Fix captcha validation

2025-08-28 15:38:30 +00:00 · 2023-07-26 16:40:32 -07:00 · 2023-07-26 16:40:32 -07:00 · 9be4585d16
commit 9be4585d16
parent 0fd4beeac8
2 changed files with 5 additions and 3 deletions
--- a/src/invidious/routes/login.cr
+++ b/src/invidious/routes/login.cr
@ -198,6 +198,8 @@ module Invidious::Routes::Login

    case captcha_type
    when "image"
+      LOGGER.trace("Validating image Captcha")
+
      answer = answer.lstrip('0')
      answer = OpenSSL::HMAC.hexdigest(:sha256, HMAC_KEY, answer)

@ -207,7 +209,7 @@ module Invidious::Routes::Login
        return error_template(400, "Erroneous CAPTCHA")
      end
    else # "text"
-      answer = Digest::MD5.hexdigest(answer)
+      answer = Digest::MD5.hexdigest(answer.downcase.strip)

      if tokens.empty?
        return error_template(400, "Erroneous CAPTCHA")
--- a/src/invidious/user/captcha.cr
+++ b/src/invidious/user/captcha.cr
@ -57,7 +57,7 @@ struct Invidious::User

      return {
        question: image,
-        tokens:   {generate_response(answer, {":login"}, key, use_nonce: true)},
+        tokens:   {generate_response(answer, {":captcha"}, key, use_nonce: true)},
      }
    end

@ -66,7 +66,7 @@ struct Invidious::User
      response = JSON.parse(response)

      tokens = response["a"].as_a.map do |answer|
-        generate_response(answer.as_s, {":login"}, key, use_nonce: true)
+        generate_response(answer.as_s, {":captcha"}, key, use_nonce: true)
      end

      return {