Add tests for account registration with captcha enabled and improve errors

author: Egor Kislitsyn <egor@kislitsyn.com> 2020-04-29 20:48:08 +0400
committer: Egor Kislitsyn <egor@kislitsyn.com> 2020-04-29 21:26:07 +0400
commit: 7b0c8f0fde495e50c5434575c452addeace39e60 (patch)
tree: fd4ba0c2f80b9b787324670ca949529b25f98477 /lib/pleroma/captcha
parent: 2f77842bd3c07d915cd341f7d3ba1f9053cc3a18 (diff)
download: pleroma-7b0c8f0fde495e50c5434575c452addeace39e60.tar.gz
3 files changed, 62 insertions, 47 deletions
diff --git a/lib/pleroma/captcha/captcha.ex b/lib/pleroma/captcha/captcha.ex
index cf75c3adc..e17dc2426 100644
--- a/lib/pleroma/captcha/captcha.ex
+++ b/lib/pleroma/captcha/captcha.ex
@@ -3,8 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Captcha do
-  import Pleroma.Web.Gettext
-
   alias Calendar.DateTime
   alias Plug.Crypto.KeyGenerator
   alias Plug.Crypto.MessageEncryptor
@@ -37,19 +35,14 @@ defmodule Pleroma.Captcha do
 
   @doc false
   def handle_call(:new, _from, state) do
-    enabled = Pleroma.Config.get([__MODULE__, :enabled])
-
-    if !enabled do
+    if not enabled?() do
       {:reply, %{type: :none}, state}
     else
       new_captcha = method().new()
 
-      secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])
-
       # This make salt a little different for two keys
-      token = new_captcha[:token]
-      secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
-      sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")
+      {secret, sign_secret} = secret_pair(new_captcha[:token])
+
       # Basically copy what Phoenix.Token does here, add the time to
       # the actual data and make it a binary to then encrypt it
       encrypted_captcha_answer =
@@ -71,44 +64,68 @@ defmodule Pleroma.Captcha do
 
   @doc false
   def handle_call({:validate, token, captcha, answer_data}, _from, state) do
+    {:reply, do_validate(token, captcha, answer_data), state}
+  end
+
+  def enabled?, do: Pleroma.Config.get([__MODULE__, :enabled], false)
+
+  defp seconds_valid, do: Pleroma.Config.get!([__MODULE__, :seconds_valid])
+
+  defp secret_pair(token) do
     secret_key_base = Pleroma.Config.get!([Pleroma.Web.Endpoint, :secret_key_base])
     secret = KeyGenerator.generate(secret_key_base, token <> "_encrypt")
     sign_secret = KeyGenerator.generate(secret_key_base, token <> "_sign")
 
+    {secret, sign_secret}
+  end
+
+  defp do_validate(token, captcha, answer_data) do
+    with {:ok, %{at: at, answer_data: answer_md5}} <- validate_answer_data(token, answer_data),
+         :ok <- validate_expiration(at),
+         :ok <- validate_usage(token),
+         :ok <- method().validate(token, captcha, answer_md5),
+         {:ok, _} <- mark_captcha_as_used(token) do
+      :ok
+    end
+  end
+
+  defp validate_answer_data(token, answer_data) do
+    {secret, sign_secret} = secret_pair(token)
+
+    with false <- is_nil(answer_data),
+         {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
+         %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
+      {:ok, %{at: at, answer_data: answer_md5}}
+    else
+      _ -> {:error, :invalid_answer_data}
+    end
+  end
+
+  defp validate_expiration(created_at) do
     # If the time found is less than (current_time-seconds_valid) then the time has already passed
     # Later we check that the time found is more than the presumed invalidatation time, that means
     # that the data is still valid and the captcha can be checked
-    seconds_valid = Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid])
-    valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid)
-
-    result =
-      with false <- is_nil(answer_data),
-           {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
-           %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
-        try do
-          if DateTime.before?(at, valid_if_after),
-            do: throw({:error, dgettext("errors", "CAPTCHA expired")})
-
-          if not is_nil(Cachex.get!(:used_captcha_cache, token)),
-            do: throw({:error, dgettext("errors", "CAPTCHA already used")})
-
-          res = method().validate(token, captcha, answer_md5)
-          # Throw if an error occurs
-          if res != :ok, do: throw(res)
-
-          # Mark this captcha as used
-          {:ok, _} =
-            Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid))
-
-          :ok
-        catch
-          :throw, e -> e
-        end
-      else
-        _ -> {:error, dgettext("errors", "Invalid answer data")}
-      end
-
-    {:reply, result, state}
+
+    valid_if_after = DateTime.subtract!(DateTime.now_utc(), seconds_valid())
+
+    if DateTime.before?(created_at, valid_if_after) do
+      {:error, :expired}
+    else
+      :ok
+    end
+  end
+
+  defp validate_usage(token) do
+    if is_nil(Cachex.get!(:used_captcha_cache, token)) do
+      :ok
+    else
+      {:error, :already_used}
+    end
+  end
+
+  defp mark_captcha_as_used(token) do
+    ttl = seconds_valid() |> :timer.seconds()
+    Cachex.put(:used_captcha_cache, token, true, ttl: ttl)
   end
 
   defp method, do: Pleroma.Config.get!([__MODULE__, :method])
diff --git a/lib/pleroma/captcha/kocaptcha.ex b/lib/pleroma/captcha/kocaptcha.ex
index 06ceb20b6..6bc2fa158 100644
--- a/lib/pleroma/captcha/kocaptcha.ex
+++ b/lib/pleroma/captcha/kocaptcha.ex
@@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Captcha.Kocaptcha do
-  import Pleroma.Web.Gettext
   alias Pleroma.Captcha.Service
   @behaviour Service
 
@@ -13,7 +12,7 @@ defmodule Pleroma.Captcha.Kocaptcha do
 
     case Tesla.get(endpoint <> "/new") do
       {:error, _} ->
-        %{error: dgettext("errors", "Kocaptcha service unavailable")}
+        %{error: :kocaptcha_service_unavailable}
 
       {:ok, res} ->
         json_resp = Jason.decode!(res.body)
@@ -33,6 +32,6 @@ defmodule Pleroma.Captcha.Kocaptcha do
     if not is_nil(captcha) and
          :crypto.hash(:md5, captcha) |> Base.encode16() == String.upcase(answer_data),
        do: :ok,
-       else: {:error, dgettext("errors", "Invalid CAPTCHA")}
+       else: {:error, :invalid}
   end
 end
diff --git a/lib/pleroma/captcha/native.ex b/lib/pleroma/captcha/native.ex
index 06c479ca9..a90631d61 100644
--- a/lib/pleroma/captcha/native.ex
+++ b/lib/pleroma/captcha/native.ex
@@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Captcha.Native do
-  import Pleroma.Web.Gettext
   alias Pleroma.Captcha.Service
   @behaviour Service
 
@@ -11,7 +10,7 @@ defmodule Pleroma.Captcha.Native do
   def new do
     case Captcha.get() do
       :error ->
-        %{error: dgettext("errors", "Captcha error")}
+        %{error: :captcha_error}
 
       {:ok, answer_data, img_binary} ->
         %{
@@ -25,7 +24,7 @@ defmodule Pleroma.Captcha.Native do
 
   @impl Service
   def validate(_token, captcha, captcha) when not is_nil(captcha), do: :ok
-  def validate(_token, _captcha, _answer), do: {:error, dgettext("errors", "Invalid CAPTCHA")}
+  def validate(_token, _captcha, _answer), do: {:error, :invalid}
 
   defp token do
     10
author	Egor Kislitsyn <egor@kislitsyn.com>	2020-04-29 20:48:08 +0400
committer	Egor Kislitsyn <egor@kislitsyn.com>	2020-04-29 21:26:07 +0400
commit	7b0c8f0fde495e50c5434575c452addeace39e60 (patch)
tree	fd4ba0c2f80b9b787324670ca949529b25f98477 /lib/pleroma/captcha
parent	2f77842bd3c07d915cd341f7d3ba1f9053cc3a18 (diff)
download	pleroma-7b0c8f0fde495e50c5434575c452addeace39e60.tar.gz