feat: allow captcha to be enabled when logging in (#1211)

* Fix bug in GetAcceptLanguage() * feat: allow captcha to be enabled when logging in * feat: when the login password is wrong, enable captcha * feat: Restrict captcha from frontend * fix: modify CaptchaModal component * fix: modify the words of i18n * Update data.json Co-authored-by: Gucheng Wang <nomeguy@qq.com> Co-authored-by: hsluoyz <hsluoyz@qq.com>
2025-07-02 03:00:18 +08:00 · 2022-10-28 13:38:14 +08:00
parent 7e5952c804
commit 25d56ee8d5
19 changed files with 373 additions and 114 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -23,6 +23,8 @@ import (
 	"strings"
 	"time"

+	"github.com/casdoor/casdoor/captcha"
+
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
@ -251,6 +253,25 @@ func (c *ApiController) Login() {
 				return
 			}
 		} else {
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+			if application == nil {
+				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				return
+			}
+
+			if object.CheckToEnableCaptcha(application) {
+				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
+				if err != nil {
+					c.ResponseError(err.Error())
+					return
+				}
+
+				if !isHuman {
+					c.ResponseError("Turing test failed.")
+					return
+				}
+			}
+
 			password := form.Password
 			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
 		}