summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorKegan Dougal <kegan@matrix.org>2014-09-05 22:51:11 -0700
committerKegan Dougal <kegan@matrix.org>2014-09-05 22:51:11 -0700
commit37e53513b6789b4f9f845a26b64933f1c533ed62 (patch)
tree9ed0634ce25b52e46ca7a5b7135c1fee2f769fc8 /synapse
parentCaptchas now work on registration. Missing x-forwarded-for config arg support... (diff)
downloadsynapse-37e53513b6789b4f9f845a26b64933f1c533ed62.tar.xz
Add config opion for XFF headers when performing ReCaptcha auth.
Diffstat (limited to 'synapse')
-rw-r--r--synapse/config/captcha.py6


-rw-r--r--synapse/handlers/register.py1


-rw-r--r--synapse/rest/register.py7


3 files changed, 12 insertions, 2 deletions
diff --git a/synapse/config/captcha.py b/synapse/config/captcha.py

index 021da5c69b..a97a5bab1e 100644
--- a/synapse/config/captcha.py
+++ b/synapse/config/captcha.py
@@ -20,6 +20,7 @@ class CaptchaConfig(Config):
         super(CaptchaConfig, self).__init__(args)
         self.recaptcha_private_key = args.recaptcha_private_key
         self.enable_registration_captcha = args.enable_registration_captcha
+        self.captcha_ip_origin_is_x_forwarded = args.captcha_ip_origin_is_x_forwarded
 
     @classmethod
     def add_arguments(cls, parser):
@@ -33,4 +34,9 @@ class CaptchaConfig(Config):
             "--enable-registration-captcha", type=bool, default=False,
             help="Enables ReCaptcha checks when registering, preventing signup "+
             "unless a captcha is answered. Requires a valid ReCaptcha public/private key."
+        )
+        group.add_argument(
+            "--captcha_ip_origin_is_x_forwarded", type=bool, default=False,
+            help="When checking captchas, use the X-Forwarded-For (XFF) header as the client IP "+
+            "and not the actual client IP."
         )
\ No newline at end of file
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py

index cf20b4efd3..6b55775de0 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -59,6 +59,7 @@ class RegistrationHandler(BaseHandler):
                 captcha_info["response"]
             )
             if not captcha_response["valid"]:
+                logger.info("Invalid captcha entered from %s", captcha_info["ip"])
                 raise InvalidCaptchaError(
                     error_url=captcha_response["error_url"]
                 )
diff --git a/synapse/rest/register.py b/synapse/rest/register.py

index 3c8929cf9b..5872a11d80 100644
--- a/synapse/rest/register.py
+++ b/synapse/rest/register.py
@@ -66,8 +66,11 @@ class RegisterRestServlet(RestServlet):
             
             # TODO determine the source IP : May be an X-Forwarding-For header depending on config
             ip_addr = request.getClientIP()
-            #if self.hs.config.captcha_ip_origin_is_x_forwarded:
-            #    # use the header
+            if self.hs.config.captcha_ip_origin_is_x_forwarded:
+                # use the header
+                if request.requestHeaders.hasHeader("X-Forwarded-For"):
+                    ip_addr = request.requestHeaders.getRawHeaders(
+                        "X-Forwarded-For")[0]
             
             captcha = {
                 "ip": ip_addr,

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-13 14:00:30 +0000