From 1f21f0c09ad16d56404e6f9e0bc5b4d2b0ec13d7 Mon Sep 17 00:00:00 2001 From: Justin Croonenberghs Date: Fri, 3 Jul 2020 18:33:25 -0500 Subject: [PATCH] Add variables for reCAPTCHA validation --- docs/configuring-captcha.md | 24 +++++++++++++++++++ docs/configuring-playbook-ma1sd.md | 2 ++ roles/matrix-synapse/defaults/main.yml | 5 ++++ .../templates/synapse/homeserver.yaml.j2 | 6 ++--- 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 docs/configuring-captcha.md diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md new file mode 100644 index 000000000..5183b92b3 --- /dev/null +++ b/docs/configuring-captcha.md @@ -0,0 +1,24 @@ +(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md)) + +# Overview +Captcha can be enabled for this home server. This file explains how to do that. +The captcha mechanism used is Google's ReCaptcha. This requires API keys from Google. + +## Getting keys + +Requires a site/secret key pair from: + + + +Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option + +## Setting ReCaptcha Keys + +Once registered as above, set the following values: + + matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' + matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' + +In addition, you MUST enable captchas via: + + matrix_synapse_enable_registration_captcha: true diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 03d1ecded..06a5a5b97 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse +- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation. + - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d9b5b61d4..ee38b1790 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# reCAPTCHA API for validating registration attempts +matrix_synapse_enable_registration_captcha: false +matrix_synapse_recaptcha_public_key: '' +matrix_synapse_recaptcha_private_key: '' + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 93cf43960..e0b57f691 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -934,18 +934,18 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_public_key: "YOUR_PUBLIC_KEY" +#recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_private_key: "YOUR_PRIVATE_KEY" +#recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha # public/private key. Defaults to 'false'. # -#enable_registration_captcha: true +enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha }} # The API endpoint to use for verifying m.login.recaptcha responses. # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".