Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add captcha to verify and token endpoints #520

Merged
merged 3 commits into from
Jun 29, 2022
Merged

feat: add captcha to verify and token endpoints #520

merged 3 commits into from
Jun 29, 2022

Conversation

kangmingtay
Copy link
Member

What kind of change does this PR introduce?

  • Add captcha protection to /verify and /token endpoints
  • Captcha protection is excluded from any GET /verify requests and POST /token?grant_type=refresh_token
  • Renamed the captcha token field to make it more generic for future implementations of other captcha providers (e.g. reCaptcha) - this should only affect anyone self-hosting gotrue and using the captcha feature already
  • Decided not to enable captcha on the following endpoints
    • /admin routes since those endpoint should only be called on the server-side
    • /user since the user has to be logged in first in order to make calls to this endpoint
    • /settings, /authorize, /logout - seems irrelevant

@kangmingtay kangmingtay requested review from hf, darora and J0 June 29, 2022 02:12
@kangmingtay kangmingtay self-assigned this Jun 29, 2022
@kangmingtay kangmingtay merged commit 32a6e1f into master Jun 29, 2022
@kangmingtay kangmingtay deleted the km/add-captcha-everywhere branch June 29, 2022 05:34
@github-actions
Copy link
Contributor

🎉 This PR is included in version 2.7.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@kangmingtay kangmingtay mentioned this pull request Jun 30, 2022
Merged
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
@kangmingtay
feat: add captcha to verify and token endpoints (supabase#520)
169eaff 
* fix: add captcha to verify and token endpoints

* don't enable captcha on refresh token grant_type

* refactor: rename hcaptcha_token to captcha_token for generalizability
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
@kangmingtay @LashaJini
feat: add captcha to verify and token endpoints (supabase#520)
c4935c1 
* fix: add captcha to verify and token endpoints

* don't enable captcha on refresh token grant_type

* refactor: rename hcaptcha_token to captcha_token for generalizability
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
@kangmingtay @LashaJini
feat: add captcha to verify and token endpoints (supabase#520)
ff853cb 
* fix: add captcha to verify and token endpoints

* don't enable captcha on refresh token grant_type

* refactor: rename hcaptcha_token to captcha_token for generalizability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J0 J0 J0 approved these changes

@darora darora darora approved these changes

@hf hf Awaiting requested review from hf

Assignees

@kangmingtay kangmingtay

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kangmingtay @darora @J0