Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add recaptcha_{private,public}_key_path config option #17984

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Add recaptcha_{private,public}_key_path config option #17984

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d9e8f1a
Add recaptcha_{private,public}_key_path config opt
V02460 Dec 2, 2024
b573c51
Merge branch 'develop' into recaptcha-key-path
V02460 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/17984.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
32 changes: 32 additions & 0 deletions docs/usage/configuration/config_documentation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2293,6 +2293,22 @@ Example configuration:
```yaml
recaptcha_public_key: "YOUR_PUBLIC_KEY"
```
---
### `recaptcha_public_key_path`

An alternative to [`recaptcha_public_key`](#recaptcha_public_key):
allows the public key to be specified in an external file.

The file should be a plain text file, containing only the public key.
Synapse reads the public key from the given file once at startup.

Example configuration:
```yaml
recaptcha_public_key_path: /path/to/key/file
```

_Added in Synapse 1.121.0._

---
### `recaptcha_private_key`

Expand All @@ -2304,6 +2320,22 @@ Example configuration:
```yaml
recaptcha_private_key: "YOUR_PRIVATE_KEY"
```
---
### `recaptcha_private_key_path`

An alternative to [`recaptcha_private_key`](#recaptcha_private_key):
allows the private key to be specified in an external file.

The file should be a plain text file, containing only the private key.
Synapse reads the private key from the given file once at startup.

Example configuration:
```yaml
recaptcha_private_key_path: /path/to/key/file
```

_Added in Synapse 1.121.0._

---
### `enable_registration_captcha`

Expand Down
26 changes: 25 additions & 1 deletion synapse/config/captcha.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,21 +23,45 @@

from synapse.types import JsonDict

from ._base import Config, ConfigError
from ._base import Config, ConfigError, read_file

CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR = """\
You have configured both `recaptcha_private_key` and
`recaptcha_private_key_path`. These are mutually incompatible.
Comment on lines +29 to +30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can dumb this down a bit:

Suggested change
You have configured both `recaptcha_private_key` and
`recaptcha_private_key_path`. These are mutually incompatible.
You have configured both `recaptcha_private_key` and
`recaptcha_private_key_path`. Only one or the other can be specified at a time.

Comment on lines +29 to +30
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a slight variation on the typical error message we've been using for this:

Conflicting options 'macaroon_secret_key' and 'macaroon_secret_key_path' are
both defined in config file.

I like the version that this PR has but we should probably be consistent and update all the other similar errors.

"""

CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR = """\
You have configured both `recaptcha_public_key` and `recaptcha_public_key_path`.
These are mutually incompatible.
"""


class CaptchaConfig(Config):
section = "captcha"

def read_config(self, config: JsonDict, **kwargs: Any) -> None:
recaptcha_private_key = config.get("recaptcha_private_key")
recaptcha_private_key_path = config.get("recaptcha_private_key_path")
if recaptcha_private_key_path:
if recaptcha_private_key:
raise ConfigError(CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR)
recaptcha_private_key = read_file(
recaptcha_private_key_path, ("recaptcha_private_key_path",)
).strip()
if recaptcha_private_key is not None and not isinstance(
recaptcha_private_key, str
):
raise ConfigError("recaptcha_private_key must be a string.")
self.recaptcha_private_key = recaptcha_private_key

recaptcha_public_key = config.get("recaptcha_public_key")
recaptcha_public_key_path = config.get("recaptcha_public_key_path")
if recaptcha_public_key_path:
if recaptcha_public_key:
raise ConfigError(CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR)
recaptcha_public_key = read_file(
recaptcha_public_key_path, ("recaptcha_public_key_path",)
).strip()
if recaptcha_public_key is not None and not isinstance(
recaptcha_public_key, str
):
Expand Down
10 changes: 10 additions & 0 deletions tests/config/test_load.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,8 @@ def test_depreciated_identity_server_flag_throws_error(self) -> None:
[
"turn_shared_secret_path: /does/not/exist",
"registration_shared_secret_path: /does/not/exist",
"recaptcha_private_key_path: /does/not/exist",
"recaptcha_public_key_path: /does/not/exist",
*["redis:\n enabled: true\n password_path: /does/not/exist"]
* (hiredis is not None),
]
Expand All @@ -152,6 +154,14 @@ def test_secret_files_missing(self, config_str: str) -> None:
"registration_shared_secret_path: {}",
lambda c: c.registration.registration_shared_secret,
),
(
"recaptcha_private_key_path: {}",
lambda c: c.captcha.recaptcha_private_key,
),
(
"recaptcha_public_key_path: {}",
lambda c: c.captcha.recaptcha_public_key,
),
*[
(
"redis:\n enabled: true\n password_path: {}",
Expand Down
Loading