Compare commits

...

2 Commits

Author SHA1 Message Date
cc19d454fa
MAPG-242 add captcha validation for password reset
All checks were successful
mapguesser/pipeline/pr-develop This commit looks good
2022-05-26 18:45:16 +02:00
241d2f2b30
MAPG-242 add captcha validation for signup 2022-05-26 18:41:26 +02:00
3 changed files with 38 additions and 0 deletions

View File

@ -19,6 +19,7 @@ use MapGuesser\Repository\UserRepository;
use MapGuesser\Response\HtmlContent; use MapGuesser\Response\HtmlContent;
use MapGuesser\Response\JsonContent; use MapGuesser\Response\JsonContent;
use MapGuesser\Response\Redirect; use MapGuesser\Response\Redirect;
use MapGuesser\Util\CaptchaValidator;
use MapGuesser\Util\JwtParser; use MapGuesser\Util\JwtParser;
class LoginController class LoginController
@ -285,6 +286,18 @@ class LoginController
return new JsonContent($data); return new JsonContent($data);
} }
if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
if (!$this->request->post('g-recaptcha-response')) {
return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
}
$captchaValidator = new CaptchaValidator();
$captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
if (!$captchaResponse['success']) {
return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
}
}
if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) { if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]); return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]);
} }
@ -455,6 +468,18 @@ class LoginController
]); ]);
} }
if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
if (!$this->request->post('g-recaptcha-response')) {
return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
}
$captchaValidator = new CaptchaValidator();
$captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
if (!$captchaResponse['success']) {
return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
}
}
$user = $this->userRepository->getByEmail($this->request->post('email')); $user = $this->userRepository->getByEmail($this->request->post('email'));
if ($user === null) { if ($user === null) {

View File

@ -1,3 +1,5 @@
@js(https://www.google.com/recaptcha/api.js)
@extends(templates/layout_normal) @extends(templates/layout_normal)
@section(main) @section(main)
@ -5,6 +7,11 @@
<div class="box"> <div class="box">
<form id="passwordResetForm" action="/password/requestReset" method="post" data-redirect-on-success="/password/requestReset/success"> <form id="passwordResetForm" action="/password/requestReset" method="post" data-redirect-on-success="/password/requestReset/success">
<input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= isset($email) ? $email : '' ?>" required autofocus> <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= isset($email) ? $email : '' ?>" required autofocus>
<?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
<div class="marginTop">
<div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
</div>
<?php endif; ?>
<p id="passwordResetFormError" class="formError justify marginTop"></p> <p id="passwordResetFormError" class="formError justify marginTop"></p>
<div class="right marginTop"> <div class="right marginTop">
<button type="submit">Continue</button> <button type="submit">Continue</button>

View File

@ -1,3 +1,4 @@
@js(https://www.google.com/recaptcha/api.js)
@js(js/login/signup.js) @js(js/login/signup.js)
@extends(templates/layout_normal) @extends(templates/layout_normal)
@ -15,6 +16,11 @@
<input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6"> <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
<input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" minlength="6"> <input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" minlength="6">
<?php endif; ?> <?php endif; ?>
<?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
<div class="marginTop">
<div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
</div>
<?php endif; ?>
<p id="signupFormError" class="formError justify marginTop"></p> <p id="signupFormError" class="formError justify marginTop"></p>
<div class="right"> <div class="right">
<button class="marginTop" type="submit">Sign up</button><!-- <button class="marginTop" type="submit">Sign up</button><!--