agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-07 16:19:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

consider trustedUsersRegex when choosing to show captcha at login

Browse Source 
GitOrigin-RevId: 963fe1c40d05fe088a092eb45b12bcddf1f18e7b
This commit is contained in:
Andrew Rumble
2025-07-02 16:44:02 +01:00
committed by Copybot
parent a212333664
commit f8ed49e52b
2 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/app/src/Features/Captcha/CaptchaMiddleware.js
+3 -1
View File
@@ -28,7 +28,9 @@ async function initializeDeviceHistory(req) {
async function canSkipCaptcha(req, res) {
const trustedUser =
req.body?.email && Settings.recaptcha.trustedUsers.includes(req.body.email)
req.body?.email &&
(Settings.recaptcha.trustedUsers.includes(req.body.email) ||
Settings.recaptcha.trustedUsersRegex?.test(req.body.email))
if (trustedUser) {
return res.json(true)
}
services/web/test/acceptance/src/CaptchaTests.mjs
+53
View File
@@ -104,6 +104,59 @@ describe('Captcha', function () {
})
})
describe('trustedUsersRegex', function () {
let resetTrustedUsersRegex
beforeEach(function () {
resetTrustedUsersRegex = Settings.recaptcha.trustedUsersRegex
Settings.recaptcha.trustedUsersRegex = /\+trusted@example\.com$/
})
afterEach(function () {
Settings.recaptcha.trustedUsersRegex = resetTrustedUsersRegex
})
describe('when user is trusted, can login without captcha', function () {
let trustedUser
beforeEach(async function () {
trustedUser = new User({
email: 'acceptance-test+trusted@example.com',
})
await trustedUser.ensureUserExists()
})
it('should be able to skip captcha', async function () {
expect(await canSkipCaptcha(trustedUser.email)).to.equal(true)
})
it('should note that the user is trusted', async function () {
const { response, body } = await login(
trustedUser.email,
trustedUser.password,
''
)
expectSuccessfulLogin(response, body)
const auditLog = await trustedUser.getAuditLog()
expect(auditLog[0].info).to.deep.equal({
captcha: 'trusted',
method: 'Password login',
})
})
})
describe('when user is not trusted', function () {
it('should not be able to skip captcha', async function () {
expect(await canSkipCaptcha(user.email)).to.equal(false)
})
it('should not add an audit log entry for trusted user', async function () {
const { response, body } = await login(user.email, user.password, '')
expectBadCaptchaResponse(response, body)
const auditLog = await user.getAuditLog()
expect(auditLog).to.have.lengthOf(0)
})
})
})
describe('deviceHistory', function () {
beforeEach('login', async function () {
const { response, body } = await loginWithCaptcha('valid')