feat: fix secret information issue in the CAPTCHA provider code (#2531)

2025-07-01 18:40:18 +08:00 · 2023-12-11 18:01:56 +08:00
parent b068202e74
commit dc06eb9948
5 changed files with 49 additions and 11 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -387,6 +387,16 @@ func (c *ApiController) Login() {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
+				captchaProvider, err := object.GetCaptchaProviderByApplication(util.GetId(application.Owner, application.Name), "false", c.GetAcceptLanguage())
+				if err != nil {
+					c.ResponseError(err.Error())
+					return
+				}
+
+				if captchaProvider.Type != "Default" {
+					authForm.ClientSecret = captchaProvider.ClientSecret
+				}
+
 				var isHuman bool
 				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
 				if err != nil {