MAPG-242 add captcha validation for password reset

src/Controller/LoginController.php

@@ -19,6 +19,7 @@ use MapGuesser\Repository\UserRepository;
 use MapGuesser\Response\HtmlContent;
 use MapGuesser\Response\JsonContent;
 use MapGuesser\Response\Redirect;
+use MapGuesser\Util\CaptchaValidator;
 use MapGuesser\Util\JwtParser;
 
 class LoginController
@@ -285,6 +286,18 @@ class LoginController
             return new JsonContent($data);
         }
 
+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
         if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
             return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]);
         }
@@ -455,6 +468,18 @@ class LoginController
             ]);
         }
 
+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
         $user = $this->userRepository->getByEmail($this->request->post('email'));
 
         if ($user === null) {

views/login/password_reset_request.php

@@ -1,3 +1,5 @@
+@js(https://www.google.com/recaptcha/api.js)
+
 @extends(templates/layout_normal)
 
 @section(main)
@@ -5,6 +7,11 @@
     <div class="box">
         <form id="passwordResetForm" action="/password/requestReset" method="post" data-redirect-on-success="/password/requestReset/success">
             <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= isset($email) ? $email : '' ?>" required autofocus>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
             <p id="passwordResetFormError" class="formError justify marginTop"></p>
             <div class="right marginTop">
                 <button type="submit">Continue</button>

views/login/signup.php

@@ -1,3 +1,4 @@
+@js(https://www.google.com/recaptcha/api.js)
 @js(js/login/signup.js)
 
 @extends(templates/layout_normal)
@@ -15,6 +16,11 @@
                 <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
                 <input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" minlength="6">
             <?php endif; ?>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
             <p id="signupFormError" class="formError justify marginTop"></p>
             <div class="right">
                 <button class="marginTop" type="submit">Sign up</button><!--