diff options
author | David Baker <dave@matrix.org> | 2016-07-22 17:00:56 +0100 |
---|---|---|
committer | David Baker <dave@matrix.org> | 2016-07-22 17:00:56 +0100 |
commit | dad2da7e54a4f0e92185e4f8553fb51b037c0bd3 (patch) | |
tree | ae0a297aea9640a083e0c2ba9be179c690a559ec /synapse | |
parent | Merge pull request #944 from matrix-org/rav/devices_returns_list (diff) | |
download | synapse-dad2da7e54a4f0e92185e4f8553fb51b037c0bd3.tar.xz |
Log the hostname the reCAPTCHA was completed on
This could be useful information to have in the logs. Also comment about how & why we don't verify the hostname.
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/handlers/auth.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 8f83923ddb..6fff7e7d03 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -279,8 +279,17 @@ class AuthHandler(BaseHandler): data = pde.response resp_body = simplejson.loads(data) - if 'success' in resp_body and resp_body['success']: - defer.returnValue(True) + if 'success' in resp_body: + # Note that we do NOT check the hostname here: we explicitly + # intend the CAPTCHA to be presented by whatever client the + # user is using, we just care that they have completed a CAPTCHA. + logger.info( + "%s reCAPTCHA from hostname %s", + "Successful" if resp_body['success'] else "Failed", + resp_body['hostname'] + ) + if resp_body['success']: + defer.returnValue(True) raise LoginError(401, "", errcode=Codes.UNAUTHORIZED) @defer.inlineCallbacks |