oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrate to reCAPTCHA v2

Browse source
This commit is contained in:
colin 2018-02-27 15:28:35 -08:00
parent d760289918
commit ecb65bd724
2 changed files with 17 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -1,6 +1,7 @@
7.10.31 7.10.31
- fixed: Warnings about API changes in POE::Component::IKC::ClientLite - fixed: Warnings about API changes in POE::Component::IKC::ClientLite
- fixed: Allow WebGUI::Cache and all consumers to fetch SSL URLs, but not verify the certificates. - fixed: Allow WebGUI::Cache and all consumers to fetch SSL URLs, but not verify the certificates.
- fixed: Migrate to reCAPTCHA v2
7.10.30 7.10.30
- fixed: Do not generate the Not Found page when JS or CSS is requested. In admin mode, this is bypassed so that admins can see which pages are really missing and can easily add them. - fixed: Do not generate the Not Found page when JS or CSS is requested. In admin mode, this is bypassed so that admins can see which pages are really missing and can easily add them.

31
lib/WebGUI/Form/Captcha.pm
View file

@ -19,6 +19,7 @@ use base 'WebGUI::Form::Text';
use WebGUI::International; use WebGUI::International;
use WebGUI::Storage; use WebGUI::Storage;
use LWP::UserAgent; use LWP::UserAgent;
use JSON;
=head1 NAME =head1 NAME
@ -105,20 +106,24 @@ sub getValue {
if ($self->session->setting->get('useRecaptcha')) { if ($self->session->setting->get('useRecaptcha')) {
my $privKey = $self->session->setting->get('recaptchaPrivateKey'); my $privKey = $self->session->setting->get('recaptchaPrivateKey');
my $challenge = $self->session->form->param('recaptcha_challenge_field'); my $response = $self->session->form->param('g-recaptcha-response');
my $response = $self->session->form->param('recaptcha_response_field');
my $ua = LWP::UserAgent->new; my $ua = LWP::UserAgent->new;
my $res = $ua->post('http://www.google.com/recaptcha/api/verify', { my $res = $ua->post('https://www.google.com/recaptcha/api/siteverify', {
privatekey => $privKey, secret => $privKey,
remoteip => $self->session->env->getIp, remoteip => $self->session->env->getIp,
challenge => $challenge,
response => $response, response => $response,
}); });
if ($res->is_success) { if ($res->is_success) {
my ($answer, $error) = split /\n/, $res->content, 2; my $json = $res->content;
$self->{_error} = $error; my $data = eval { JSON::decode_json($json); };
return $answer eq 'true'; if ($@) {
return undef;
}
return $data->{success} ? 1 : 0;
}
else {
$self->session->log->warn("Google lookup failed");
} }
return undef; return undef;
} }
@ -165,13 +170,9 @@ sub toHtml {
$server = "https://www.google.com/recaptcha/api"; $server = "https://www.google.com/recaptcha/api";
} }
return return
'<script type="text/javascript" src="' . $server . '/challenge?k=' . $pubKey . '"></script>' '<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>'
. '<noscript>' . qq!<div class="g-recaptcha" data-sitekey="$pubKey"></div>!
. '<iframe src="' . $server . '/noscript?k=' . $pubKey ;
. '" height="300" width="500" frameborder="0"></iframe>'
. '<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>'
. '<input type="hidden" name="recaptcha_response_field" value="manual_challenge" />'
. '</noscript>';
} }
my $storage = WebGUI::Storage->createTemp($self->session); my $storage = WebGUI::Storage->createTemp($self->session);