Ignore g-recaptcha-response in user profile validation

Signed-off-by: alexagc <alexcanal@gmail.com>
keycloak · May 2, 2024 · 5e00fe8 · 5e00fe8
1 parent 26eaa4f
commit 5e00fe8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/services/src/main/java/org/keycloak/authentication/forms/RegistrationPage.java b/services/src/main/java/org/keycloak/authentication/forms/RegistrationPage.java
@@ -42,6 +42,7 @@ public class RegistrationPage implements FormAuthenticator, FormAuthenticatorFac
     public static final String FIELD_USERNAME = "username";
     public static final String FIELD_LAST_NAME = "lastName";
     public static final String FIELD_FIRST_NAME = "firstName";
+    public static final String FIELD_RECAPTCHA_RESPONSE = "g-recaptcha-response";
     public static final String PROVIDER_ID = "registration-page-form";
 
     @Override
@@ -83,6 +84,7 @@ public boolean isConfigurable() {
             AuthenticationExecutionModel.Requirement.REQUIRED,
             AuthenticationExecutionModel.Requirement.DISABLED
     };
+
     @Override
     public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
         return REQUIREMENT_CHOICES;

diff --git a/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java b/services/src/main/java/org/keycloak/authentication/forms/RegistrationUserCreation.java
@@ -247,6 +247,8 @@ public String getId() {
     private MultivaluedMap<String, String> normalizeFormParameters(MultivaluedMap<String, String> formParams) {
         MultivaluedHashMap<String, String> copy = new MultivaluedHashMap<>(formParams);
 
+        // Remove google recaptcha form property to avoid length errors
+        copy.remove(RegistrationPage.FIELD_RECAPTCHA_RESPONSE);
         // Remove "password" and "password-confirm" to avoid leaking them in the user-profile data
         copy.remove(RegistrationPage.FIELD_PASSWORD);
         copy.remove(RegistrationPage.FIELD_PASSWORD_CONFIRM);