From bec56ccafa03563b2aaf889075a80b31262dbf4e Mon Sep 17 00:00:00 2001
From: nate stemen <nathanielstemen@gmail.com>
Date: Tue, 16 Apr 2019 14:36:24 -0400
Subject: [PATCH] Merge pull request #1713 from sharelatex/ns-captchas-two

turn off captchas for project invite

GitOrigin-RevId: 3e044ba8c6bb2ffb77ea4486f7b51a587133839c
---
 .../Features/Captcha/CaptchaMiddleware.coffee | 39 +++++++++++--------
 .../Collaborators/CollaboratorsRouter.coffee  |  2 +-
 .../infrastructure/ExpressLocals.coffee       |  1 +
 services/web/config/settings.defaults.coffee  |  5 +++
 .../ShareProjectModalController.js            |  3 +-
 .../public/src/services/validateCaptcha.js    | 16 ++++----
 6 files changed, 39 insertions(+), 27 deletions(-)

diff --git a/services/web/app/coffee/Features/Captcha/CaptchaMiddleware.coffee b/services/web/app/coffee/Features/Captcha/CaptchaMiddleware.coffee
index 5a846ff839..abe389daa7 100644
--- a/services/web/app/coffee/Features/Captcha/CaptchaMiddleware.coffee
+++ b/services/web/app/coffee/Features/Captcha/CaptchaMiddleware.coffee
@@ -3,21 +3,26 @@ logger = require 'logger-sharelatex'
 Settings = require 'settings-sharelatex'
 
 module.exports = CaptchaMiddleware =
-	validateCaptcha: (req, res, next) ->
-		if !Settings.recaptcha?
-			return next()
-		response = req.body['g-recaptcha-response']
-		options =
-			form:
-				secret: Settings.recaptcha.secretKey
-				response: response
-			json: true
-		request.post "https://www.google.com/recaptcha/api/siteverify", options, (error, response, body) ->
-			return next(error) if error?
-			if !body?.success
-				logger.warn {statusCode: response.statusCode, body: body}, 'failed recaptcha siteverify request'
-				return res.status(400).send({errorReason:"cannot_verify_user_not_robot", message:
-					{text:"Sorry, we could not verify that you are not a robot. Please check that Google reCAPTCHA is not being blocked by an ad blocker or firewall."}
-				})
-			else
+	validateCaptcha: (action) ->
+		return (req, res, next) ->
+			if !Settings.recaptcha?.siteKey?
 				return next()
+			inviteAndCaptchaDisabled = action == 'invite' and Settings.recaptcha.disabled.invite
+			registerAndCaptchaDisabled = action == 'register' and Settings.recaptcha.disabled.register
+			if inviteAndCaptchaDisabled or registerAndCaptchaDisabled
+				return next()
+			response = req.body['g-recaptcha-response']
+			options =
+				form:
+					secret: Settings.recaptcha.secretKey
+					response: response
+				json: true
+			request.post "https://www.google.com/recaptcha/api/siteverify", options, (error, response, body) ->
+				return next(error) if error?
+				if !body?.success
+					logger.warn {statusCode: response.statusCode, body: body}, 'failed recaptcha siteverify request'
+					return res.status(400).send({errorReason:"cannot_verify_user_not_robot", message:
+						{text:"Sorry, we could not verify that you are not a robot. Please check that Google reCAPTCHA is not being blocked by an ad blocker or firewall."}
+					})
+				else
+					return next()
diff --git a/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee b/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
index ce92d65501..82d1b0fc9b 100644
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsRouter.coffee
@@ -33,7 +33,7 @@ module.exports =
 				maxRequests: 100
 				timeInterval: 60 * 10
 			}),
-			CaptchaMiddleware.validateCaptcha,
+			CaptchaMiddleware.validateCaptcha('invite'),
 			AuthenticationController.requireLogin(),
 			AuthorizationMiddleware.ensureUserCanAdminProject,
 			CollaboratorsInviteController.inviteToProject
diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
index 24706ca782..c0a91e7c91 100644
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@@ -374,4 +374,5 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
 			appName: Settings.appName
 			siteUrl: Settings.siteUrl
 			recaptchaSiteKeyV3: Settings.recaptcha?.siteKeyV3
+			recaptchaDisabled: Settings.recaptcha?.disabled
 		next()
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index 677441888d..55a7ea13d3 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -422,6 +422,11 @@ module.exports = settings =
 		# Example:
 		#   header_extras: [{text: "Some Page", url: "http://example.com/some/page", class: "subdued"}]
 
+	recaptcha:
+		disabled:
+			invite: true
+			register: false
+
 	customisation: {}
 
 #	templates: [{
diff --git a/services/web/public/src/ide/share/controllers/ShareProjectModalController.js b/services/web/public/src/ide/share/controllers/ShareProjectModalController.js
index 344ff84fff..2be5037507 100644
--- a/services/web/public/src/ide/share/controllers/ShareProjectModalController.js
+++ b/services/web/public/src/ide/share/controllers/ShareProjectModalController.js
@@ -164,6 +164,7 @@ define(['base'], App =>
           // do v3 captcha to collect data only
           validateCaptchaV3('invite')
           // do v2 captcha
+          const ExposedSettings = window.ExposedSettings
           return validateCaptcha(function(response) {
             let inviteId, request
             $scope.grecaptchaResponse = response
@@ -231,7 +232,7 @@ define(['base'], App =>
                   return ($scope.state.errorReason = null)
                 }
               })
-          })
+          }, ExposedSettings.recaptchaDisabled.invite)
         })()
       }
 
diff --git a/services/web/public/src/services/validateCaptcha.js b/services/web/public/src/services/validateCaptcha.js
index 515a3916a2..8b8a9d2a26 100644
--- a/services/web/public/src/services/validateCaptcha.js
+++ b/services/web/public/src/services/validateCaptcha.js
@@ -1,5 +1,4 @@
 /* eslint-disable
-    max-len,
     no-return-assign,
     no-undef,
 */
@@ -7,27 +6,28 @@
 // Fix any style issues and re-enable lint.
 /*
  * decaffeinate suggestions:
- * DS101: Remove unnecessary use of Array.from
  * DS102: Remove unnecessary code created because of implicit returns
- * DS207: Consider shorter variations of null checks
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
  */
 define(['base'], App =>
   App.factory('validateCaptcha', function() {
     let _recaptchaCallbacks = []
     const onRecaptchaSubmit = function(token) {
-      for (let cb of Array.from(_recaptchaCallbacks)) {
+      for (let cb of _recaptchaCallbacks) {
         cb(token)
       }
-      return (_recaptchaCallbacks = [])
+      _recaptchaCallbacks = []
     }
 
     let recaptchaId = null
-    const validateCaptcha = callback => {
+    const validateCaptcha = (callback, captchaDisabled) => {
       if (callback == null) {
         callback = function(response) {}
       }
-      if (typeof grecaptcha === 'undefined' || grecaptcha === null) {
+      if (
+        typeof grecaptcha === 'undefined' ||
+        grecaptcha === null ||
+        captchaDisabled
+      ) {
         return callback()
       }
       const reset = () => grecaptcha.reset()