diff --git a/docs/configuring-captcha.md b/docs/configuring-captcha.md new file mode 100644 index 000000000..d137cf99e --- /dev/null +++ b/docs/configuring-captcha.md @@ -0,0 +1,23 @@ +(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md)) + +# Overview +Captcha can be enabled for this home server. This file explains how to do that. +The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google. + +## Getting keys + +Requires a site/secret key pair from: + + + +Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option + +## Setting ReCaptcha Keys + +Once registered as above, set the following values: + +```yaml +matrix_synapse_enable_registration_captcha: true +matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY' +matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY' +``` diff --git a/docs/configuring-playbook-ma1sd.md b/docs/configuring-playbook-ma1sd.md index 03d1ecded..06a5a5b97 100644 --- a/docs/configuring-playbook-ma1sd.md +++ b/docs/configuring-playbook-ma1sd.md @@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu - `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse +- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation. + - `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering - variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d9b5b61d4..ee38b1790 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# reCAPTCHA API for validating registration attempts +matrix_synapse_enable_registration_captcha: false +matrix_synapse_recaptcha_public_key: '' +matrix_synapse_recaptcha_private_key: '' + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 93cf43960..a02eb48fe 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -934,18 +934,18 @@ url_preview_accept_language: # This homeserver's ReCAPTCHA public key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_public_key: "YOUR_PUBLIC_KEY" +recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }} # This homeserver's ReCAPTCHA private key. Must be specified if # enable_registration_captcha is enabled. # -#recaptcha_private_key: "YOUR_PRIVATE_KEY" +recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }} # Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha # public/private key. Defaults to 'false'. # -#enable_registration_captcha: true +enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha|to_json }} # The API endpoint to use for verifying m.login.recaptcha responses. # Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".