feat: re-added captcha checks (#3249)

[lemmy.git] / crates / api_crud / src / user / create.rs
diff --git a/crates/api_crud/src/user/create.rs b/crates/api_crud/src/user/create.rs

index c888339309a157482c627b2b217432a4877a8b87..871a05d6f39b4a08acad0a0acd26c214e9b2e9a4 100644 (file)
--- a/crates/api_crud/src/user/create.rs
+++ b/crates/api_crud/src/user/create.rs
@@ -1,6 +1,7 @@
  use crate::PerformCrud;
  use activitypub_federation::http_signatures::generate_actor_keypair;
  use actix_web::web::Data;
+use chrono::NaiveDateTime;
  use lemmy_api_common::{
    context::LemmyContext,
    person::{LoginResponse, Register},
@@ -19,6 +20,7 @@ use lemmy_api_common::{
  use lemmy_db_schema::{
    aggregates::structs::PersonAggregates,
    source::{
+    captcha_answer::CaptchaAnswer,
      local_user::{LocalUser, LocalUserInsertForm},
      person::{Person, PersonInsertForm},
      registration_application::{RegistrationApplication, RegistrationApplicationInsertForm},
@@ -71,6 +73,22 @@ impl PerformCrud for Register {
        return Err(LemmyError::from_message("passwords_dont_match"));
      }
  
+    if local_site.site_setup && local_site.captcha_enabled {
+      let check = CaptchaAnswer::check_captcha(
+        context.pool(),
+        CaptchaAnswer {
+          uuid: data.captcha_uuid.clone().unwrap_or_default(),
+          answer: data.captcha_answer.clone().unwrap_or_default(),
+          // not used when checking
+          expires: NaiveDateTime::MIN,
+        },
+      )
+      .await?;
+      if !check {
+        return Err(LemmyError::from_message("captcha_incorrect"));
+      }
+    }
+
      let slur_regex = local_site_to_slur_regex(&local_site);
      check_slurs(&data.username, &slur_regex)?;
      check_slurs_opt(&data.answer, &slur_regex)?;
@@ -83,6 +101,12 @@ impl PerformCrud for Register {
        &context.settings().get_protocol_and_hostname(),
      )?;
  
+    if let Some(email) = &data.email {
+      if LocalUser::is_email_taken(context.pool(), email).await? {
+        return Err(LemmyError::from_message("email_already_exists"));
+      }
+    }
+
      // We have to create both a person, and local_user
  
      // Register the new person
@@ -103,31 +127,20 @@ impl PerformCrud for Register {
        .await
        .map_err(|e| LemmyError::from_error_message(e, "user_already_exists"))?;
  
+    // Automatically set their application as accepted, if they created this with open registration.
+    // Also fixes a bug which allows users to log in when registrations are changed to closed.
+    let accepted_application = Some(!require_registration_application);
+
      // Create the local user
      let local_user_form = LocalUserInsertForm::builder()
        .person_id(inserted_person.id)
        .email(data.email.as_deref().map(str::to_lowercase))
        .password_encrypted(data.password.to_string())
        .show_nsfw(Some(data.show_nsfw))
+      .accepted_application(accepted_application)
        .build();
  
-    let inserted_local_user = match LocalUser::create(context.pool(), &local_user_form).await {
-      Ok(lu) => lu,
-      Err(e) => {
-        let err_type = if e.to_string()
-          == "duplicate key value violates unique constraint \"local_user_email_key\""
-        {
-          "email_already_exists"
-        } else {
-          "user_already_exists"
-        };
-
-        // If the local user creation errored, then delete that person
-        Person::delete(context.pool(), inserted_person.id).await?;
-
-        return Err(LemmyError::from_error_message(e, err_type));
-      }
-    };
+    let inserted_local_user = LocalUser::create(context.pool(), &local_user_form).await?;
  
      if local_site.site_setup && require_registration_application {
        // Create the registration application