diff --git a/src/api/client/account.rs b/src/api/client/account.rs index 624aa932..35e3435c 100644 --- a/src/api/client/account.rs +++ b/src/api/client/account.rs @@ -298,26 +298,27 @@ pub(crate) async fn register_route( session: None, auth_error: None, }; - let mut skip_auth = false; + let mut skip_auth = body.appservice_info.is_some(); if services.globals.registration_token.is_some() { // Registration token required uiaainfo.flows.push(AuthFlow { stages: vec![AuthType::RegistrationToken], }); - skip_auth = body.appservice_info.is_some(); } - if let Some(pubkey) = &services.config.recaptcha_site_key { - // ReCaptcha required - uiaainfo - .flows - .push(AuthFlow { stages: vec![AuthType::ReCaptcha] }); - uiaainfo.params = serde_json::value::to_raw_value(&serde_json::json!({ - "m.login.recaptcha": { - "public_key": pubkey, - }, - })) - .expect("Failed to serialize recaptcha params"); - skip_auth = body.appservice_info.is_some() || skip_auth; + if !services.config.recaptcha_private_site_key.is_none() { + if let Some(pubkey) = &services.config.recaptcha_site_key { + // ReCaptcha required + uiaainfo + .flows + .push(AuthFlow { stages: vec![AuthType::ReCaptcha] }); + uiaainfo.params = serde_json::value::to_raw_value(&serde_json::json!({ + "m.login.recaptcha": { + "public_key": pubkey, + }, + })) + .expect("Failed to serialize recaptcha params"); + skip_auth = skip_auth || is_guest; + } } else { // No registration token necessary, but clients must still go through the flow uiaainfo = UiaaInfo { @@ -327,7 +328,7 @@ pub(crate) async fn register_route( session: None, auth_error: None, }; - skip_auth = skip_auth || body.appservice_info.is_some() || is_guest; + skip_auth = skip_auth || is_guest; }; if !skip_auth { diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index 2307583c..9df01d46 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -556,8 +556,21 @@ pub struct Config { /// example: "/etc/continuwuity/.reg_token" pub registration_token_file: Option, + /// The public site key for reCaptcha. If this is provided, reCaptcha + /// becomes required during registration, **even if token registration is + /// enabled**. + /// + /// IMPORTANT: "Verify the origin of reCAPTCHA solutions" **MUST** BE + /// DISABLED IF YOU WANT THE CAPTCHA TO WORK IN 3RD PARTY CLIENTS, OR + /// CLIENTS HOSTED ON DOMAINS OTHER THAN YOUR OWN! + /// + /// Registration must be enabled (`allow_registration` must be true) for + /// this to have any effect. pub recaptcha_site_key: Option, + /// The private site key for reCaptcha. + /// If this is omitted, captcha registration will not work, + /// even if `recaptcha_site_key` is set. pub recaptcha_private_site_key: Option, /// Controls whether encrypted rooms and events are allowed.