From d0751017dbb1a5481e6b79e7aec86d24cbca40ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Thu, 26 May 2022 18:39:33 +0200
Subject: [PATCH 1/3] MAPG-242 add possibility to captcha validation

---
 .env.example                  |  2 ++
 src/Util/CaptchaValidator.php | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 src/Util/CaptchaValidator.php

diff --git a/.env.example b/.env.example
index 82e1f6f..ee070c8 100644
--- a/.env.example
+++ b/.env.example
@@ -21,3 +21,5 @@ MULTI_INTERNAL_PORT=5000
 MULTI_WS_URL=mapguesser-dev.ch:8090
 MULTI_WS_PORT=8090
 ENABLE_GAME_FOR_GUESTS=0
+RECAPTCHA_SITEKEY=your_recaptcha_sitekey
+RECAPTCHA_SECRET=your_recaptcha_secret
diff --git a/src/Util/CaptchaValidator.php b/src/Util/CaptchaValidator.php
new file mode 100644
index 0000000..3d4356f
--- /dev/null
+++ b/src/Util/CaptchaValidator.php
@@ -0,0 +1,19 @@
+<?php namespace MapGuesser\Util;
+
+use MapGuesser\Http\Request;
+
+class CaptchaValidator
+{
+    public function validate(string $response)
+    {
+        $request = new Request('https://www.google.com/recaptcha/api/siteverify', Request::HTTP_GET);
+        $request->setQuery([
+            'secret' => $_ENV['RECAPTCHA_SECRET'],
+            'response' => $response
+        ]);
+
+        $response = $request->send();
+
+        return json_decode($response->getBody(), true);
+    }
+}
-- 
2.45.2


From 241d2f2b30826858b42a8de66efe3d5056fefde9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Thu, 26 May 2022 18:41:26 +0200
Subject: [PATCH 2/3] MAPG-242 add captcha validation for signup

---
 src/Controller/LoginController.php | 13 +++++++++++++
 views/login/signup.php             |  6 ++++++
 2 files changed, 19 insertions(+)

diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
index 4f85983..3857f0e 100644
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -19,6 +19,7 @@ use MapGuesser\Repository\UserRepository;
 use MapGuesser\Response\HtmlContent;
 use MapGuesser\Response\JsonContent;
 use MapGuesser\Response\Redirect;
+use MapGuesser\Util\CaptchaValidator;
 use MapGuesser\Util\JwtParser;
 
 class LoginController
@@ -285,6 +286,18 @@ class LoginController
             return new JsonContent($data);
         }
 
+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
         if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
             return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]);
         }
diff --git a/views/login/signup.php b/views/login/signup.php
index 75ea59d..7f5b8d1 100644
--- a/views/login/signup.php
+++ b/views/login/signup.php
@@ -1,3 +1,4 @@
+@js(https://www.google.com/recaptcha/api.js)
 @js(js/login/signup.js)
 
 @extends(templates/layout_normal)
@@ -15,6 +16,11 @@
                 <input type="password" class="text big fullWidth marginTop" name="password" placeholder="Password" required minlength="6">
                 <input type="password" class="text big fullWidth marginTop" name="password_confirm" placeholder="Password confirmation" minlength="6">
             <?php endif; ?>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
             <p id="signupFormError" class="formError justify marginTop"></p>
             <div class="right">
                 <button class="marginTop" type="submit">Sign up</button><!--
-- 
2.45.2


From cc19d454fa15f6d029ae991d9bab75c3f469f3cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Thu, 26 May 2022 18:45:16 +0200
Subject: [PATCH 3/3] MAPG-242 add captcha validation for password reset

---
 src/Controller/LoginController.php     | 12 ++++++++++++
 views/login/password_reset_request.php |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php
index 3857f0e..52e30a1 100644
--- a/src/Controller/LoginController.php
+++ b/src/Controller/LoginController.php
@@ -468,6 +468,18 @@ class LoginController
             ]);
         }
 
+        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
+            if (!$this->request->post('g-recaptcha-response')) {
+                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
+            }
+
+            $captchaValidator = new CaptchaValidator();
+            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
+            if (!$captchaResponse['success']) {
+                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
+            }
+        }
+
         $user = $this->userRepository->getByEmail($this->request->post('email'));
 
         if ($user === null) {
diff --git a/views/login/password_reset_request.php b/views/login/password_reset_request.php
index 22d5fe5..8f7c32b 100644
--- a/views/login/password_reset_request.php
+++ b/views/login/password_reset_request.php
@@ -1,3 +1,5 @@
+@js(https://www.google.com/recaptcha/api.js)
+
 @extends(templates/layout_normal)
 
 @section(main)
@@ -5,6 +7,11 @@
     <div class="box">
         <form id="passwordResetForm" action="/password/requestReset" method="post" data-redirect-on-success="/password/requestReset/success">
             <input type="email" class="text big fullWidth" name="email" placeholder="Email address" value="<?= isset($email) ? $email : '' ?>" required autofocus>
+            <?php if (!empty($_ENV['RECAPTCHA_SITEKEY'])): ?>
+                <div class="marginTop">
+                    <div class="g-recaptcha" data-sitekey="<?= $_ENV['RECAPTCHA_SITEKEY'] ?>"></div>
+                </div>
+            <?php endif; ?>
             <p id="passwordResetFormError" class="formError justify marginTop"></p>
             <div class="right marginTop">
                 <button type="submit">Continue</button>
-- 
2.45.2