From a9269f8786033eecf0ad307c75f5717c5ab468a2 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 25 Jan 2022 13:54:11 +0100 Subject: [PATCH] Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled This is to avoid apps trying and failing at using the registrations API, which does not let us require a CAPTCHA and cannot be clearly signaled as unavailable. --- app/serializers/rest/instance_serializer.rb | 6 +++++- config/locales-glitch/en.yml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/serializers/rest/instance_serializer.rb b/app/serializers/rest/instance_serializer.rb index 48bbb55c8..94cc3ffe3 100644 --- a/app/serializers/rest/instance_serializer.rb +++ b/app/serializers/rest/instance_serializer.rb @@ -98,7 +98,7 @@ class REST::InstanceSerializer < ActiveModel::Serializer end def registrations - Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode + Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode && !captcha_enabled? end def approval_required @@ -114,4 +114,8 @@ class REST::InstanceSerializer < ActiveModel::Serializer def instance_presenter @instance_presenter ||= InstancePresenter.new end + + def captcha_enabled? + ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present? && Setting.captcha_enabled + end end diff --git a/config/locales-glitch/en.yml b/config/locales-glitch/en.yml index c96f21c92..9bd66c969 100644 --- a/config/locales-glitch/en.yml +++ b/config/locales-glitch/en.yml @@ -3,7 +3,7 @@ en: admin: settings: captcha_enabled: - desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns. + desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, may prevent your instance from being listed as having open registrations, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns. title: Require new users to go through a CAPTCHA to sign up enable_keybase: desc_html: Allow your users to prove their identity via keybase