Migrate to reCAPTCHA v2

2018-02-27 15:28:35 -08:00 · 2018-02-27 15:28:35 -08:00 · 1ac444b84b
commit 1ac444b84b
parent 7adee00e9b
2 changed files with 17 additions and 15 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -1,6 +1,7 @@
 7.10.31
 - fixed: Warnings about API changes in POE::Component::IKC::ClientLite
 - fixed: Allow WebGUI::Cache and all consumers to fetch SSL URLs, but not verify the certificates.
+ - fixed: Migrate to reCAPTCHA v2

 7.10.30
 - fixed: Do not generate the Not Found page when JS or CSS is requested.  In admin mode, this is bypassed so that admins can see which pages are really missing and can easily add them.
--- a/lib/WebGUI/Form/Captcha.pm
+++ b/lib/WebGUI/Form/Captcha.pm
@ -19,6 +19,7 @@ use base 'WebGUI::Form::Text';
 use WebGUI::International;
 use WebGUI::Storage;
 use LWP::UserAgent;
+use JSON;

 =head1 NAME

@ -105,20 +106,24 @@ sub getValue {

    if ($self->session->setting->get('useRecaptcha')) {
        my $privKey = $self->session->setting->get('recaptchaPrivateKey');
-        my $challenge = $self->session->form->param('recaptcha_challenge_field');
-        my $response = $self->session->form->param('recaptcha_response_field');
+        my $response = $self->session->form->param('g-recaptcha-response');

        my $ua = LWP::UserAgent->new;
-        my $res = $ua->post('http://www.google.com/recaptcha/api/verify', {
-            privatekey  => $privKey,
+        my $res = $ua->post('https://www.google.com/recaptcha/api/siteverify', {
+            secret      => $privKey,
            remoteip    => $self->session->env->getIp,
-            challenge   => $challenge,
            response    => $response,
        });
        if ($res->is_success) {
-            my ($answer, $error) = split /\n/, $res->content, 2;
-            $self->{_error} = $error;
-            return $answer eq 'true';
+            my $json = $res->content;
+            my $data = eval { JSON::decode_json($json); };
+            if ($@) {
+                return undef;
+            }
+            return $data->{success} ? 1 : 0;
+        }
+        else {
+            $self->session->log->warn("Google lookup failed");
        }
        return undef;
    }
@ -165,13 +170,9 @@ sub toHtml {
            $server = "https://www.google.com/recaptcha/api";
        }
        return
-            '<script type="text/javascript" src="' . $server . '/challenge?k=' . $pubKey . '"></script>'
-            . '<noscript>'
-            . '<iframe src="' . $server . '/noscript?k=' . $pubKey
-            . '" height="300" width="500" frameborder="0"></iframe>'
-            . '<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>'
-            . '<input type="hidden" name="recaptcha_response_field" value="manual_challenge" />'
-            . '</noscript>';
+            '<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>'
+            . qq!<div class="g-recaptcha" data-sitekey="$pubKey"></div>!
+            ;
    }

    my $storage = WebGUI::Storage->createTemp($self->session);