Add ability to set hCaptcha either on registration form or on e-mail validation

Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.

1 files changed, 10 insertions, 2 deletions

diff --git a/app/controllers/concerns/captcha_concern.rb b/app/controllers/concerns/captcha_concern.rb
index 4a942c988..02069d205 100644
--- a/app/controllers/concerns/captcha_concern.rb
+++ b/app/controllers/concerns/captcha_concern.rb
@@ -15,17 +15,21 @@ module CaptchaConcern
   end
 
   def captcha_enabled?
-    captcha_available? && Setting.captcha_enabled
+    captcha_available? && Setting.captcha_mode == captcha_context
   end
 
   def captcha_recently_passed?
     session[:captcha_passed_at].present? && session[:captcha_passed_at] >= CAPTCHA_TIMEOUT.ago
   end
 
+  def captcha_user_bypass?
+    current_user.present? || (@invite.present? && @invite.valid_for_use? && !@invite.max_uses.nil?)
+  end
+
   def captcha_required?
     return false if ENV['OMNIAUTH_ONLY'] == 'true'
     return false unless Setting.registrations_mode != 'none' || @invite&.valid_for_use?
-    captcha_enabled? && !current_user && !(@invite.present? && @invite.valid_for_use? && !@invite.max_uses.nil?) && !captcha_recently_passed?
+    captcha_enabled? && !captcha_user_bypass? && !captcha_recently_passed?
   end
 
   def clear_captcha!
@@ -65,4 +69,8 @@ module CaptchaConcern
 
     hcaptcha_tags
   end
+
+  def captcha_context
+    'registration-form'
+  end
 end