From 226cae9afd4d0d27fb38ad162a26b7095ea0ab05 Mon Sep 17 00:00:00 2001
From: Michael Derynck <michael.derynck@grafana.com>
Date: Fri, 7 Feb 2025 12:34:10 -0700
Subject: [PATCH 1/3] chore: remove reference to recaptcha site (#5443)

---
 engine/settings/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/engine/settings/base.py b/engine/settings/base.py
index d5be922b..affb27fe 100644
--- a/engine/settings/base.py
+++ b/engine/settings/base.py
@@ -926,7 +926,7 @@ if IS_OPEN_SOURCE:
     }  # noqa
 
 # RECAPTCHA_V3 settings
-RECAPTCHA_V3_SITE_KEY = os.environ.get("RECAPTCHA_SITE_KEY", default="6LeIPJ8kAAAAAJdUfjO3uUtQtVxsYf93y46mTec1")
+RECAPTCHA_V3_SITE_KEY = os.environ.get("RECAPTCHA_SITE_KEY", default=None)
 RECAPTCHA_V3_SECRET_KEY = os.environ.get("RECAPTCHA_SECRET_KEY", default=None)
 RECAPTCHA_V3_ENABLED = os.environ.get("RECAPTCHA_ENABLED", default=False)
 RECAPTCHA_V3_HOSTNAME_VALIDATION = os.environ.get("RECAPTCHA_HOSTNAME_VALIDATION", default=False)

From 615e1521ce9ad71cacfaa95833984da2866e744a Mon Sep 17 00:00:00 2001
From: Vadim Stepanov <vadimkerr@gmail.com>
Date: Wed, 12 Feb 2025 17:48:37 +0000
Subject: [PATCH 2/3] Use a different GH secret to sign plugin (#5447)

related to https://github.com/grafana/irm/issues/455, the secret was
populated as part of
https://github.com/grafana/deployment_tools/pull/221022
---
 .github/workflows/on-release-published.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/on-release-published.yml b/.github/workflows/on-release-published.yml
index 75661ba6..0a1ea456 100644
--- a/.github/workflows/on-release-published.yml
+++ b/.github/workflows/on-release-published.yml
@@ -36,7 +36,7 @@ jobs:
         uses: grafana/shared-workflows/actions/get-vault-secrets@main
         with:
           repo_secrets: |
-            GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
+            GRAFANA_ACCESS_POLICY_TOKEN=grafana_cloud_access_policy_token:value
             GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher
       - name: Build, sign, and package plugin
         id: build-sign-and-package-plugin

From cdb2946b7018e628c53dfd80b69ae822fbc2ec57 Mon Sep 17 00:00:00 2001
From: Michael Derynck <michael.derynck@grafana.com>
Date: Fri, 14 Feb 2025 07:30:08 -0700
Subject: [PATCH 3/3] fix: disable recaptcha when site key is not set (#5451)

# What this PR does
Although recaptcha verification is disabled by default on the backend
for OSS installs, the plugin was still making use of the site key and
trying to load recaptcha. As that recaptcha site was removed this no
longer works. The updated plugin code will skip recaptcha verification
if it does not have a site key set.

## Which issue(s) this PR closes

Related to #5449

## Checklist

- [ ] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] Added the relevant release notes label (see labels prefixed w/
`release:`). These labels dictate how your PR will
    show up in the autogenerated release notes.

---------

Co-authored-by: GitHub Actions <actions@github.com>
---
 .../PhoneVerification/PhoneVerification.tsx   | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/grafana-plugin/src/containers/UserSettings/parts/tabs/PhoneVerification/PhoneVerification.tsx b/grafana-plugin/src/containers/UserSettings/parts/tabs/PhoneVerification/PhoneVerification.tsx
index 87dcff14..3e0fbd24 100644
--- a/grafana-plugin/src/containers/UserSettings/parts/tabs/PhoneVerification/PhoneVerification.tsx
+++ b/grafana-plugin/src/containers/UserSettings/parts/tabs/PhoneVerification/PhoneVerification.tsx
@@ -108,10 +108,7 @@ export const PhoneVerification = observer((props: PhoneVerificationProps) => {
         await UserHelper.verifyPhone(userPk, code);
         userStore.fetchItemById({ userPk });
       } else {
-        window.grecaptcha.ready(async function () {
-          const token = await window.grecaptcha.execute(rootStore.recaptchaSiteKey, {
-            action: 'mobile_verification_code',
-          });
+        async function start_verification(token) {
           await userStore.updateUser({
             pk: userPk,
             email: user.email,
@@ -121,20 +118,31 @@ export const PhoneVerification = observer((props: PhoneVerificationProps) => {
           switch (type) {
             case 'verification_call':
               await UserHelper.fetchVerificationCall(userPk, token);
-              setState({ isPhoneCallInitiated: true });
+              setState({isPhoneCallInitiated: true});
               if (codeInputRef.current) {
                 codeInputRef.current.focus();
               }
               break;
             case 'verification_sms':
               await UserHelper.fetchVerificationCode(userPk, token);
-              setState({ isCodeSent: true });
+              setState({isCodeSent: true});
               if (codeInputRef.current) {
                 codeInputRef.current.focus();
               }
               break;
           }
-        });
+        }
+
+        if (!rootStore.recaptchaSiteKey?.trim()) {
+          await start_verification(null)
+        } else {
+          window.grecaptcha.ready(async function () {
+          const token = await window.grecaptcha.execute(rootStore.recaptchaSiteKey, {
+            action: 'mobile_verification_code',
+          });
+            await start_verification(token);
+          });
+        }
       }
     },
     [