Fixed Captcha when on non-enterprise plans

ref BAE-396
2025-04-01 02:41:39 -05:00 · 2025-02-11 14:46:24 +00:00 · 2025-02-11 14:46:24 +00:00 · fc5363f07e
commit fc5363f07e
parent ec327badf9
2 changed files with 51 additions and 1 deletions
--- a/ghost/captcha-service/lib/CaptchaService.js
+++ b/ghost/captcha-service/lib/CaptchaService.js
@ -45,7 +45,11 @@ class CaptchaService {

                captchaResponse = await hcaptcha.verify(secretKey, req.body.token, req.ip);

-                if (captchaResponse.score < scoreThreshold) {
+                if ('score' in captchaResponse && captchaResponse.score < scoreThreshold) {
+                    // Using hCaptcha enterprise, so score is present
+                    next();
+                } else if (!('score' in captchaResponse) && captchaResponse.success) {
+                    // Using regular hCaptcha, so challenge-based
                    next();
                } else {
                    logging.error(`Blocking request due to high score (${captchaResponse.score})`);
--- a/ghost/captcha-service/test/CaptchaService.test.js
+++ b/ghost/captcha-service/test/CaptchaService.test.js
@ -91,6 +91,52 @@ describe('CaptchaService', function () {
        });
    });

+    it('Succeeds if no score present, but challenge was successful', function (done) {
+        hcaptcha.verify.resolves({success: true});
+
+        const captchaService = new CaptchaService({
+            enabled: true,
+            scoreThreshold: 0.8,
+            secretKey: 'test-secret'
+        });
+
+        const captchaMiddleware = captchaService.getMiddleware();
+
+        const req = {
+            body: {
+                token: 'test-token'
+            }
+        };
+
+        captchaMiddleware(req, null, (err) => {
+            assert.equal(err, undefined);
+            done();
+        });
+    });
+
+    it('Fails if no score is present and challenge unsuccessful', function (done) {
+        hcaptcha.verify.resolves({success: false});
+
+        const captchaService = new CaptchaService({
+            enabled: true,
+            scoreThreshold: 0.8,
+            secretKey: 'test-secret'
+        });
+
+        const captchaMiddleware = captchaService.getMiddleware();
+
+        const req = {
+            body: {
+                token: 'test-token'
+            }
+        };
+
+        captchaMiddleware(req, null, (err) => {
+            assert.equal(err.message, 'The server has encountered an error.');
+            done();
+        });
+    });
+
    it('Returns a 400 if no token provided', function (done) {
        const captchaService = new CaptchaService({
            enabled: true,