mirrors/synapse
mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2025-01-20 18:42:33 +00:00
Code Activity

Add recaptcha_{private,public}_key_path config opt

Browse source
This commit is contained in:
Kai A. Hiller 2024-12-02 16:27:20 +01:00
parent a82f5f206f
commit d9e8f1a43a
4 changed files with 68 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/17984.feature Normal file
View file

@ -0,0 +1 @@
Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.

32
docs/usage/configuration/config_documentation.md
View file

@ -2293,6 +2293,22 @@ Example configuration:
```yaml ```yaml
recaptcha_public_key: "YOUR_PUBLIC_KEY" recaptcha_public_key: "YOUR_PUBLIC_KEY"
``` ```
---
### `recaptcha_public_key_path`
An alternative to [`recaptcha_public_key`](#recaptcha_public_key):
allows the public key to be specified in an external file.
The file should be a plain text file, containing only the public key.
Synapse reads the public key from the given file once at startup.
Example configuration:
```yaml
recaptcha_public_key_path: /path/to/key/file
```
_Added in Synapse 1.121.0._
--- ---
### `recaptcha_private_key` ### `recaptcha_private_key`
@ -2304,6 +2320,22 @@ Example configuration:
```yaml ```yaml
recaptcha_private_key: "YOUR_PRIVATE_KEY" recaptcha_private_key: "YOUR_PRIVATE_KEY"
``` ```
---
### `recaptcha_private_key_path`
An alternative to [`recaptcha_private_key`](#recaptcha_private_key):
allows the private key to be specified in an external file.
The file should be a plain text file, containing only the private key.
Synapse reads the private key from the given file once at startup.
Example configuration:
```yaml
recaptcha_private_key_path: /path/to/key/file
```
_Added in Synapse 1.121.0._
--- ---
### `enable_registration_captcha` ### `enable_registration_captcha`

26
synapse/config/captcha.py
View file

@ -23,7 +23,17 @@ from typing import Any
from synapse.types import JsonDict from synapse.types import JsonDict
from ._base import Config, ConfigError from ._base import Config, ConfigError, read_file
CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR = """\
You have configured both `recaptcha_private_key` and
`recaptcha_private_key_path`. These are mutually incompatible.
"""
CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR = """\
You have configured both `recaptcha_public_key` and `recaptcha_public_key_path`.
These are mutually incompatible.
"""
class CaptchaConfig(Config): class CaptchaConfig(Config):
@ -31,6 +41,13 @@ class CaptchaConfig(Config):
def read_config(self, config: JsonDict, **kwargs: Any) -> None: def read_config(self, config: JsonDict, **kwargs: Any) -> None:
recaptcha_private_key = config.get("recaptcha_private_key") recaptcha_private_key = config.get("recaptcha_private_key")
recaptcha_private_key_path = config.get("recaptcha_private_key_path")
if recaptcha_private_key_path:
if recaptcha_private_key:
raise ConfigError(CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR)
recaptcha_private_key = read_file(
recaptcha_private_key_path, ("recaptcha_private_key_path",)
).strip()
if recaptcha_private_key is not None and not isinstance( if recaptcha_private_key is not None and not isinstance(
recaptcha_private_key, str recaptcha_private_key, str
): ):
@ -38,6 +55,13 @@ class CaptchaConfig(Config):
self.recaptcha_private_key = recaptcha_private_key self.recaptcha_private_key = recaptcha_private_key
recaptcha_public_key = config.get("recaptcha_public_key") recaptcha_public_key = config.get("recaptcha_public_key")
recaptcha_public_key_path = config.get("recaptcha_public_key_path")
if recaptcha_public_key_path:
if recaptcha_public_key:
raise ConfigError(CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR)
recaptcha_public_key = read_file(
recaptcha_public_key_path, ("recaptcha_public_key_path",)
).strip()
if recaptcha_public_key is not None and not isinstance( if recaptcha_public_key is not None and not isinstance(
recaptcha_public_key, str recaptcha_public_key, str
): ):

10
tests/config/test_load.py
View file

@ -131,6 +131,8 @@ class ConfigLoadingFileTestCase(ConfigFileTestCase):
[ [
"turn_shared_secret_path: /does/not/exist", "turn_shared_secret_path: /does/not/exist",
"registration_shared_secret_path: /does/not/exist", "registration_shared_secret_path: /does/not/exist",
"recaptcha_private_key_path: /does/not/exist",
"recaptcha_public_key_path: /does/not/exist",
*["redis:\n enabled: true\n password_path: /does/not/exist"] *["redis:\n enabled: true\n password_path: /does/not/exist"]
* (hiredis is not None), * (hiredis is not None),
] ]
@ -152,6 +154,14 @@ class ConfigLoadingFileTestCase(ConfigFileTestCase):
"registration_shared_secret_path: {}", "registration_shared_secret_path: {}",
lambda c: c.registration.registration_shared_secret, lambda c: c.registration.registration_shared_secret,
), ),
(
"recaptcha_private_key_path: {}",
lambda c: c.captcha.recaptcha_private_key,
),
(
"recaptcha_public_key_path: {}",
lambda c: c.captcha.recaptcha_public_key,
),
*[ *[
( (
"redis:\n enabled: true\n password_path: {}", "redis:\n enabled: true\n password_path: {}",