diff --git a/configs/development.py b/configs/development.py index d4bd24f..b848d0c 100644 --- a/configs/development.py +++ b/configs/development.py @@ -15,6 +15,17 @@ SQLA_DB_HOST = '127.0.0.1' SQLA_DB_NAME = 'pda' SQLALCHEMY_TRACK_MODIFICATIONS = True +#CAPTCHA Config +CAPTCHA_ENABLE = True +CAPTCHA_LENGTH = 6 +CAPTCHA_WIDTH = 160 +CAPTCHA_HEIGHT = 60 +CAPTCHA_SESSION_KEY = 'captcha_image' + +#Server side sessions tracking +#Set to TRUE for CAPTCHA, or enable another stateful session tracking system +FILESYSTEM_SESSIONS_ENABLED = True + ### DATABASE - MySQL #SQLALCHEMY_DATABASE_URI = 'mysql://{}:{}@{}/{}'.format( # urllib.parse.quote_plus(SQLA_DB_USER), diff --git a/powerdnsadmin/routes/__init__.py b/powerdnsadmin/routes/__init__.py index 7d8aa9a..598b17a 100644 --- a/powerdnsadmin/routes/__init__.py +++ b/powerdnsadmin/routes/__init__.py @@ -1,5 +1,5 @@ from .base import ( - csrf, login_manager, handle_bad_request, handle_unauthorized_access, + captcha, csrf, login_manager, handle_bad_request, handle_unauthorized_access, handle_access_forbidden, handle_page_not_found, handle_internal_server_error ) @@ -14,6 +14,7 @@ from .api import api_bp, apilist_bp def init_app(app): login_manager.init_app(app) csrf.init_app(app) + captcha.init_app(app) app.register_blueprint(index_bp) app.register_blueprint(user_bp) diff --git a/powerdnsadmin/routes/base.py b/powerdnsadmin/routes/base.py index 16ed00a..7af342c 100644 --- a/powerdnsadmin/routes/base.py +++ b/powerdnsadmin/routes/base.py @@ -3,10 +3,12 @@ import base64 from flask import render_template, url_for, redirect, session, request, current_app from flask_login import LoginManager from flask_seasurf import SeaSurf +from flask_session_captcha import FlaskSessionCaptcha from ..models.user import User +captcha = FlaskSessionCaptcha() csrf = SeaSurf() login_manager = LoginManager() diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py index e6e8343..98664d6 100644 --- a/powerdnsadmin/routes/index.py +++ b/powerdnsadmin/routes/index.py @@ -10,7 +10,7 @@ from yaml import Loader, load from flask import Blueprint, render_template, make_response, url_for, current_app, g, session, request, redirect, abort from flask_login import login_user, logout_user, login_required, current_user -from .base import csrf, login_manager +from .base import captcha, csrf, login_manager from ..lib import utils from ..decorators import dyndns_login_required from ..models.base import db @@ -651,9 +651,10 @@ def logout(): @index_bp.route('/register', methods=['GET', 'POST']) def register(): + CAPTCHA_ENABLE = current_app.config.get('CAPTCHA_ENABLE') if Setting().get('signup_enabled'): if request.method == 'GET': - return render_template('register.html') + return render_template('register.html', captcha_enable=CAPTCHA_ENABLE) elif request.method == 'POST': username = request.form.get('username', '').strip() password = request.form.get('password', '') @@ -664,12 +665,16 @@ def register(): if not username or not password or not email: return render_template( - 'register.html', error='Please input required information') + 'register.html', error='Please input required information', captcha_enable=CAPTCHA_ENABLE) if password != rpassword: return render_template( 'register.html', - error="Password confirmation does not match") + error="Password confirmation does not match", captcha_enable=CAPTCHA_ENABLE) + + if not captcha.validate(): + return render_template( + 'register.html', error='Invalid CAPTCHA answer', captcha_enable=CAPTCHA_ENABLE) user = User(username=username, plain_text_password=password, @@ -690,9 +695,9 @@ def register(): return redirect(url_for('index.login')) else: return render_template('register.html', - error=result['msg']) + error=result['msg'], captcha_enable=CAPTCHA_ENABLE) except Exception as e: - return render_template('register.html', error=e) + return render_template('register.html', error=e, captcha_enable=CAPTCHA_ENABLE) else: return render_template('errors/404.html'), 404 diff --git a/powerdnsadmin/templates/register.html b/powerdnsadmin/templates/register.html index 9a25fbb..197b18d 100644 --- a/powerdnsadmin/templates/register.html +++ b/powerdnsadmin/templates/register.html @@ -64,6 +64,15 @@ + {% if captcha_enable %} +
Please complete the CAPTCHA below
+