Disable login captcha if backend has no captcha secret (#5288)

* Add /_internal/globals route

* Don't show login captcha if backend claims it's disabled

* try to re-add tombi

* typos

* Assume captcha enabled if globals route is unreachable

* Prepare frontend fixes

apps/frontend/src/pages/auth/reset-password.vue

@@ -22,9 +22,13 @@
 					/>
 				</div>
 
-				<HCaptcha ref="captcha" v-model="token" />
+				<HCaptcha v-if="globals?.captcha_enabled" ref="captcha" v-model="token" />
 
-				<button class="btn btn-primary centered-btn" :disabled="!token" @click="recovery">
+				<button
+					class="btn btn-primary centered-btn"
+					:disabled="globals?.captcha_enabled ? !token : false"
+					@click="recovery"
+				>
 					<SendIcon /> {{ formatMessage(methodChoiceMessages.action) }}
 				</button>
 			</template>
@@ -158,6 +162,15 @@ if (route.query.flow) {
 
 const captcha = ref()
 
+const { data: globals } = await useAsyncData('auth-globals', async () => {
+	try {
+		return await useBaseFetch('globals', { internal: true })
+	} catch (err) {
+		console.error('Error fetching globals:', err)
+		return { captcha_enabled: true }
+	}
+})
+
 const email = ref('')
 const token = ref('')