Gate Continuwuity ReCAPTCHA config on both keys being configured

Continuwuity has no native enable-captcha toggle; it enables the ReCAPTCHA registration flow based on the presence of a private site key. The playbook previously always rendered empty `recaptcha_site_key`/`recaptcha_private_site_key` values, which made Continuwuity enable a broken captcha flow and break registration in some clients. The keys are now only rendered when both are configured, gated by a derived `matrix_continuwuity_recaptcha_enabled` flag in the role's `vars/main.yml`. A consistency check fails the play when exactly one of the two keys is set. Fixes #5329 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 15:00:04 +03:00 · 2026-06-19 05:24:06 +02:00
parent 914dd3ed62
commit 19bcdc78fd
4 changed files with 22 additions and 1 deletions
@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2025 MDAD project contributors
 # SPDX-FileCopyrightText: 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

@@ -190,7 +191,9 @@ matrix_continuwuity_config_turn_password: ''
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_continuwuity_self_check_validate_certificates: true

-# If set, registration will require Google ReCAPTCHA verification.
+# Configuring both of these settings makes registration require Google ReCAPTCHA verification.
+# Both must be set together (or both left empty). Setting only one of them is a configuration error.
+# When both are set, ReCAPTCHA gets enabled automatically (see `matrix_continuwuity_recaptcha_enabled` in `vars/main.yml`).
 matrix_continuwuity_config_recaptcha_site_key: ''
 matrix_continuwuity_config_recaptcha_private_site_key: ''