Merge pull request 'feature/MAPG-242-add-captcha-for-signup-and-password-reset' (!54) from feature/MAPG-242-add-captcha-for-signup-and-password-reset into develop

Reviewed-on: https://gitea.e5tv.hu/esoko/mapguesser/pulls/54
2022-05-26 18:47:46 +02:00 · 2022-05-26 18:47:46 +02:00 · c7eb1d8161
commit c7eb1d8161
parent 6014e4517a cc19d454fa
5 changed files with 59 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -21,3 +21,5 @@ MULTI_INTERNAL_PORT=5000
 MULTI_WS_URL=mapguesser-dev.ch:8090
 MULTI_WS_PORT=8090
 ENABLE_GAME_FOR_GUESTS=0
+RECAPTCHA_SITEKEY=your_recaptcha_sitekey
+RECAPTCHA_SECRET=your_recaptcha_secret
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@ -19,6 +19,7 @@ use MapGuesser\Repository\UserRepository;
 use MapGuesser\Response\HtmlContent;
 use MapGuesser\Response\JsonContent;
 use MapGuesser\Response\Redirect;
+use MapGuesser\Util\CaptchaValidator;
 use MapGuesser\Util\JwtParser;

 class LoginController
@ -285,6 +286,18 @@ class LoginController
            return new JsonContent($data);
        }

+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
        if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
            return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]);
        }
@ -455,6 +468,18 @@ class LoginController
            ]);
        }

+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
        $user = $this->userRepository->getByEmail($this->request->post('email'));

        if ($user === null) {
--- a/src/Util/CaptchaValidator.php
+++ b/src/Util/CaptchaValidator.php
@ -0,0 +1,19 @@
+<?php namespace MapGuesser\Util;
+
+use MapGuesser\Http\Request;
+
+class CaptchaValidator
+{
+    public function validate(string $response)
+    {
+        $request = new Request('https://www.google.com/recaptcha/api/siteverify', Request::HTTP_GET);
+        $request->setQuery([
+            'secret' => $_ENV['RECAPTCHA_SECRET'],
+            'response' => $response
+        ]);
+
+        $response = $request->send();
+
+        return json_decode($response->getBody(), true);
+    }
+}
--- a/views/login/password_reset_request.php
+++ b/views/login/password_reset_request.php
@ -1,3 +1,5 @@
+@js(https://www.google.com/recaptcha/api.js)
+
@extends(templates/layout_normal)

@section(main)
@ -5,6 +7,11 @@
    <div class="box">
        <form id="passwordResetForm" action="/password/requestReset" method="post" data-redirect-on-success="/password/requestReset/success">
            <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= isset($email) ? $email : '' ?>" required autofocus>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
            <p id="passwordResetFormError" class="formError justify marginTop"></p>
            <div class="right marginTop">
                <button type="submit">Continue</button>
--- a/views/login/signup.php
+++ b/views/login/signup.php
@ -1,3 +1,4 @@
+@js(https://www.google.com/recaptcha/api.js)
@js(js/login/signup.js)

@extends(templates/layout_normal)
@ -15,6 +16,11 @@
                <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
                <input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" minlength="6">
            <?php endif; ?>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
            <p id="signupFormError" class="formError justify marginTop"></p>
            <div class="right">
                <button class="marginTop" type="submit">Sign up</button><!--