From a9269f8786033eecf0ad307c75f5717c5ab468a2 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 25 Jan 2022 13:54:11 +0100
Subject: [PATCH] Disable `registrations` flag in /api/v1/instance when CAPTCHA
 is enabled

This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
---
 app/serializers/rest/instance_serializer.rb | 6 +++++-
 config/locales-glitch/en.yml                | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/serializers/rest/instance_serializer.rb b/app/serializers/rest/instance_serializer.rb
index 48bbb55c8..94cc3ffe3 100644
--- a/app/serializers/rest/instance_serializer.rb
+++ b/app/serializers/rest/instance_serializer.rb
@@ -98,7 +98,7 @@ class REST::InstanceSerializer < ActiveModel::Serializer
   end
 
   def registrations
-    Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode
+    Setting.registrations_mode != 'none' && !Rails.configuration.x.single_user_mode && !captcha_enabled?
   end
 
   def approval_required
@@ -114,4 +114,8 @@ class REST::InstanceSerializer < ActiveModel::Serializer
   def instance_presenter
     @instance_presenter ||= InstancePresenter.new
   end
+
+  def captcha_enabled?
+    ENV['HCAPTCHA_SECRET_KEY'].present? && ENV['HCAPTCHA_SITE_KEY'].present? && Setting.captcha_enabled
+  end
 end
diff --git a/config/locales-glitch/en.yml b/config/locales-glitch/en.yml
index c96f21c92..9bd66c969 100644
--- a/config/locales-glitch/en.yml
+++ b/config/locales-glitch/en.yml
@@ -3,7 +3,7 @@ en:
   admin:
     settings:
       captcha_enabled:
-        desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns.
+        desc_html: Enable hCaptcha integration, requiring new users to solve a challenge when signing up. Note that this disables app-based registration, may prevent your instance from being listed as having open registrations, and requires third-party scripts from hCaptcha to be embedded in the registration pages. This may have security and privacy concerns.
         title: Require new users to go through a CAPTCHA to sign up
       enable_keybase:
         desc_html: Allow your users to prove their identity via keybase