Skip to content

SDP-2009: Add endpoint for fetch captcha config#1052

Merged
JiahuiWho merged 6 commits intodevelopfrom
sdp-2009-add-public-endpoint
Feb 12, 2026
Merged

SDP-2009: Add endpoint for fetch captcha config#1052
JiahuiWho merged 6 commits intodevelopfrom
sdp-2009-add-public-endpoint

Conversation

@JiahuiWho
Copy link
Contributor

@JiahuiWho JiahuiWho commented Feb 11, 2026
edited
Loading

What

  1. Add /app-config endpoint to fetch captcha config for FE use
  2. Changeforgot_password_handler.go to check IsCAPTCHADisabled() instead of env var h.ReCAPTCHADisabled, which is only the env-level flag.

Why

reCAPTCHA v3

Known limitations

To test reCAPTCHA v3 locally, you will need to update .env with

CAPTCHA_TYPE="GOOGLE_RECAPTCHA_V3"
RECAPTCHA_SITE_KEY="6LcgOWcsAAAAAJkeyQHEW4-yA-Eu79kYHDYXeznF"
RECAPTCHA_SITE_SECRET_KEY="6LcgOWcsAAAAACGUHDBr7VpcZ_C5BUjRPuBk9EUP"

and env-config-testnet.js (the nginx)with

RECAPTCHA_SITE_KEY: "6LcgOWcsAAAAAJkeyQHEW4-yA-Eu79kYHDYXeznF",

Checklist

  • Title follows SDP-1234: Add new feature or Chore: Refactor package xyz format. The Jira ticket code was included if available.
  • PR has a focused scope and doesn't mix features with refactoring
  • Tests are included (if applicable)
  • CHANGELOG.md is updated (if applicable)
  • If contracts changed, run the Contract WASM Artifacts workflow and open a PR to update the WASMs on dev
  • CONFIG/SECRETS changes are updated in helmcharts and deployments (if applicable)
  • Preview deployment works as expected
  • Ready for production

@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 15:23 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 15:23 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 15:23 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 15:23 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 15:26 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 15:26 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho changed the title [SDP-2009] Add endpoint for fetch captcha config SDP-2009: Add endpoint for fetch captcha config Feb 11, 2026
@stellar-jenkins
Copy link

stellar-jenkins commented Feb 11, 2026

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr1052.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr1052.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr1052.previews.kube001.services.stellar-ops.com

@JiahuiWho JiahuiWho marked this pull request as ready for review February 11, 2026 15:29
Copilot AI review requested due to automatic review settings February 11, 2026 15:29
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 11, 2026
View reviewed changes
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a public endpoint to expose CAPTCHA configuration to the frontend and updates password-reset flow to respect organization-level CAPTCHA disablement (not just env-level flags), as part of reCAPTCHA v3 support.

Changes:

  • Add GET /organization/captcha-config to return CAPTCHA type and whether CAPTCHA is disabled for a given organization.
  • Update forgot-password handler (and tests) to use IsCAPTCHADisabled() for org-level override behavior.
  • Adjust dev/testnet configuration and document the change in CHANGELOG.md.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
internal/serve/validators/recaptcha_v3.go Adds debug prints during v3 verification flow.
internal/serve/serve.go Registers new /organization/captcha-config route.
internal/serve/httphandler/forgot_password_handler.go Uses org-aware CAPTCHA disablement checks in validation + execution.
internal/serve/httphandler/forgot_password_handler_test.go Updates unit test to pass context and set org-level CAPTCHA flag in DB.
internal/serve/httphandler/captcha_config_handler.go Implements the new public handler resolving tenant + org-level CAPTCHA flag.
internal/serve/httphandler/captcha_config_handler_test.go Adds handler test coverage for missing org name, unknown org, and override behavior.
dev/env-config-testnet.js Updates testnet RECAPTCHA site key used by the dev frontend config.
dev/docker-compose-sdp.yml Exposes CAPTCHA_TYPE env var in local docker-compose.
CHANGELOG.md Adds entry for the new endpoint.

@JiahuiWho JiahuiWho force-pushed the sdp-2009-add-public-endpoint branch from 3132636 to a77093b Compare February 11, 2026 15:35
@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 15:35 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 15:35 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Feb 11, 2026

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr1052.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr1052.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr1052.previews.kube001.services.stellar-ops.com

@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 18:32 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 18:32 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Feb 11, 2026

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr1052.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr1052.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr1052.previews.kube001.services.stellar-ops.com

@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 11, 2026 18:56 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 11, 2026 18:56 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Feb 11, 2026

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr1052.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr1052.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr1052.previews.kube001.services.stellar-ops.com

marwen-abid
marwen-abid reviewed Feb 11, 2026
View reviewed changes
@JiahuiWho JiahuiWho temporarily deployed to Internal SEP Tests February 12, 2026 19:28 — with GitHub Actions Inactive
@JiahuiWho JiahuiWho had a problem deploying to Receiver Registration - E2E Integration Tests (Stellar) February 12, 2026 19:28 — with GitHub Actions Failure
@stellar-jenkins
Copy link

stellar-jenkins commented Feb 12, 2026

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr1052.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr1052.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr1052.previews.kube001.services.stellar-ops.com

@JiahuiWho JiahuiWho had a problem deploying to Receiver Registration - E2E Integration Tests (Stellar) February 12, 2026 19:34 — with GitHub Actions Failure
@JiahuiWho JiahuiWho temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) February 12, 2026 19:37 — with GitHub Actions Inactive
philipliu
philipliu reviewed Feb 12, 2026
View reviewed changes
dev/docker-compose-sdp.yml
SEP10_CLIENT_ATTRIBUTION_REQUIRED: ${SEP10_CLIENT_ATTRIBUTION_REQUIRED:-true}
DISTRIBUTION_PUBLIC_KEY: ${DISTRIBUTION_PUBLIC_KEY}
DISTRIBUTION_SEED: ${DISTRIBUTION_SEED}
CAPTCHA_TYPE: ${CAPTCHA_TYPE:-GOOGLE_RECAPTCHA_V2}
Copy link
Contributor

@philipliu philipliu Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

V3 is a lot less annoying. That could be the default?

Copy link
Contributor

@philipliu philipliu Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also wondering if we need to touch the other Docker Compose files or the .env.example.

Copy link
Contributor Author

@JiahuiWho JiahuiWho Feb 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. I was thinking of handling it in a separate PR. If we’re making v3 the default, we should update all at once (CAPTCHA_TYPE defaults, the wizard script, README etc). Also note there's no public test keys for v3 , we also need to throw error if user try to enable reCAPTCHA when no site key is provided

  2. All the other docker files don't reference any CAPTCHA vars at all so no need to change.

@JiahuiWho JiahuiWho merged commit f7efd7e into develop Feb 12, 2026
17 of 19 checks passed
@JiahuiWho JiahuiWho deleted the sdp-2009-add-public-endpoint branch February 12, 2026 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marwen-abid marwen-abid marwen-abid left review comments

@philipliu philipliu philipliu approved these changes

Copilot code review Copilot Copilot left review comments

Assignees

@JiahuiWho JiahuiWho

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JiahuiWho @stellar-jenkins @marwen-abid @philipliu