#241 [sec] add captcha to change email too

2025-09-25 05:54:25 -04:00 · 2021-08-07 12:10:18 +02:00 · 2021-08-07 12:10:18 +02:00 · a7e092ba71
commit a7e092ba71
parent 1a7130ea3d
2 changed files with 22 additions and 5 deletions
--- a/components/Account.vue
+++ b/components/Account.vue
@ -55,11 +55,16 @@

                    <form @submit.prevent="changeEmail" :disabled="savingEmail">
                        <h3 class="h6"><T>user.account.changeEmail.header</T></h3>
-                        <div v-if="!changeEmailAuthId" class="input-group mb-3">
-                            <input type="email" class="form-control" v-model="email" required/>
-                            <button class="btn btn-outline-primary">
-                                <T>user.account.changeEmail.action</T>
-                            </button>
+                        <div v-if="!changeEmailAuthId" class="">
+                            <input type="email" class="form-control mb-3" v-model="email" required/>
+                            <div class="d-flex">
+                                <Captcha v-model="captchaToken"/>
+                                <div class="ms-3">
+                                    <button class="btn btn-outline-primary" :disabled="!canChangeEmail">
+                                        <T>user.account.changeEmail.action</T>
+                                    </button>
+                                </div>
+                            </div>
                        </div>
                        <div v-else class="input-group mb-3">
                            <input type="text" class="form-control text-center" v-model="code"
@ -140,6 +145,8 @@
                savingEmail: false,

                gravatar,
+
+                captchaToken: null,
            }
        },
        async mounted() {
@ -189,6 +196,7 @@
                        email: this.email,
                        authId: this.changeEmailAuthId,
                        code: this.code,
+                        captchaToken: this.captchaToken,
                    });

                    if (response.error) {
@ -241,6 +249,11 @@
                await this.setAvatar(`${process.env.BUCKET}/images/${ids[0]}-thumb.png`);
            },
        },
+        computed: {
+            canChangeEmail() {
+                return this.email && this.captchaToken;
+            }
+        },
    }
 </script>

--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -306,6 +306,10 @@ router.post('/user/change-email', handleErrorAsync(async (req, res) => {
        return res.status(401).json({error: 'Unauthorised'});
    }

+    if (!await validateCaptcha(req.body.captchaToken)) {
+        return res.json({error: 'captcha.invalid'});
+    }
+
    if (!await validateEmail(req.user.email)) {
        return res.json({ error: 'user.account.changeEmail.invalid' })
    }