BridgeDB's txrecaptcha returns the "No bridges available!" page if 'captcha_response_field' is blank
I was writing unittests for the bridgedb.HTTPServer
module and discovered this.
What is happening is:
-
bridgedb.HTTPServer.ReCaptchaProtectedResource.render_POST(request)
is called with blank strings for the'captcha_challenge_field'
and'captcha_response_field'
POST arguments. -
bridgedb.HTTPServer.CaptchaProtectedResource.render_POST(request)
is called. -
bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution(request)
is called. -
bridgedb.HTTPServer.CaptchaProtectedResource.extractClientSolution(request)
is called, and it returns a tuple of(_, _)
, which in Python has a boolean value ofTrue
. - The empty strings return a
bridgedb.txrecaptcha.RecaptchaResponse
frombridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution()
without hitting the callback functioncheckResponse()
. - The
RecaptchaResponse
also evaluates toTrue
, meaning thatcheckSolution(request)
inrender_POST()
passes, and the server tries to render theRecaptchaResponse
object as the list of bridges to give to the client, resulting in the "No bridges available!" webpage.
That sounds confusing. But I have a unittest to prove it happens, and the solution is really simple:
In bridgedb.CaptchaProtectedResource.render_POST()
:
- if self.checkSolution(request):
+ if self.checkSolution(request) is True: