CAPTCHA求めるのは2fa認証が無効になっているときだけにした

2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる

1 files changed, 12 insertions, 12 deletions

diff --git a/packages/backend/src/server/api/private/signin.ts b/packages/backend/src/server/api/private/signin.ts
index e8b222a4d5..0024b8ce3e 100644
--- a/packages/backend/src/server/api/private/signin.ts
+++ b/packages/backend/src/server/api/private/signin.ts
@@ -20,18 +20,6 @@ export default async (ctx: Koa.Context) => {
 
 	const instance = await fetchMeta(true);
 
-	if (instance.enableHcaptcha && instance.hcaptchaSecretKey) {
-		await verifyHcaptcha(instance.hcaptchaSecretKey, body['hcaptcha-response']).catch(e => {
-			ctx.throw(400, e);
-		});
-	}
-
-	if (instance.enableRecaptcha && instance.recaptchaSecretKey) {
-		await verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(e => {
-			ctx.throw(400, e);
-		});
-	}
-
 	const username = body['username'];
 	const password = body['password'];
 	const token = body['token'];
@@ -96,6 +84,18 @@ export default async (ctx: Koa.Context) => {
 	}
 
 	if (!profile.twoFactorEnabled) {
+		if (instance.enableHcaptcha && instance.hcaptchaSecretKey) {
+			await verifyHcaptcha(instance.hcaptchaSecretKey, body['hcaptcha-response']).catch(e => {
+				ctx.throw(400, e);
+			});
+		}
+	
+		if (instance.enableRecaptcha && instance.recaptchaSecretKey) {
+			await verifyRecaptcha(instance.recaptchaSecretKey, body['g-recaptcha-response']).catch(e => {
+				ctx.throw(400, e);
+			});
+		}
+	
 		if (same) {
 			signin(ctx, user);
 			return;