OrchardCMS · MikeAlhayek · Oct 19, 2023 · Sep 14, 2023 · Sep 14, 2023 · Sep 14, 2023
diff --git a/src/OrchardCore.Modules/OrchardCore.ReCaptcha/Forms/ReCaptchaPartDisplayDriver.cs b/src/OrchardCore.Modules/OrchardCore.ReCaptcha/Forms/ReCaptchaPartDisplayDriver.cs
@@ -1,5 +1,3 @@
-using System;
-using System.Threading.Tasks;
 using OrchardCore.ContentManagement.Display.ContentDisplay;
 using OrchardCore.ContentManagement.Display.Models;
 using OrchardCore.DisplayManagement.Views;
@@ -20,21 +18,21 @@ public ReCaptchaPartDisplayDriver(ISiteService siteService)
 
         public override IDisplayResult Display(ReCaptchaPart part, BuildPartDisplayContext context)
         {
-            return Initialize("ReCaptchaPart", (Func<ReCaptchaPartViewModel, ValueTask>)(async m =>
+            return Initialize<ReCaptchaPartViewModel>("ReCaptchaPart", async model =>
             {
                 var siteSettings = await _siteService.GetSiteSettingsAsync();
                 var settings = siteSettings.As<ReCaptchaSettings>();
-                m.SettingsAreConfigured = settings.IsValid();
-            })).Location("Detail", "Content");
+                model.SettingsAreConfigured = settings.IsValid();
+            }).Location("Detail", "Content");
         }
 
         public override IDisplayResult Edit(ReCaptchaPart part, BuildPartEditorContext context)
         {
-            return Initialize<ReCaptchaPartViewModel>("ReCaptchaPart_Fields_Edit", async m =>
+            return Initialize<ReCaptchaPartViewModel>("ReCaptchaPart_Fields_Edit", async model =>
             {
                 var siteSettings = await _siteService.GetSiteSettingsAsync();
                 var settings = siteSettings.As<ReCaptchaSettings>();
-                m.SettingsAreConfigured = settings.IsValid();
+                model.SettingsAreConfigured = settings.IsValid();
             });
         }
     }

diff --git a/src/OrchardCore.Modules/OrchardCore.ReCaptcha/Startup.cs b/src/OrchardCore.Modules/OrchardCore.ReCaptcha/Startup.cs
@@ -47,7 +47,7 @@ public override void ConfigureServices(IServiceCollection services)
             services.AddScoped<IPasswordRecoveryFormEvents, PasswordRecoveryFormEventEventHandler>();
             services.Configure<MvcOptions>((options) =>
             {
-                options.Filters.Add(typeof(ReCaptchaLoginFilter));
+                options.Filters.Add<ReCaptchaLoginFilter>();
             });
         }
     }

diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/Configuration/ReCaptchaSettings.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/Configuration/ReCaptchaSettings.cs
@@ -1,5 +1,3 @@
-using System;
-
 namespace OrchardCore.ReCaptcha.Configuration
 {
     public class ReCaptchaSettings
@@ -17,9 +15,11 @@ public class ReCaptchaSettings
         /// </summary>
         public int DetectionThreshold { get; set; } = 5;
 
+        private bool? _isValid;
+
         public bool IsValid()
-        {
-            return !string.IsNullOrWhiteSpace(SiteKey) && !string.IsNullOrWhiteSpace(SecretKey);
-        }
+            => _isValid ??= !string.IsNullOrWhiteSpace(SiteKey)
+            && !string.IsNullOrWhiteSpace(SecretKey)
+            && !string.IsNullOrWhiteSpace(ReCaptchaApiUri);
     }
 }
diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/ServiceCollectionExtensions.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/ServiceCollectionExtensions.cs
@@ -13,12 +13,12 @@ public static class ServiceCollectionExtensions
     {
         public static IServiceCollection AddReCaptcha(this IServiceCollection services, Action<ReCaptchaSettings> configure = null)
         {
-            services.AddHttpClient<ReCaptchaClient>()
+            services.AddScoped<ReCaptchaService>()
+                .AddHttpClient<ReCaptchaService>()
                 .AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(3, attempt => TimeSpan.FromSeconds(0.5 * attempt)));
 
             services.AddTransient<IDetectRobots, IPAddressRobotDetector>();
             services.AddTransient<IConfigureOptions<ReCaptchaSettings>, ReCaptchaSettingsConfiguration>();
-            services.AddTransient<ReCaptchaService>();
             services.AddTagHelpers<ReCaptchaTagHelper>();
 
             if (configure != null)

diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaClient.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaClient.cs
diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaResponse.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaResponse.cs
@@ -0,0 +1,6 @@
+namespace OrchardCore.ReCaptcha.Services;
+
+public class ReCaptchaResponse
+{
+    public bool Success { get; set; }
+}
diff --git a/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaService.cs b/src/OrchardCore/OrchardCore.ReCaptcha.Core/Services/ReCaptchaService.cs
@@ -1,6 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Text.Json;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Localization;
@@ -14,17 +17,28 @@ namespace OrchardCore.ReCaptcha.Services
 {
     public class ReCaptchaService
     {
-        private readonly ReCaptchaClient _reCaptchaClient;
-        private readonly ReCaptchaSettings _settings;
+        private static readonly JsonSerializerOptions _jsonSerializerOptions = new()
+        {
+            PropertyNamingPolicy = SnakeCaseNamingPolicy.Instance,
+        };
+
+        private readonly ReCaptchaSettings _reCaptchaSettings;
+        private readonly HttpClient _httpClient;
         private readonly IEnumerable<IDetectRobots> _robotDetectors;
         private readonly IHttpContextAccessor _httpContextAccessor;
         private readonly ILogger _logger;
         protected readonly IStringLocalizer S;
 
-        public ReCaptchaService(ReCaptchaClient reCaptchaClient, IOptions<ReCaptchaSettings> optionsAccessor, IEnumerable<IDetectRobots> robotDetectors, IHttpContextAccessor httpContextAccessor, ILogger<ReCaptchaService> logger, IStringLocalizer<ReCaptchaService> stringLocalizer)
+        public ReCaptchaService(
+            HttpClient httpClient,
+            IOptions<ReCaptchaSettings> optionsAccessor,
+            IEnumerable<IDetectRobots> robotDetectors,
+            IHttpContextAccessor httpContextAccessor,
+            ILogger<ReCaptchaService> logger,
+            IStringLocalizer<ReCaptchaService> stringLocalizer)
         {
-            _reCaptchaClient = reCaptchaClient;
-            _settings = optionsAccessor.Value;
+            _reCaptchaSettings = optionsAccessor.Value;
+            _httpClient = httpClient;
             _robotDetectors = robotDetectors;
             _httpContextAccessor = httpContextAccessor;
             _logger = logger;
@@ -65,7 +79,9 @@ public void ThisIsAHuman()
         /// <returns></returns>
         public async Task<bool> VerifyCaptchaResponseAsync(string reCaptchaResponse)
         {
-            return !string.IsNullOrWhiteSpace(reCaptchaResponse) && await _reCaptchaClient.VerifyAsync(reCaptchaResponse, _settings.SecretKey);
+            return !string.IsNullOrWhiteSpace(reCaptchaResponse)
+                && _reCaptchaSettings.IsValid()
+                && await VerifyAsync(reCaptchaResponse);
         }
 
         /// <summary>
@@ -74,7 +90,7 @@ public async Task<bool> VerifyCaptchaResponseAsync(string reCaptchaResponse)
         /// <param name="reportError">Lambda for reporting errors.</param>
         public async Task<bool> ValidateCaptchaAsync(Action<string, string> reportError)
         {
-            if (!_settings.IsValid())
+            if (!_reCaptchaSettings.IsValid())
             {
                 _logger.LogWarning("The ReCaptcha settings are not valid");
                 return false;
@@ -89,7 +105,7 @@ public async Task<bool> ValidateCaptchaAsync(Action<string, string> reportError)
                 reCaptchaResponse = _httpContextAccessor.HttpContext.Request.Form[Constants.ReCaptchaServerResponseHeaderName].ToString();
             }
 
-            var isValid = !string.IsNullOrEmpty(reCaptchaResponse) && await VerifyCaptchaResponseAsync(reCaptchaResponse);
+            var isValid = await VerifyCaptchaResponseAsync(reCaptchaResponse);
 
             if (!isValid)
             {
@@ -98,5 +114,34 @@ public async Task<bool> ValidateCaptchaAsync(Action<string, string> reportError)
 
             return isValid;
         }
+
+        /// <summary>
+        /// Verifies the supplied token with ReCaptcha Api.
+        /// </summary>
+        /// <param name="responseToken">Token received from the ReCaptcha UI.</param>
+        /// <returns>A boolean indicating if the token is valid.</returns>
+        private async Task<bool> VerifyAsync(string responseToken)
+        {
+            try
+            {
+                var content = new FormUrlEncodedContent(new Dictionary<string, string>
+                {
+                    { "secret", _reCaptchaSettings.SecretKey },
+                    { "response", responseToken }
+                });
+
+                var response = await _httpClient.PostAsync($"{_reCaptchaSettings.ReCaptchaApiUri.TrimEnd('/')}/siteverify", content);
+                response.EnsureSuccessStatusCode();
+                var result = await response.Content.ReadFromJsonAsync<ReCaptchaResponse>(_jsonSerializerOptions);
+
+                return result.Success;
+            }
+            catch (HttpRequestException e)
+            {
+                _logger.LogError(e, "Could not contact Google to verify captcha.");
+            }
+
+            return false;
+        }
     }
 }