diff --git a/JOURNAL.md b/JOURNAL.md
index 31922c6..2bbebe4 100644
--- a/JOURNAL.md
+++ b/JOURNAL.md
@@ -1180,4 +1180,34 @@ Die Session-Daten werden erst gefüllt, wenn der License Server API implementier
- ✅ OCSP Stapling aktiviert
- ✅ Chrome Sicherheitswarnung behoben
-**Hinweis:** Nach dem Rebuild des nginx Containers wird die Verbindung als sicher angezeigt.
\ No newline at end of file
+**Hinweis:** Nach dem Rebuild des nginx Containers wird die Verbindung als sicher angezeigt.
+
+## 2025-06-08: CAPTCHA-Login-Bug behoben
+
+**Problem:**
+- Nach 2 fehlgeschlagenen Login-Versuchen wurde CAPTCHA angezeigt
+- Da keine CAPTCHA-Keys konfiguriert waren (für PoC), konnte man sich nicht mehr einloggen
+- Selbst mit korrektem Passwort war Login blockiert
+- Fehlermeldung "CAPTCHA ERFORDERLICH!" erschien immer
+
+**Lösung:**
+1. **CAPTCHA-Prüfung nur wenn Keys vorhanden:**
+ - `recaptcha_site_key` wird vor CAPTCHA-Prüfung geprüft
+ - Wenn keine Keys konfiguriert → kein CAPTCHA-Check
+ - CAPTCHA wird nur angezeigt wenn Keys existieren
+2. **Template-Anpassungen:**
+ - login.html zeigt CAPTCHA nur wenn `recaptcha_site_key` vorhanden
+ - Kein Test-Key mehr als Fallback
+3. **Konsistente Logik:**
+ - show_captcha prüft jetzt auch ob Keys vorhanden sind
+ - Bei GET und POST Requests gleiche Logik
+
+**Änderungen:**
+- `v2_adminpanel/app.py`: CAPTCHA-Check nur wenn `RECAPTCHA_SITE_KEY` existiert
+- `v2_adminpanel/templates/login.html`: CAPTCHA nur anzeigen wenn Keys vorhanden
+
+**Status:**
+- ✅ Login funktioniert wieder nach 2+ Fehlversuchen
+- ✅ CAPTCHA wird nur angezeigt wenn Keys konfiguriert sind
+- ✅ Für PoC-Phase ohne CAPTCHA nutzbar
+- ✅ Produktiv-ready wenn CAPTCHA-Keys eingetragen werden
\ No newline at end of file
diff --git a/backups/backup_v2docker_20250607_232845_encrypted.sql.gz.enc b/backups/backup_v2docker_20250607_232845_encrypted.sql.gz.enc
new file mode 100644
index 0000000..5bd7742
--- /dev/null
+++ b/backups/backup_v2docker_20250607_232845_encrypted.sql.gz.enc
@@ -0,0 +1 @@
+gAAAAABoRMst_s_I9DGKyjVegtWJajCPHP6PJWBJD2lwZwFOJBbrMzKO01UB8ITDZpaTWygf0Bp9OpiDXGhLDtUP01eeqaWVXs_oNrN9zCR4Uap3ZgQdlMwqiYKfAs7v75l9gJftKn5ibAKeZ1tKLh7XMpPdyDrZ73Uen_4QQw6IOFV6qOruJsLy2ulW2ZxseC81ZfPVEUPHAmFUT8GieeS5tuM7TXc9TfQcqz4ahY8imZjx33GCXsNOEPW0oYdc-qF56KWe75xSZvGbuq_OoaHzFf1RmeQzHd5KhJkXvXjDEyYu3UC_c1xd21A9zIFmO3k6iCD8me05m8L-q6oI1N2gxS8hEG--16XJL00vKlSLl3FCtqeky9PgQxMYdVlzU77AFxkk0gaHUtFU67gl676SDRi9DlpLyJYXSiQSmt-uLGak80eDVGCIdF71wyCy0fZoJah2ZSWCYBjK72KfQI_-lpQCrbV44QbEwiaJkh8rPMMiGK6Df2pzUNUpOBFKCXdC5Hd-oz77iwfb0ErtcLjtCtZKBk9jHIcWZvYtCn6Gjo3gubRlgbNhLJstrPA1rgpNJl4sK2_jL0gxUGaqOuoibfvYZtv5OWZz-11d3G7CPH8IxHw49XQRbuKfgDWpJ0nB2EDVU0C_SkUb3UvlddogLnaHaJWvum0BQIganZYB6aZvTz7lbmz9CrEDAKDXzz8TXfBybAf9tO7IajH08or_2R1FmEq0GnKJo6bfMqChcfu4iuxrlnqia-W214_WNnIRQJqwONFc1JjzwYw0A5WojgATjZe-fwuDi9k8N9xjCIOIBPHenyhw1OgwAz8CvyEht3M3JoR8iOhjdjAtQfbNbbwt5csA_XdcwrbjLKuIe8io_xCCuGHwP8OHbNXqFSN8bohE6wA5tk9420gix_AgL56CXbjvNVtDAjEbXTnedew_cv2N4jXqR47bMcgEREzhNrTyIgHumcvT9-nQCBzsmDW8TYzrJW51XNnC_al2RWXhZM1zGjuYo2VyRlqKxM2lcOgx-A6HLZZLjIsooUT7sv06HNS11173tFnxXVmtIWk5UhtCb7iKZdlMeSUDIR4vV9JIpe6HNp1ECV_KznwOYY7oH9bRkg5rHKKquhqb_9XvqLPQZ06n2Qe60U2n31gvdNnnG7-ppgRPycBXq_b0EnGP1homNxGdLlsrTflYjzh8MBjEE-K38qm4yVKwcit7eB4jhzDNSKWIQWgohFxdrScbAu0cImbMCqytLYWhE6eMTBwTXr2c3WfhWBwzIwsWa7skfV2M192OqSX9g0YlfRmPZHXy-KvvJINYLt7eEVY3d7hKSfvc7yV__ux0E3-hNhCQgc9eSnzkP99gggMWAgxl0mzEo7iLtsbMeWv9n_IBD9vzfefrvTh5NxJlroR5MZNrucmMmI-KTfuzQyKO8xuN6UUUQmTQRiMq2Cqq1HJNw2SduZjO33ldlkDl6JVxT6HAWFo7smKUDkG0PHYSYa2mwtlVjDtkRvXkqieFrdX_IVLAAIaEGv7ROviTQVXvZmmcPoBFBvtgrV5xl9WNwmSPJAFI12xEM4xyRnf48Zs-V1pEAD450aXl2jkKFDcVekp6yBWcoek1kgPZblKK_B6t4Dwdc75s1KpTAc5U1lZWSVzl6_VtI4-pmvOTEPpVFfAST2m-m-TAZ2G8aFFxj0WenY_vhmC0oDsgUjs2LohtGQtO3s-7o21l3y07gt99PUYcm6x9E5crUeeWpZ3bAwQbaSS505QIr-Kcd6aJT2H4usb-5MYdjEyuUAs3P3AeD_AZa43s1b7bxAvWOhMip9LuPmNPVgnnjFWhmessn_XAmNxm7_1Tr8HkNIwtW-yRe0PPR0cRv-KY6uoAsWMlP3Utj7-C0uFU0gnZQlX9akbgf0S_7TJUa4KM9R4QIl7YZflW-B9EG0EXa08ZtQmiUOd9Myd1PfTm7Px0TFf-GWZFzb8OTgmyZi19iKpruJVM-gszT7v5oE5RcZImJtJG6wykXG6ayotEXO8axEhvVvrR0cAKNkTLt-H8TjCBIE3ToFkvI2slgZWS6b6rEApvFDSZlQu9-SjUqBu2JiLCDieXdGj1V2O25fnVlqMk0PkSRBKOm9M-Pt7bxzOpSRNYbdpzjmDEW-mnXxdaxo_3pqojrN--ClDlnjGqxaCafz6B_H3S9vrTGj6CileqHNCtNDZ7vSlfNebWMLHitYZHFkH0dcaRrQW0aWICaLYYKiAqr0PQUuUuRvYEFn270qsI9uQ1MdQ40nFHyg1q5dxVGCbivmNO4dp1cTtSqYMb2Ic43VG5HHG8N3DTXWV1QTm_4uGWbHwrdZbRLxI6e7znzybEHgkoWE79vpkvaA8cp1KXt2XZj74uevUlcsNv0cc4qsEU3PGlYotTombP-JYo9us0G1QGP7NdRMx5IjM6G48DMPS-rVlcOotXN0FoeclabJhzCH_sQeSbT2elzg-3DbXSFPvCezz1vOr1EpRHSa-MIeeOK5QWFQeIP8PWAQXbLbNn4Gf0UPWCjUQyzDohXPDXUZCA100JPzLxEjoCyhIPM3TZ9RHdh1MEdG7nLjnpASKOOPG5vLMjuuAZo1w-NGfgyUDdLGW_h5m3RkJU6aLQoJR9kji1d4fyUSqohMiNfAhBNa6HaQfkaORvKFKgL016-HxgloUvpNyVe22R9GUaCxbyrF4fBpSlOCMVIRwkQZlXfsSDA70Jrsh04dJyCk47uxsGD-_0paiUohj9wYui9TYoTfXd-1PIZqZ_4rPsn6eNQJvAGeOfD7SlZn5oJpV_tXF9q67aQgy-WKwkE7bsy1Hj3eOmWOZ_4ZtI2PiA7EVxGpZk_nf2vgl5K-e3rl-3RjltT2kdo0zDui2-hS575aebTVxwR3wVHejy13tJcPl8lq4YhjUACX1dGlMyvq_j18ChmRNFecqIY2t4oS1Eu9QGjI3kpL9Q52UYhF9JjbwRnvHO4hi2vad7XAB_g59l2d3YSBAMq1fi108EW8GYYfP_5vWXJdry8d4E2hXDT0_fkPN7z0DpKyej5QdEEWZYVwMTxKttGhJZdNLLyr18e-LnCqZQvIvHfHp-K2prpPQfrZKP6HcBWeVEugo0IRW5QrhY5SwcqueZcmcoylnCYIc4nTJ6cCb5wIdueBR67KvgDUw_53BZo4-Zgxk0gIjAAHOugzitIFkW6BsAaRKNTWEKW96RlrH7x2wL9dErUPlS-2EX0x5wHTalrJLDPIGJUxkLp5K3Z0UbSb0PbOJlyM9YsZ8doFQxoQXoB8twMEUzeHQbxZ34QDtr63EZIuaRz9CpHKYHYYRUf0Vv_j2b92x5k6suAGW9rPFBdIYMLF8hx9MiKUgngnopQV_sIw4m2QX-nGjlq81zzQZtpTtDsFqSySfFwgop4U32oAqR3rZeeLL2MseAOB-Tg_-2RLSyF0Oc2qgf4UzNugfzehne5JgsADW0ePnAzoT9H8HT8RvLM9gQZdZJzMBNVPH1Nea0YmYpPglp0p2y0JeusODH-Wwk6_dlDoIBfNyqdYphitU6AKRkB-Lj64B7WlO5Y6MS20dsClbdA2jSlve05lXWnCHW07Lga513Z99IzGSHZkUHUUJnpb2NzhwQEYpd46Nv31rExSelnuSYP5YIgjK3eIxuEy4NGzco5c_mecgh-robPmOfZVXjuzjTJlw2p2wMTMVxvkwOn77ObAjkZVJfIJBacTvror7yb0k1umkkAEgSRWGjLUQNLdYSwAIMKWI63WuFyUP63ddkLQrnDR6vcWOOaD5e_mT_Je6_7tN-rq6OkfbqLv9cffmuW5YmLG6id3IqUi4Pw2QkV1L0AwnEvOTiAAeyFPfU-SIIN5aO0cdpOyGOFq8FFB8eG9UPRSfQg-LOyCluQDRvmy0_Oc3zEXBT5QOsjOl13mJNYoBF2KEOU_hRgUHqgztqD-rMJ-ytAXnedXnROnoXK5oVUzOiAvx1gHFC1r7ozdDjiiIKZFiHAD2FI-atxY60a_gkyluyf7t5lL4Q9CuHRXCzKGDEmDHbwHDC4WYy_heEK7RvN2Tr8aYEWYqV4tC6-H55UgnEuIKYJlq1X9-wBHe_iOYm_xCd7rJoFpQNPjC9FMr6xjwTCH_8iltOidw4C0jwKZ655jl596GYkvA2w070rZPfKJhuq4e1pSX5kzkrshLXCzkiH8TGykaq_HhRWRHEM3Tp2symFyBPNBL4cU2_RBhp6Io304dWRl5A18u-3qWUb5Zj4TjSHWEYCaSdbf7tTFreX_mV4O_lBa1wdTptmT8pcWKTLw6GoGQRmBWjXsIoI0NdN4HZsgaY1lsyi-Gg9uWFnRFh23JjhOGNP-39o0eRLizJBtEMQu8XvZfRXasILDY4qa6vnuwjr4rAz6-ZY_KGbCzH6We4JZmT8h155iH445gwoduhA683uLH8A4gyDjr8oSatjAZsbzbnj1m3UcsOJdpgRg-WzCdb5yfHjIEb9TfYoU0StwlNT46MnowCXMwVyjNbjP5t4icrm303nLCTY5J3XFaCL_LWokK0boivSCYqF8Cca0yx7uFmLgmBGVP4lARgMmDk7DGq6ZxjgEUa-kVQn8leR2dDy1uLOx0Lcayi-fBNHLwRjuwtZgEhs17hLNV63BhCpy5MmHSg9NV2VUVOSTebDyRIqpAZ2YgPC59fKKiwX4nLUxetpfv4e1pgSPbsy2o6ETzQEWrz71My6JUD1Vz0BKWlHGWVoWXlJm6eJmonpSyipM2Sr9RBsq839T2zyg6CgOxOrbXYYYBSOBAy1XMM2XrhYoXWQO9EhLR6voiNCp0-DyXG0niq5aswGQzr4vBHEfr24le-vxD0Zg6TnItinQsuIdgfa6zaUZxDF-vSwRutPaEI4g1-9xVuNpQ6ysvB7P42tlIDiZBtDwroal5dCnnFqB8BoDIsmmpC3VAB6YbGjU5Urs8gPupjQF-uCU6iUD8ejFiE4IfUUX6tJOHwt1RN9ta9kROfjhijGlytIJBo_bAnf4Rqe-6kkZzYbO2P9pYrqgl60sNrEKUOuwrOV7L4fy6NXbIowdtqKmkIpxJRJKtMR_hojSaMCuQM_BzUCKBO2-yLsYhSXA6OXWOZRJPjDCeE5RODmtMCOYHyuPZXDVRNZeaEARl6fYRaXKNaf6I1eJfJoSso92di8h65qviCvnsMtpvymYbYz6rt-TY-5_GwX-aAZh8mNiisXkneu40mBKua4ejVYISnDEe7Wb9rLZH2DTPlQsy9i4TsfVV1fEB3eWeOBuhFJZOcGk4Yn1ZlfqOkBKMtBQKaoDYPFwiK4YG2hR4agvDe-4C2uBYyV486zvEhThsFpXnzmJthjfDqZwApRlLtx-WYI8XhUU2mtDNvfk7-U3fBgQUdtMkkxTKSSyFUw1TCIl9nHZuqJKVXU6sED6FNsNfs3uUvaR_ITjN_FStNuxnOtQ050RW-YJIN0shOC3ZwGS9L6bSCfUcUi73DtCiIya-fHmWhvI7p62LfKKTPHXtQnoLmdMDkO659FfKNp4XaphEX5DMf5uzWbYjjIAfY5G5Bxo9_67ME2nNVEQNoC-8aO2qaSYFUpwU_WuCiNXi5dJ19DYdOlBelGYexYMffJKpLd26wqmhCCgo0zSoyw6ccsTIFMxyOSc9_MeOajksaE8iIN6Cg6g2ettCSI8amiR_n06e43MXy6hEzFEfvc2a6zvctseVoZL76yW9KbLqjPApjnlHK4FBNA5cECS8tnYRIo39cpZNF3h6cvkB2VBRb1TohTTlzm4CQOdhzc406adc4qvUYEiTD4LJ_OJyccbM9nMKRELVRwTJS54AYR4Z7OsTjUNx423Cy5umPLFjy53h3nm_KMRFoQI3e6XRf9p8Iun_7s9pw_hsY6iGqoBHbgH_0hRdK14EMx1by6RpKAPFKI2hd67Cmth208PglcqpC1EpKNTnGOEQkVRzauDqN2OCdmdRLPGj6QKwh0QJBgORZEiqXC5BGPin-9Or1c0yNVeLgg_u5t8rj2IhK9dDr66UZ4g3jjPk9L2o1-JSc7sDuY3x-xAeuVIw3yXiRLSQ8RBoPDcA4whIne_r-m0AepHz1bF5NI7ZOSUla1agLzv0vn8dLOWBZH1AX8qtRYrYoSAe95Eoiz-tYM1DeapD74qQqyNSQb4rbzVzWyNb3jGnNkut-K-h45n42mgyu5uedjm0RqbrE64u8ZVjKPdOJY03uJpSYNtVSt9Y92OMyrBPyTC6C2zcFDnFeAq6XICZmbf6BObRKz-D9c2Rk1bzKehR250J4D5zOYp1B4t6T3QYKb61y3ZKDDJAywj9eYjvQtWilo0aEUY0hCmGkEi4ZKZ8vDEL4StE3IQKAM17WFXDc6hlK0x6Olu1xYr-hkGGH8yDjSJP1lXJM5abb025uSVUUJNYMHKaCwRHOQ11-5eDQKXdWx4xqaj2-3AnFl5OB_pVoXJolUvrg6vkgNNlmrQvAMwohhpNfOBy1-3AAkMd0IBNlREiIUBzNvJSsBP6fJiaw4HCtq0TO7iiRd2INdgXjyaQANHSH88cUJjX1dJXAqxYW80Of0nac7JpIRbhuco01Ui4g8RIOI3MKBxWwzqWwiJLHiSbAOvvWAe7zQJ-_iLsIILoiKxcyK4QGUwcR4oUJfsRDa2ylNc8_PfjIWqtthqDMvokA0UxuZ3f0bggebsgy48VN90k6fX1sLU1GzbW61w-9LGAe0_I3T1bbQbwncncQ2X1_2s1fHQUuNkaCkTuUJr1x7esW1byYmj8Oo9YpXrixis4mH_gP8B3bfqixMkWl8nhnwKd-gY7oUyS73L-4GUC57J8iC1Sm8XqpxCjVrJP0v9T5g-yDpwLI4enk53_slwFnCuiqurTzWflYLN2_O0FWSxZ-Q0MpMCMCSHEUnHP0LI0NYoPNOCau5ypI5ZlMMrR25I_p80pHTM8fxrsmiArZkz-0EpVGSh2WC8vsd3qipuMRDCNqNLVkbrIo7AV2wSkX7uhYFwOyn2EHMmkQM_f8AjTRaDgPl3CaXN8oMk_8xHFuuRTdmSG6lNB6YAgFS6449C1WA2e5EY-BJo51eKsbp0M-2uLiR3php7g2hQjAvjUn5tZP3RNqwFzk
\ No newline at end of file
diff --git a/v2_adminpanel/app.py b/v2_adminpanel/app.py
index d1142df..c5f74e9 100644
--- a/v2_adminpanel/app.py
+++ b/v2_adminpanel/app.py
@@ -618,8 +618,9 @@ def login():
password = request.form.get("password")
captcha_response = request.form.get("g-recaptcha-response")
- # CAPTCHA-Prüfung wenn nötig
- if attempt_count >= CAPTCHA_AFTER_ATTEMPTS:
+ # CAPTCHA-Prüfung nur wenn Keys konfiguriert sind
+ recaptcha_site_key = os.getenv('RECAPTCHA_SITE_KEY')
+ if attempt_count >= CAPTCHA_AFTER_ATTEMPTS and recaptcha_site_key:
if not captcha_response:
# Timing-Attack Schutz
elapsed = time.time() - start_time
@@ -630,7 +631,7 @@ def login():
show_captcha=True,
error_type="captcha",
attempts_left=max(0, MAX_LOGIN_ATTEMPTS - attempt_count),
- recaptcha_site_key=os.getenv('RECAPTCHA_SITE_KEY'))
+ recaptcha_site_key=recaptcha_site_key)
# CAPTCHA validieren
if not verify_recaptcha(captcha_response):
@@ -643,7 +644,7 @@ def login():
show_captcha=True,
error_type="captcha",
attempts_left=max(0, MAX_LOGIN_ATTEMPTS - attempt_count),
- recaptcha_site_key=os.getenv('RECAPTCHA_SITE_KEY'))
+ recaptcha_site_key=recaptcha_site_key)
# Check gegen beide Admin-Accounts aus .env
admin1_user = os.getenv("ADMIN1_USERNAME")
@@ -685,14 +686,14 @@ def login():
return render_template("login.html",
error=error_message,
- show_captcha=(new_attempt_count >= CAPTCHA_AFTER_ATTEMPTS),
+ show_captcha=(new_attempt_count >= CAPTCHA_AFTER_ATTEMPTS and os.getenv('RECAPTCHA_SITE_KEY')),
error_type="failed",
attempts_left=max(0, MAX_LOGIN_ATTEMPTS - new_attempt_count),
recaptcha_site_key=os.getenv('RECAPTCHA_SITE_KEY'))
# GET Request
return render_template("login.html",
- show_captcha=(attempt_count >= CAPTCHA_AFTER_ATTEMPTS),
+ show_captcha=(attempt_count >= CAPTCHA_AFTER_ATTEMPTS and os.getenv('RECAPTCHA_SITE_KEY')),
attempts_left=max(0, MAX_LOGIN_ATTEMPTS - attempt_count),
recaptcha_site_key=os.getenv('RECAPTCHA_SITE_KEY'))
diff --git a/v2_adminpanel/templates/login.html b/v2_adminpanel/templates/login.html
index 7d430ed..f98cd96 100644
--- a/v2_adminpanel/templates/login.html
+++ b/v2_adminpanel/templates/login.html
@@ -100,9 +100,9 @@
- {% if show_captcha %}
+ {% if show_captcha and recaptcha_site_key %}
-
+
{% endif %}
@@ -118,7 +118,7 @@
- {% if show_captcha %}
+ {% if show_captcha and recaptcha_site_key %}
{% endif %}