From ecce3d7dcd01960b7575b9c8d4c46edfc7b6179b Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Tue, 11 Aug 2020 13:31:07 +0200
Subject: [PATCH] added random delay for showing captcha
---
app/Http/Controllers/HumanVerification.php | 2 ++
app/Http/Middleware/HumanVerification.php | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php
index 034ac5213..6b9798553 100644
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -39,6 +39,7 @@ class HumanVerification extends Controller
$key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) {
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
@@ -65,6 +66,7 @@ class HumanVerification extends Controller
}
}
}
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php
index 1ce6b38a2..a39debc38 100644
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -80,7 +80,7 @@ class HumanVerification
}
}
}
-
+
# A lot of automated requests are from websites that redirect users to our result page.
# We will detect those requests and put a captcha
$referer = URL::previous();
@@ -98,9 +98,10 @@ class HumanVerification
if ((!$alone && $sum >= 50 && !$user["whitelist"]) || $refererLock) {
$user["locked"] = true;
}
-
+
# If the user is locked we will force a Captcha validation
if ($user["locked"]) {
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
\App\PrometheusExporter::CaptchaShown();
--
GitLab