[SG-656] Send a captcha bypass token back from the register endpoint (#2278)

* Send a captcha bypass token back from the register endpoint * [review] Use existing user * [review] Introduce ICaptcheProtectedResponseModel
2025-02-22 02:51:33 +01:00 · 2022-09-15 10:02:37 -04:00 · 2022-09-15 10:02:37 -04:00 · 287dc2e06b
commit 287dc2e06b
parent 735ad264f1
4 changed files with 32 additions and 5 deletions
--- a/src/Identity/Controllers/AccountsController.cs
+++ b/src/Identity/Controllers/AccountsController.cs
@ -6,6 +6,7 @@ using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
+using Bit.Identity.Models;
 using Bit.SharedWeb.Utilities;
 using Microsoft.AspNetCore.Mvc;

@ -18,27 +19,32 @@ public class AccountsController : Controller
    private readonly ILogger<AccountsController> _logger;
    private readonly IUserRepository _userRepository;
    private readonly IUserService _userService;
+    private readonly ICaptchaValidationService _captchaValidationService;

    public AccountsController(
        ILogger<AccountsController> logger,
        IUserRepository userRepository,
-        IUserService userService)
+        IUserService userService,
+        ICaptchaValidationService captchaValidationService)
    {
        _logger = logger;
        _userRepository = userRepository;
        _userService = userService;
+        _captchaValidationService = captchaValidationService;
    }

    // Moved from API, If you modify this endpoint, please update API as well.
    [HttpPost("register")]
    [CaptchaProtected]
-    public async Task PostRegister([FromBody] RegisterRequestModel model)
+    public async Task<RegisterResponseModel> PostRegister([FromBody] RegisterRequestModel model)
    {
-        var result = await _userService.RegisterUserAsync(model.ToUser(), model.MasterPasswordHash,
+        var user = model.ToUser();
+        var result = await _userService.RegisterUserAsync(user, model.MasterPasswordHash,
            model.Token, model.OrganizationUserId);
        if (result.Succeeded)
        {
-            return;
+            var captchaBypassToken = _captchaValidationService.GenerateCaptchaBypassToken(user);
+            return new RegisterResponseModel(captchaBypassToken);
        }

        foreach (var error in result.Errors.Where(e => e.Code != "DuplicateUserName"))
--- a/src/Identity/Models/ICaptchaProtectedResponseModel.cs
+++ b/src/Identity/Models/ICaptchaProtectedResponseModel.cs
@ -0,0 +1,4 @@
+public interface ICaptchaProtectedResponseModel
+{
+    public string CaptchaBypassToken { get; set; }
+}
--- a/src/Identity/Models/RegisterResponseModel.cs
+++ b/src/Identity/Models/RegisterResponseModel.cs
@ -0,0 +1,14 @@
+using Bit.Core.Models.Api;
+
+namespace Bit.Identity.Models;
+
+public class RegisterResponseModel : ResponseModel, ICaptchaProtectedResponseModel
+{
+    public RegisterResponseModel(string captchaBypassToken)
+        : base("register")
+    {
+        CaptchaBypassToken = captchaBypassToken;
+    }
+
+    public string CaptchaBypassToken { get; set; }
+}
--- a/test/Identity.Test/Controllers/AccountsControllerTests.cs
+++ b/test/Identity.Test/Controllers/AccountsControllerTests.cs
@ -20,16 +20,19 @@ public class AccountsControllerTests : IDisposable
    private readonly ILogger<AccountsController> _logger;
    private readonly IUserRepository _userRepository;
    private readonly IUserService _userService;
+    private readonly ICaptchaValidationService _captchaValidationService;

    public AccountsControllerTests()
    {
        _logger = Substitute.For<ILogger<AccountsController>>();
        _userRepository = Substitute.For<IUserRepository>();
        _userService = Substitute.For<IUserService>();
+        _captchaValidationService = Substitute.For<ICaptchaValidationService>();
        _sut = new AccountsController(
            _logger,
            _userRepository,
-            _userService
+            _userService,
+            _captchaValidationService
        );
    }