CHIEFSOFT\ameye
136 lines
4.8 KiB
PHP
136 lines
4.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @file classes/form/validation/FormValidatorReCaptcha.php
|
|
*
|
|
* Copyright (c) 2014-2021 Simon Fraser University
|
|
* Copyright (c) 2000-2021 John Willinsky
|
|
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
|
*
|
|
* @class FormValidatorReCaptcha
|
|
*
|
|
* @ingroup form_validation
|
|
*
|
|
* @brief Form validation check reCaptcha values.
|
|
*/
|
|
|
|
namespace PKP\form\validation;
|
|
|
|
use APP\core\Application;
|
|
use Exception;
|
|
use InvalidArgumentException;
|
|
use PKP\config\Config;
|
|
use PKP\form\Form;
|
|
|
|
class FormValidatorReCaptcha extends FormValidator
|
|
{
|
|
/** @var string The response field containing the reCaptcha response */
|
|
private const RECAPTCHA_RESPONSE_FIELD = 'g-recaptcha-response';
|
|
/** @var string The request URL */
|
|
private const RECAPTCHA_URL = 'https://www.google.com/recaptcha/api/siteverify';
|
|
/** @var string The initiating IP address of the user */
|
|
private $_userIp;
|
|
/** @var string The hostname to expect in the validation response */
|
|
private $_hostname;
|
|
|
|
/**
|
|
* Constructor.
|
|
*
|
|
* @param \PKP\form\Form $form
|
|
* @param string $userIp IP address of user request
|
|
* @param string $message Key of message to display on mismatch
|
|
* @param string|null $hostname Hostname to expect in validation response
|
|
*/
|
|
public function __construct(Form $form, string $userIp, string $message, ?string $hostname = null)
|
|
{
|
|
parent::__construct($form, self::RECAPTCHA_RESPONSE_FIELD, FormValidator::FORM_VALIDATOR_REQUIRED_VALUE, $message);
|
|
$this->_userIp = $userIp;
|
|
$this->_hostname = $hostname;
|
|
}
|
|
|
|
//
|
|
// Public methods
|
|
//
|
|
/**
|
|
* @see FormValidator::isValid()
|
|
* Determine whether or not the form meets this ReCaptcha constraint.
|
|
*
|
|
*/
|
|
public function isValid(): bool
|
|
{
|
|
$form = $this->getForm();
|
|
try {
|
|
$this->validateResponse($form->getData(self::RECAPTCHA_RESPONSE_FIELD), $this->_userIp, $this->_hostname);
|
|
return true;
|
|
} catch (Exception $exception) {
|
|
$this->_message = 'common.captcha.error.missing-input-response';
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validates the reCaptcha response
|
|
*
|
|
* @param string|null $response The reCaptcha response
|
|
* @param string|null $ip The user IP address (defaults to null)
|
|
* @param string|null $hostname The application hostname (defaults to null)
|
|
*
|
|
* @throws Exception Throws in case the validation fails
|
|
*/
|
|
public static function validateResponse(?string $response, ?string $ip = null, ?string $hostname = null): void
|
|
{
|
|
if (!empty($ip) && !filter_var($ip, FILTER_VALIDATE_IP)) {
|
|
throw new InvalidArgumentException('Invalid IP address.');
|
|
}
|
|
|
|
if (empty($response)) {
|
|
throw new InvalidArgumentException('The reCaptcha user response is required.');
|
|
}
|
|
|
|
$privateKey = Config::getVar('captcha', 'recaptcha_private_key');
|
|
if (empty($privateKey)) {
|
|
throw new Exception('The reCaptcha is not configured correctly, the secret key is missing.');
|
|
}
|
|
|
|
$httpClient = Application::get()->getHttpClient();
|
|
$response = $httpClient->request(
|
|
'POST',
|
|
self::RECAPTCHA_URL,
|
|
[
|
|
'multipart' => [
|
|
['name' => 'secret', 'contents' => $privateKey],
|
|
['name' => 'response', 'contents' => $response],
|
|
['name' => 'remoteip', 'contents' => $ip]
|
|
]
|
|
]
|
|
);
|
|
|
|
$response = json_decode($response->getBody(), true);
|
|
if (Config::getVar('captcha', 'recaptcha_enforce_hostname') && ($response['hostname'] ?? null) != $hostname) {
|
|
throw new Exception('The hostname validation of the reCaptcha response failed.');
|
|
}
|
|
|
|
$errorMap = [
|
|
'missing-input-secret' => 'The secret parameter is missing.',
|
|
'invalid-input-secret' => 'The secret parameter is invalid or malformed.',
|
|
'missing-input-response' => 'The response parameter is missing.',
|
|
'invalid-input-response' => 'The response parameter is invalid or malformed.',
|
|
'invalid-keys' => 'The configured keys are invalid.',
|
|
'bad-request' => 'The request is invalid or malformed.',
|
|
'timeout-or-duplicate' => 'The response is no longer valid: either is too old or has been used previously.'
|
|
];
|
|
|
|
if (!($response['success'] ?? false)) {
|
|
$errors = [];
|
|
foreach ($response['error-codes'] ?? [] as $error) {
|
|
$errors[] = $errorMap[$error] ?? $error;
|
|
}
|
|
throw new Exception(implode("\n", $errors) ?: 'The reCaptcha validation failed.');
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!PKP_STRICT_MODE) {
|
|
class_alias('\PKP\form\validation\FormValidatorReCaptcha', '\FormValidatorReCaptcha');
|
|
}
|