Add captcha support

Yonggan · July 3, 2023, 1:30pm

Would be nice to add captcha support. If you tried login one time and it fails, that you can show a captcha. I know you can block the IP with fail2ban or crowdsec, but a more human way would be to solve the captcha.

BlackDex · July 3, 2023, 2:00pm

I know there is something for that in the web-vault, but never tried it. Also not sure which provider is used and what can be configured.

stefan0xC · July 3, 2023, 6:37pm

Bitwarden server uses hCaptcha

github.com

bitwarden/server/blob/4e089286e503cb85a6c01d3590b74f61a7e10102/src/Core/Auth/Services/Implementations/HCaptchaValidationService.cs#L57


      
          {
              response.Success = true;
              return response;
          }
          
          var httpClient = _httpClientFactory.CreateClient("HCaptchaValidationService");
          
          var requestMessage = new HttpRequestMessage
          {
              Method = HttpMethod.Post,
              RequestUri = new Uri("https://hcaptcha.com/siteverify"),
              Content = new FormUrlEncodedContent(new Dictionary<string, string>
              {
                  { "response", captchaResponse.TrimStart("hcaptcha|".ToCharArray()) },
                  { "secret", _globalSettings.Captcha.HCaptchaSecretKey },
                  { "sitekey", SiteKey },
                  { "remoteip", clientIpAddress }
              })
          };
          
          HttpResponseMessage responseMessage;