2 files changed, 28 insertions, 3 deletions

diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex
index e15991957..bdd0ee26f 100644
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@@ -28,6 +28,16 @@ defmodule Pleroma.Application do
         worker(
           Cachex,
           [
+            :used_captcha_cache,
+            [
+              ttl_interval: :timer.seconds(60 * 2)
+            ]
+          ],
+          id: :cachex_used_captcha_cache
+        ),
+        worker(
+          Cachex,
+          [
             :user_cache,
             [
               default_ttl: 25000,
diff --git a/lib/pleroma/captcha/captcha.ex b/lib/pleroma/captcha/captcha.ex
index 04769d4b2..c7abafeb1 100644
--- a/lib/pleroma/captcha/captcha.ex
+++ b/lib/pleroma/captcha/captcha.ex
@@ -80,9 +80,24 @@ defmodule Pleroma.Captcha do
     result =
       with {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
            %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
-        if DateTime.after?(at, valid_if_after),
-          do: method().validate(token, captcha, answer_md5),
-          else: {:error, "CAPTCHA expired"}
+        try do
+          if DateTime.before?(at, valid_if_after), do: throw({:error, "CAPTCHA expired"})
+
+          if not is_nil(Cachex.get!(:used_captcha_cache, token)),
+            do: throw({:error, "CAPTCHA already used"})
+
+          res = method().validate(token, captcha, answer_md5)
+          # Throw if an error occurs
+          if res != :ok, do: throw(res)
+
+          # Mark this captcha as used
+          {:ok, _} =
+            Cachex.put(:used_captcha_cache, token, true, ttl: :timer.seconds(seconds_valid))
+
+          :ok
+        catch
+          :throw, e -> e
+        end
       else
         _ -> {:error, "Invalid answer data"}
       end