summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorDavid Baker <dave@matrix.org>2016-07-22 17:00:56 +0100
committerDavid Baker <dave@matrix.org>2016-07-22 17:00:56 +0100
commitdad2da7e54a4f0e92185e4f8553fb51b037c0bd3 (patch)
treeae0a297aea9640a083e0c2ba9be179c690a559ec /synapse
parentMerge pull request #944 from matrix-org/rav/devices_returns_list (diff)
downloadsynapse-dad2da7e54a4f0e92185e4f8553fb51b037c0bd3.tar.xz
Log the hostname the reCAPTCHA was completed on
This could be useful information to have in the logs. Also comment about how & why we don't verify the hostname.
Diffstat (limited to '')
-rw-r--r--synapse/handlers/auth.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 8f83923ddb..6fff7e7d03 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -279,8 +279,17 @@ class AuthHandler(BaseHandler):
             data = pde.response
             resp_body = simplejson.loads(data)
 
-        if 'success' in resp_body and resp_body['success']:
-            defer.returnValue(True)
+        if 'success' in resp_body:
+            # Note that we do NOT check the hostname here: we explicitly
+            # intend the CAPTCHA to be presented by whatever client the
+            # user is using, we just care that they have completed a CAPTCHA.
+            logger.info(
+                "%s reCAPTCHA from hostname %s",
+                "Successful" if resp_body['success'] else "Failed",
+                resp_body['hostname']
+            )
+            if resp_body['success']:
+                defer.returnValue(True)
         raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
 
     @defer.inlineCallbacks