Feature/use hcaptcha if bot (#430)

* Handle hcaptch required identity response * Refactor iframe component for captcha and webauthn * Send captcha token to server * Add captcha callback * Clear captcha state * Remove captcha storage * linter fixes * Rename iframe components to include IFrame * Remove callback in favor of extenting submit * Limit publickey credentials access * Use captcha bypass token to bypass captcha for twofactor auth flows * Linter fixes * Set iframe version in components
2025-12-15 15:53:51 +00:00 · 2021-07-21 07:55:26 -05:00
parent 00acbce556
commit 1006f50ef3
13 changed files with 143 additions and 47 deletions
--- a/common/src/models/domain/authResult.ts
+++ b/common/src/models/domain/authResult.ts
@@ -2,6 +2,7 @@ import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';

 export class AuthResult {
    twoFactor: boolean = false;
+    captchaSiteKey: string = '';
    resetMasterPassword: boolean = false;
    twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }> = null;
 }
--- a/common/src/models/request/tokenRequest.ts
+++ b/common/src/models/request/tokenRequest.ts
@@ -13,10 +13,11 @@ export class TokenRequest {
    token: string;
    provider: TwoFactorProviderType;
    remember: boolean;
+    captchaToken: string;
    device?: DeviceRequest;

    constructor(credentials: string[], codes: string[], clientIdClientSecret: string[], provider: TwoFactorProviderType,
-        token: string, remember: boolean, device?: DeviceRequest) {
+        token: string, remember: boolean, captchaToken: string, device?: DeviceRequest) {
        if (credentials != null && credentials.length > 1) {
            this.email = credentials[0];
            this.masterPasswordHash = credentials[1];
@@ -32,6 +33,7 @@ export class TokenRequest {
        this.provider = provider;
        this.remember = remember;
        this.device = device != null ? device : null;
+        this.captchaToken = captchaToken;
    }

    toIdentityToken(clientId: string) {
@@ -71,6 +73,11 @@ export class TokenRequest {
            obj.twoFactorRemember = this.remember ? '1' : '0';
        }

+        if (this.captchaToken != null) {
+            obj.captchaResponse = this.captchaToken;
+        }
+
+
        return obj;
    }

--- a/common/src/models/response/identityCaptchaResponse.ts
+++ b/common/src/models/response/identityCaptchaResponse.ts
@@ -0,0 +1,10 @@
+import { BaseResponse } from './baseResponse';
+
+export class IdentityCaptchaResponse extends BaseResponse {
+    siteKey: string;
+
+    constructor(response: any) {
+        super(response);
+        this.siteKey = this.getResponseProperty('HCaptcha_SiteKey');
+    }
+}
--- a/common/src/models/response/identityTwoFactorResponse.ts
+++ b/common/src/models/response/identityTwoFactorResponse.ts
@@ -5,9 +5,11 @@ import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';
 export class IdentityTwoFactorResponse extends BaseResponse {
    twoFactorProviders: TwoFactorProviderType[];
    twoFactorProviders2 = new Map<TwoFactorProviderType, { [key: string]: string; }>();
+    captchaToken: string;

    constructor(response: any) {
        super(response);
+        this.captchaToken = this.getResponseProperty('HCaptcha_BypassKey');
        this.twoFactorProviders = this.getResponseProperty('TwoFactorProviders');
        const twoFactorProviders2 = this.getResponseProperty('TwoFactorProviders2');
        if (twoFactorProviders2 != null) {