diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index ece23b4c0..687653145 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -401,7 +401,7 @@ public class AccountController { { if (captchaToken.isPresent()) { - boolean validToken = recaptchaClient.verify(captchaToken.get()); + boolean validToken = recaptchaClient.verify(captchaToken.get(), requester); if (validToken) { captchaSuccessMeter.mark(); diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/recaptcha/RecaptchaClient.java b/service/src/main/java/org/whispersystems/textsecuregcm/recaptcha/RecaptchaClient.java index 8bafd4ade..1b0d4a7bf 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/recaptcha/RecaptchaClient.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/recaptcha/RecaptchaClient.java @@ -21,10 +21,11 @@ public class RecaptchaClient { this.recaptchaSecret = recaptchaSecret; } - public boolean verify(String captchaToken) { + public boolean verify(String captchaToken, String ip) { MultivaluedMap formData = new MultivaluedHashMap<>(); formData.add("secret", recaptchaSecret); formData.add("response", captchaToken); + formData.add("remoteip", ip); VerifyResponse response = client.target("https://www.google.com/recaptcha/api/siteverify") .request() diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java index 6d137e657..8347a117b 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java @@ -130,8 +130,8 @@ public class AccountControllerTest { when(abusiveHostRules.getAbusiveHostRulesFor(eq(RESTRICTED_HOST))).thenReturn(Collections.singletonList(new AbusiveHostRule(RESTRICTED_HOST, false, Collections.singletonList("+123")))); when(abusiveHostRules.getAbusiveHostRulesFor(eq(NICE_HOST))).thenReturn(Collections.emptyList()); - when(recaptchaClient.verify(eq(INVALID_CAPTCHA_TOKEN))).thenReturn(false); - when(recaptchaClient.verify(eq(VALID_CAPTCHA_TOKEN))).thenReturn(true); + when(recaptchaClient.verify(eq(INVALID_CAPTCHA_TOKEN), anyString())).thenReturn(false); + when(recaptchaClient.verify(eq(VALID_CAPTCHA_TOKEN), anyString())).thenReturn(true); doThrow(new RateLimitExceededException(SENDER_OVER_PIN)).when(pinLimiter).validate(eq(SENDER_OVER_PIN)); @@ -216,7 +216,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(200); verifyNoMoreInteractions(abusiveHostRules); - verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN)); + verify(recaptchaClient).verify(eq(VALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); verify(smsSender).deliverSmsVerification(eq(SENDER), eq(Optional.empty()), anyString()); } @@ -233,7 +233,7 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(402); verifyNoMoreInteractions(abusiveHostRules); - verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN)); + verify(recaptchaClient).verify(eq(INVALID_CAPTCHA_TOKEN), eq(ABUSIVE_HOST)); verifyNoMoreInteractions(smsSender); }