data["Captcha"] = context.GetImageCaptcha()
-	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
-	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
-	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
-	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
-	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	context.SetCaptchaData(ctx)
 	ctx.Data["PageIsSignUp"] = true
 
 	// Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
@@ -482,14 +438,7 @@ func SignUpPost(ctx *context.Context) {
 
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
 
-	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
-	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
-	ctx.Data["Captcha"] = context.GetImageCaptcha()
-	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
-	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
-	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
-	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
-	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	context.SetCaptchaData(ctx)
 	ctx.Data["PageIsSignUp"] = true
 
 	// Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
@@ -503,31 +452,9 @@ func SignUpPost(ctx *context.Context) {
 		return
 	}
 
-	if setting.Service.EnableCaptcha {
-		var valid bool
-		var err error
-		switch setting.Service.CaptchaType {
-		case setting.ImageCaptcha:
-			valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
-		case setting.ReCaptcha:
-			valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
-		case setting.HCaptcha:
-			valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
-		case setting.MCaptcha:
-			valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
-		default:
-			ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
-			return
-		}
-		if err != nil {
-			log.Debug("%s", err.Error())
-		}
-
-		if !valid {
-			ctx.Data["Err_Captcha"] = true
-			ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUp, &form)
-			return
-		}
+	context.VerifyCaptcha(ctx, tplSignUp, form)
+	if ctx.Written() {
+		return
 	}
 
 	if !form.IsEmailDomainAllowed() {

routers/web/auth/linkaccount.go

@@ -14,10 +14,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/hcaptcha"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/mcaptcha"
-	"code.gitea.io/gitea/modules/recaptcha"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web"
@@ -231,28 +228,8 @@ func LinkAccountPostRegister(ctx *context.Context) {
 	}
 
 	if setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha {
-		var valid bool
-		var err error
-		switch setting.Service.CaptchaType {
-		case setting.ImageCaptcha:
-			valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
-		case setting.ReCaptcha:
-			valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
-		case setting.HCaptcha:
-			valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
-		case setting.MCaptcha:
-			valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
-		default:
-			ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
-			return
-		}
-		if err != nil {
-			log.Debug("%s", err.Error())
-		}
-
-		if !valid {
-			ctx.Data["Err_Captcha"] = true
-			ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplLinkAccount, &form)
+		context.VerifyCaptcha(ctx, tplLinkAccount, form)
+		if ctx.Written() {
 			return
 		}
 	}

routers/web/auth/openid.go

@@ -13,10 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/auth/openid"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/hcaptcha"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/mcaptcha"
-	"code.gitea.io/gitea/modules/recaptcha"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -369,14 +366,7 @@ func RegisterOpenIDPost(ctx *context.Context) {
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsOpenIDRegister"] = true
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
-	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
-	ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
-	ctx.Data["Captcha"] = context.GetImageCaptcha()
-	ctx.Data["CaptchaType"] = setting.Service.CaptchaType
-	ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
-	ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
-	ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
-	ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
+	context.SetCaptchaData(ctx)
 	ctx.Data["OpenID"] = oid
 
 	if setting.Service.AllowOnlyInternalRegistration {
@@ -385,42 +375,11 @@ func RegisterOpenIDPost(ctx *context.Context) {
 	}
 
 	if setting.Service.EnableCaptcha {
-		var valid bool
-		var err error
-		switch setting.Service.CaptchaType {
-		case setting.ImageCaptcha:
-			valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
-		case setting.ReCaptcha:
-			if err := ctx.Req.ParseForm(); err != nil {
-				ctx.ServerError("", err)
-				return
-			}
-			valid, err = recaptcha.Verify(ctx, form.GRecaptchaResponse)
-		case setting.HCaptcha:
-			if err := ctx.Req.ParseForm(); err != nil {
-				ctx.ServerError("", err)
-				return
-			}
-			valid, err = hcaptcha.Verify(ctx, form.HcaptchaResponse)
-		case setting.MCaptcha:
-			if err := ctx.Req.ParseForm(); err != nil {
-				ctx.ServerError("", err)
-				return
-			}
-			valid, err = mcaptcha.Verify(ctx, form.McaptchaResponse)
-		default:
-			ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
-			return
-		}
-		if err != nil {
-			log.Debug("%s", err.Error())
-		}
-
-		if !valid {
-			ctx.Data["Err_Captcha"] = true
-			ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUpOID, &form)
+		if err := ctx.Req.ParseForm(); err != nil {
+			ctx.ServerError("", err)
 			return
 		}
+		context.VerifyCaptcha(ctx, tplSignUpOID, form)
 	}
 
 	length := setting.MinPasswordLength

services/forms/user_form.go

@@ -90,13 +90,10 @@ func (f *InstallForm) Validate(req *http.Request, errs binding.Errors) binding.E
 
 // RegisterForm form for registering
 type RegisterForm struct {
-	UserName           string `binding:"Required;AlphaDashDot;MaxSize(40)"`
-	Email              string `binding:"Required;MaxSize(254)"`
-	Password           string `binding:"MaxSize(255)"`
-	Retype             string
-	GRecaptchaResponse string `form:"g-recaptcha-response"`
-	HcaptchaResponse   string `form:"h-captcha-response"`
-	McaptchaResponse   string `form:"m-captcha-response"`
+	UserName string `binding:"Required;AlphaDashDot;MaxSize(40)"`
+	Email    string `binding:"Required;MaxSize(254)"`
+	Password string `binding:"MaxSize(255)"`
+	Retype   string
 }
 
 // Validate validates the fields
@@ -160,10 +157,6 @@ type SignInForm struct {
 	// TODO remove required from password for SecondFactorAuthentication
 	Password string `binding:"Required;MaxSize(255)"`
 	Remember bool
-	// Captcha
-	GRecaptchaResponse string `form:"g-recaptcha-response"`
-	HcaptchaResponse   string `form:"h-captcha-response"`
-	McaptchaResponse   string `form:"m-captcha-response"`
 }
 
 // Validate validates the fields

services/forms/user_form_auth_openid.go

@@ -27,11 +27,8 @@ func (f *SignInOpenIDForm) Validate(req *http.Request, errs binding.Errors) bind
 
 // SignUpOpenIDForm form for signin up with OpenID
 type SignUpOpenIDForm struct {
-	UserName           string `binding:"Required;AlphaDashDot;MaxSize(40)"`
-	Email              string `binding:"Required;Email;MaxSize(254)"`
-	GRecaptchaResponse string `form:"g-recaptcha-response"`
-	HcaptchaResponse   string `form:"h-captcha-response"`
-	McaptchaResponse   string `form:"m-captcha-response"`
+	UserName string `binding:"Required;AlphaDashDot;MaxSize(40)"`
+	Email    string `binding:"Required;Email;MaxSize(254)"`
 }
 
 // Validate validates the fields