Update controllers/verification.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix i18n for application not found errors and add nil check
2026-02-12 20:49:50 +08:00 · 2026-02-12 10:48:10 +00:00 · 2026-02-12 17:06:58 +08:00 · 2026-02-12 17:06:23 +08:00 · 2026-02-12 17:06:08 +08:00 · 2026-02-09 09:36:32 +08:00
2 changed files with 121 additions and 32 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -688,6 +688,51 @@ func (c *ApiController) GetCaptcha() {
 	applicationId := c.Ctx.Input.Query("applicationId")
 	isCurrentProvider := c.Ctx.Input.Query("isCurrentProvider")

+	// When isCurrentProvider == "true", the frontend passes a provider ID instead of an application ID.
+	// In that case, skip application lookup and rule evaluation, and just return the provider config.
+	shouldSkipCaptcha := false
+
+	if isCurrentProvider != "true" {
+		application, err := object.GetApplication(applicationId)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if application == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), applicationId))
+			return
+		}
+
+		// Check the CAPTCHA rule to determine if CAPTCHA should be shown
+		clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+
+		// For Internet-Only rule, we can determine on the backend if CAPTCHA should be shown
+		// For other rules (Dynamic, Always), we need to return the CAPTCHA config
+		for _, providerItem := range application.Providers {
+			if providerItem.Provider == nil || providerItem.Provider.Category != "Captcha" {
+				continue
+			}
+
+			// For "None" rule, skip CAPTCHA
+			if providerItem.Rule == "None" || providerItem.Rule == "" {
+				shouldSkipCaptcha = true
+			} else if providerItem.Rule == "Internet-Only" {
+				// For Internet-Only rule, check if the client is from intranet
+				if !util.IsInternetIp(clientIp) {
+					// Client is from intranet, skip CAPTCHA
+					shouldSkipCaptcha = true
+				}
+			}
+
+			break // Only check the first CAPTCHA provider
+		}
+
+		if shouldSkipCaptcha {
+			c.ResponseOk(Captcha{Type: "none"})
+			return
+		}
+	}
 	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -151,39 +151,14 @@ func (c *ApiController) SendVerificationCode() {
 		return
 	}

-	provider, err := object.GetCaptchaProviderByApplication(vform.ApplicationId, "false", c.GetAcceptLanguage())
+	application, err := object.GetApplication(vform.ApplicationId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if provider != nil {
-		if vform.CaptchaType != provider.Type {
-			c.ResponseError(c.T("verification:Turing test failed."))
-			return
-		}
-
-		if provider.Type != "Default" {
-			vform.ClientSecret = provider.ClientSecret
-		}
-
-		if vform.CaptchaType != "none" {
-			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
-				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
-				return
-			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if !isHuman {
-				c.ResponseError(c.T("verification:Turing test failed."))
-				return
-			}
-		}
-	}
-
-	application, err := object.GetApplication(vform.ApplicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
+	if application == nil {
+		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), vform.ApplicationId))
 		return
 	}

@@ -214,6 +189,7 @@ func (c *ApiController) SendVerificationCode() {
 	}

 	var user *object.User
+	// Try to resolve user for CAPTCHA rule checking
 	// checkUser != "", means method is ForgetVerification
 	if vform.CheckUser != "" {
 		owner := application.Organization
@@ -231,18 +207,86 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
 			return
 		}
-	}
-
-	// mfaUserSession != "", means method is MfaAuthVerification
-	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
+	} else if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
+		// mfaUserSession != "", means method is MfaAuthVerification
 		user, err = object.GetUser(mfaUserSession)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
+	} else if vform.Method == ResetVerification {
+		// For reset verification, get the current logged-in user
+		user = c.getCurrentUser()
+	} else if vform.Method == LoginVerification {
+		// For login verification, try to find user by email/phone for CAPTCHA check
+		// This is a preliminary lookup; the actual validation happens later in the switch statement
+		if vform.Type == object.VerifyTypeEmail && util.IsEmailValid(vform.Dest) {
+			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+		} else if vform.Type == object.VerifyTypePhone {
+			// Prefer resolving the user directly by phone, consistent with the later login switch,
+			// so that Dynamic CAPTCHA is not skipped due to missing/invalid country code.
+			user, err = object.GetUserByPhone(organization.Name, vform.Dest)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+		}
+	}
+
+	// Determine username for CAPTCHA check
+	username := ""
+	if user != nil {
+		username = user.Name
+	} else if vform.CheckUser != "" {
+		username = vform.CheckUser
+	}
+
+	// Check if CAPTCHA should be enabled based on the rule (Dynamic/Always/Internet-Only)
+	enableCaptcha, err := object.CheckToEnableCaptcha(application, organization.Name, username, clientIp)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	// Only verify CAPTCHA if it should be enabled
+	if enableCaptcha {
+		captchaProvider, err := object.GetCaptchaProviderByApplication(vform.ApplicationId, "false", c.GetAcceptLanguage())
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if captchaProvider != nil {
+			if vform.CaptchaType != captchaProvider.Type {
+				c.ResponseError(c.T("verification:Turing test failed."))
+				return
+			}
+
+			if captchaProvider.Type != "Default" {
+				vform.ClientSecret = captchaProvider.ClientSecret
+			}
+
+			if vform.CaptchaType != "none" {
+				if captchaService := captcha.GetCaptchaProvider(vform.CaptchaType); captchaService == nil {
+					c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
+					return
+				} else if isHuman, err := captchaService.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2); err != nil {
+					c.ResponseError(err.Error())
+					return
+				} else if !isHuman {
+					c.ResponseError(c.T("verification:Turing test failed."))
+					return
+				}
+			}
+		}
 	}

 	sendResp := errors.New("invalid dest type")
+	var provider *object.Provider

 	switch vform.Type {
 	case object.VerifyTypeEmail:
Author	SHA1	Message	Date
Yang Luo	43ab5115c9	Update controllers/verification.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-12 20:49:50 +08:00
copilot-swe-agent[bot]	a9457bdfc6	Fix i18n for application not found errors and add nil check - Use c.T("auth:The application: %s does not exist") for i18n consistency in GetCaptcha - Add explicit nil check for application in SendVerificationCode to prevent panic Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>	2026-02-12 10:48:10 +00:00
Yang Luo	6a8861b162	Update controllers/account.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-12 17:06:58 +08:00
Yang Luo	f4df44bdb0	Update controllers/verification.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-12 17:06:23 +08:00
Yang Luo	5c6f269952	Update controllers/verification.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-12 17:06:08 +08:00
Yang Luo	db996922e1	Update account.go	2026-02-09 09:36:32 +08:00
copilot-swe-agent[bot]	1d52bfdb56	Improve GetCaptcha rule checking logic with else-if Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>	2026-02-07 15:05:51 +00:00
copilot-swe-agent[bot]	112199070a	Fix CAPTCHA rule enforcement for verification code sending - Modified SendVerificationCode to check CAPTCHA rules before requiring verification - Added early user resolution to determine if CAPTCHA should be shown for Dynamic rule - Modified GetCaptcha to check Internet-Only rule and skip CAPTCHA for intranet clients - CAPTCHA now respects Dynamic, Always, and Internet-Only rules correctly Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>	2026-02-07 15:04:42 +00:00
copilot-swe-agent[bot]	92c0c3dd0c	Initial plan	2026-02-07 14:54:30 +00:00