diff --git a/.env.example b/.env.example index 82e1f6f..ee070c8 100644 --- a/.env.example +++ b/.env.example @@ -21,3 +21,5 @@ MULTI_INTERNAL_PORT=5000 MULTI_WS_URL=mapguesser-dev.ch:8090 MULTI_WS_PORT=8090 ENABLE_GAME_FOR_GUESTS=0 +RECAPTCHA_SITEKEY=your_recaptcha_sitekey +RECAPTCHA_SECRET=your_recaptcha_secret diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php index 4f85983..52e30a1 100644 --- a/src/Controller/LoginController.php +++ b/src/Controller/LoginController.php @@ -19,6 +19,7 @@ use MapGuesser\Repository\UserRepository; use MapGuesser\Response\HtmlContent; use MapGuesser\Response\JsonContent; use MapGuesser\Response\Redirect; +use MapGuesser\Util\CaptchaValidator; use MapGuesser\Util\JwtParser; class LoginController @@ -285,6 +286,18 @@ class LoginController return new JsonContent($data); } + if (!empty($_ENV['RECAPTCHA_SITEKEY'])) { + if (!$this->request->post('g-recaptcha-response')) { + return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]); + } + + $captchaValidator = new CaptchaValidator(); + $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response')); + if (!$captchaResponse['success']) { + return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]); + } + } + if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) { return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]); } @@ -455,6 +468,18 @@ class LoginController ]); } + if (!empty($_ENV['RECAPTCHA_SITEKEY'])) { + if (!$this->request->post('g-recaptcha-response')) { + return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]); + } + + $captchaValidator = new CaptchaValidator(); + $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response')); + if (!$captchaResponse['success']) { + return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]); + } + } + $user = $this->userRepository->getByEmail($this->request->post('email')); if ($user === null) { diff --git a/src/Util/CaptchaValidator.php b/src/Util/CaptchaValidator.php new file mode 100644 index 0000000..3d4356f --- /dev/null +++ b/src/Util/CaptchaValidator.php @@ -0,0 +1,19 @@ +setQuery([ + 'secret' => $_ENV['RECAPTCHA_SECRET'], + 'response' => $response + ]); + + $response = $request->send(); + + return json_decode($response->getBody(), true); + } +} diff --git a/views/login/password_reset_request.php b/views/login/password_reset_request.php index 22d5fe5..8f7c32b 100644 --- a/views/login/password_reset_request.php +++ b/views/login/password_reset_request.php @@ -1,3 +1,5 @@ +@js(https://www.google.com/recaptcha/api.js) + @extends(templates/layout_normal) @section(main) @@ -5,6 +7,11 @@
+ +
+
+
+

diff --git a/views/login/signup.php b/views/login/signup.php index 75ea59d..7f5b8d1 100644 --- a/views/login/signup.php +++ b/views/login/signup.php @@ -1,3 +1,4 @@ +@js(https://www.google.com/recaptcha/api.js) @js(js/login/signup.js) @extends(templates/layout_normal) @@ -15,6 +16,11 @@ + +
+
+
+