Disable `registrations` flag in /api/v1/instance when CAPTCHA is enabled

This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
pull/1665/head
Claire 2022-01-25 13:54:11 +01:00
parent bf351d72af
commit a9269f8786
2 changed files with 6 additions and 2 deletions

View File

@ -98,7 +98,7 @@ class REST::InstanceSerializer < ActiveModel::Serializer
end end
def registrations def registrations
Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode && !captcha_enabled?
end end
def approval_required def approval_required
@ -114,4 +114,8 @@ class REST::InstanceSerializer < ActiveModel::Serializer
def instance_presenter def instance_presenter
@instance_presenter ||= InstancePresenter.new @instance_presenter ||= InstancePresenter.new
end end
def captcha_enabled?
ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present? && Setting.captcha_enabled
end
end end

View File

@ -3,7 +3,7 @@ en:
admin: admin:
settings: settings:
captcha_enabled: captcha_enabled:
desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns. desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, may prevent your instance from being listed as having open registrations, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns.
title: Require new users to go through a CAPTCHA to sign up title: Require new users to go through a CAPTCHA to sign up
enable_keybase: enable_keybase:
desc_html: Allow your users to prove their identity via keybase desc_html: Allow your users to prove their identity via keybase