Log the hostname the reCAPTCHA was completed on

This could be useful information to have in the logs. Also comment about how & why we don't verify the hostname.
matrix-org · Jul 22, 2016 · dad2da7 · dad2da7
1 parent 68a92af
commit dad2da7
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
@@ -279,8 +279,17 @@ def _check_recaptcha(self, authdict, clientip):
             data = pde.response
             resp_body = simplejson.loads(data)
 
-        if 'success' in resp_body and resp_body['success']:
-            defer.returnValue(True)
+        if 'success' in resp_body:
+            # Note that we do NOT check the hostname here: we explicitly
+            # intend the CAPTCHA to be presented by whatever client the
+            # user is using, we just care that they have completed a CAPTCHA.
+            logger.info(
+                "%s reCAPTCHA from hostname %s",
+                "Successful" if resp_body['success'] else "Failed",
+                resp_body['hostname']
+            )
+            if resp_body['success']:
+                defer.returnValue(True)
         raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
 
     @defer.inlineCallbacks