Add per-action captcha site-key configuration

- reject captcha requests without valid actions - require specific site keys for each action
2026-04-22 01:08:05 +01:00 · 2023-03-13 09:59:03 -05:00
parent fd8918eaff
commit a8eb27940d
13 changed files with 281 additions and 89 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/configuration/dynamic/DynamicConfigurationTest.java
@@ -20,6 +20,7 @@ import java.util.Optional;
 import java.util.Set;
 import java.util.UUID;
 import org.junit.jupiter.api.Test;
+import org.whispersystems.textsecuregcm.captcha.Action;
 import org.whispersystems.textsecuregcm.limits.RateLimiterConfig;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
@@ -265,6 +266,15 @@ class DynamicConfigurationTest {
            scoreFloorByAction:
              challenge: 0.1
              registration: 0.2
+            hCaptchaSiteKeys:
+              challenge:
+                - ab317f2a-2b76-4098-84c9-ecdf8ea44f53
+              registration:
+                - e4ddb6ff-05e7-497b-9a29-b76e7331789c
+                - 52fdbc88-f246-4705-a7dd-05ad85b93420
+            recaptchaSiteKeys:
+              challenge:
+                - 299068b6-ac78-4288-a90b-2e2ce5a6ddfe
          """;

      final DynamicCaptchaConfiguration config =
@@ -273,8 +283,15 @@ class DynamicConfigurationTest {

      assertEquals(Set.of("1"), config.getSignupCountryCodes());
      assertEquals(0.9f, config.getScoreFloor().floatValue());
-      assertEquals(0.1f, config.getScoreFloorByAction().get("challenge").floatValue());
-      assertEquals(0.2f, config.getScoreFloorByAction().get("registration").floatValue());
+      assertEquals(0.1f, config.getScoreFloorByAction().get(Action.CHALLENGE).floatValue());
+      assertEquals(0.2f, config.getScoreFloorByAction().get(Action.REGISTRATION).floatValue());
+
+      assertThat(config.getHCaptchaSiteKeys().get(Action.CHALLENGE)).contains("ab317f2a-2b76-4098-84c9-ecdf8ea44f53");
+      assertThat(config.getHCaptchaSiteKeys().get(Action.REGISTRATION)).contains("e4ddb6ff-05e7-497b-9a29-b76e7331789c");
+      assertThat(config.getHCaptchaSiteKeys().get(Action.REGISTRATION)).contains("52fdbc88-f246-4705-a7dd-05ad85b93420");
+
+      assertThat(config.getRecaptchaSiteKeys().get(Action.CHALLENGE)).contains("299068b6-ac78-4288-a90b-2e2ce5a6ddfe");
+      assertThat(config.getRecaptchaSiteKeys().get(Action.REGISTRATION)).isNull();
    }
  }