Skip to content

Commit 1727cd0

Browse files
tdonohuetdonohue
authored
Merge pull request #307 from the-library-code/request-a-copy-secure-links_main
Request-a-copy: ALTCHA challenge endpoint doc
2 parents 2558da8 + 0c8b2b1 commit 1727cd0

File tree

2 files changed

+42
-0
lines changed

2 files changed

+42
-0
lines changed

captcha.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# Captcha Endpoints
2+
[Back to the list of all defined endpoints](endpoints.md)
3+
4+
## Main Endpoint
5+
**/api/captcha**
6+
7+
Not allowed. At this time, only the `challenge` endpoint is available.
8+
9+
## Retrieve a challenge from the (ALTCHA) captcha service
10+
**/api/captcha/challenge**
11+
12+
If the captcha provider is enabled and configured to be 'altcha', this endpoint will return a challenge for the browser to complete as proof-of-work.
13+
14+
This is not an addressable HATEOAS object, or endpoint, but rather a JSON object that is meant to be consumed and processed in the browser.
15+
16+
The JSON body will contain the algorithm, salt, signature, and challenge. An example is below:
17+
18+
```json
19+
{
20+
"algorithm": "SHA-25",
21+
"salt": "dcf5eba26e",
22+
"challenge": "0d8dd34089fdd610bd9a8857ea1fa4a5f9fe4b53f5df0c4e1eff6dc987c4d2bf",
23+
"signature": "dfe4ec56f3d61e3a021b1c3b3ea4c7d6aea9812ab719ffe130fd386ce0b4158c"
24+
}
25+
```
26+
27+
An example curl call:
28+
```
29+
curl -i https://demo.dspace.org/server/api/captcha/challenge
30+
```
31+
32+
For more information about ALTCHA challenge creation, see: https://altcha.org/api/operations/createchallenge/
33+
34+
The final result of the work is not submitted to this endpoint, but instead included with form data submitted in the captcha-protected form, for final verification and validation.
35+
36+
This endpoint does not relate to Google ReCaptcha, which calls 3rd party services directly from the frontend for captcha validation)
37+
38+
Return codes:
39+
200 OK - if the operation succeeded and the JSON body is returned
40+
400 Bad Request - if the captcha provider is not enabled or configured to be 'altcha', or the algorithm is not supported
41+
500 Internal Server Error - if the challenge or hmac hash cannot be calculated

endpoints.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
* [/api/authn/login](authentication.md#Login)
2222
* [/api/authn/logout](authentication.md#Logout)
2323
* [/api/authn/status](authentication.md#Status)
24+
* [/api/captcha/challenge](captcha.md)
2425
* [/api/config/harvestermetadata](harvestermetadata.md)
2526
* [/api/config/submissiondefinitions](submissiondefinitions.md)
2627
* [/api/config/submissionsections](submissionsections.md)

0 commit comments

Comments
 (0)