From c33c608b7436f193c90fb3d484974e48e0ef4cb8 Mon Sep 17 00:00:00 2001
From: Virgil-Adrian Teaca <darkstarlinux@gmail.com>
Date: Mon, 30 May 2016 13:43:20 +0200
Subject: [PATCH] Complete the integration of Google ReCaptcha on Users Module

---
 app/Config.example.php                       |  1 +
 app/Modules/Users/Controllers/Reminders.php  | 11 +++++--
 app/Modules/Users/Controllers/Users.php      |  7 +++++
 app/Modules/Users/Language/Cz/messages.php   |  1 +
 app/Modules/Users/Language/Da/messages.php   |  1 +
 app/Modules/Users/Language/De/messages.php   |  1 +
 app/Modules/Users/Language/En/messages.php   |  1 +
 app/Modules/Users/Language/Es/messages.php   |  1 +
 app/Modules/Users/Language/Fa/messages.php   |  1 +
 app/Modules/Users/Language/Fr/messages.php   |  1 +
 app/Modules/Users/Language/It/messages.php   |  1 +
 app/Modules/Users/Language/Ja/messages.php   |  1 +
 app/Modules/Users/Language/Nl/messages.php   |  1 +
 app/Modules/Users/Language/Pl/messages.php   |  1 +
 app/Modules/Users/Language/Ro/messages.php   |  1 +
 app/Modules/Users/Language/Ru/messages.php   |  1 +
 app/Modules/Users/Views/Reminders/Remind.php |  4 ++-
 app/Modules/Users/Views/Users/Login.php      |  4 ++-
 system/Helpers/ReCaptcha.php                 | 31 ++++++++++++++++----
 19 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/app/Config.example.php b/app/Config.example.php
index 7952f6e71a..e35a597d8a 100644
--- a/app/Config.example.php
+++ b/app/Config.example.php
@@ -133,6 +133,7 @@
  * Setup the Google reCAPTCHA configuration
  */
 Config::set('recaptcha', array(
+    'active'  => false,
     'siteKey' => '',
     'secret'  => '',
 ));
diff --git a/app/Modules/Users/Controllers/Reminders.php b/app/Modules/Users/Controllers/Reminders.php
index 229ea58a18..2e9358e05e 100644
--- a/app/Modules/Users/Controllers/Reminders.php
+++ b/app/Modules/Users/Controllers/Reminders.php
@@ -11,6 +11,7 @@
 use Core\Controller;
 use Core\View;
 use Helpers\Url;
+use Helpers\ReCaptcha;
 
 use Hash;
 use Input;
@@ -59,10 +60,16 @@ public function remind()
      */
     public function postRemind()
     {
-        $credentials = Input::only('email');
-
         $error = array();
 
+        // Verify the reCAPTCHA
+        if(! ReCaptcha::check()) {
+            return Redirect::back()->with('error', $error[] = __d('users', 'Invalid reCAPTCHA submitted.'));
+        }
+
+        //
+        $credentials = Input::only('email');
+
         switch ($response = Password::remind($credentials)) {
             case Password::INVALID_USER:
                 return Redirect::back()->with('error', $error[] = __d('users', 'We can\'t find a User with that e-mail address.'));
diff --git a/app/Modules/Users/Controllers/Users.php b/app/Modules/Users/Controllers/Users.php
index 9f1c661495..c0073aec15 100644
--- a/app/Modules/Users/Controllers/Users.php
+++ b/app/Modules/Users/Controllers/Users.php
@@ -8,9 +8,11 @@
 
 namespace App\Modules\Users\Controllers;
 
+use Core\Config;
 use Core\Controller;
 use Core\View;
 use Helpers\Url;
+use Helpers\ReCaptcha;
 
 use Auth;
 use Hash;
@@ -61,6 +63,11 @@ public function postLogin()
     {
         $error = array();
 
+        // Verify the submitted reCAPTCHA
+        if(! ReCaptcha::check()) {
+            return Redirect::back()->with('error', $error[] = __d('users', 'Invalid reCAPTCHA submitted.'));
+        }
+
         // Retrieve the Authentication credentials.
         $credentials = Input::only('username', 'password');
 
diff --git a/app/Modules/Users/Language/Cz/messages.php b/app/Modules/Users/Language/Cz/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Cz/messages.php
+++ b/app/Modules/Users/Language/Cz/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Da/messages.php b/app/Modules/Users/Language/Da/messages.php
index a4c7f98222..34bb74ec14 100644
--- a/app/Modules/Users/Language/Da/messages.php
+++ b/app/Modules/Users/Language/Da/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => 'Indtast den nuværende kodeord',
   'Insert the new Password' => 'Indtast det nye kodeord',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => 'Kodeord',
diff --git a/app/Modules/Users/Language/De/messages.php b/app/Modules/Users/Language/De/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/De/messages.php
+++ b/app/Modules/Users/Language/De/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/En/messages.php b/app/Modules/Users/Language/En/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/En/messages.php
+++ b/app/Modules/Users/Language/En/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Es/messages.php b/app/Modules/Users/Language/Es/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Es/messages.php
+++ b/app/Modules/Users/Language/Es/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Fa/messages.php b/app/Modules/Users/Language/Fa/messages.php
index da557aa7d2..2911964bc8 100644
--- a/app/Modules/Users/Language/Fa/messages.php
+++ b/app/Modules/Users/Language/Fa/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => 'رمزعبور فعلی را وارد کنید',
   'Insert the new Password' => 'رمزعبور جدید را وارد کنید',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => 'رمزعبور',
diff --git a/app/Modules/Users/Language/Fr/messages.php b/app/Modules/Users/Language/Fr/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Fr/messages.php
+++ b/app/Modules/Users/Language/Fr/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/It/messages.php b/app/Modules/Users/Language/It/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/It/messages.php
+++ b/app/Modules/Users/Language/It/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Ja/messages.php b/app/Modules/Users/Language/Ja/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Ja/messages.php
+++ b/app/Modules/Users/Language/Ja/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Nl/messages.php b/app/Modules/Users/Language/Nl/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Nl/messages.php
+++ b/app/Modules/Users/Language/Nl/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Pl/messages.php b/app/Modules/Users/Language/Pl/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Pl/messages.php
+++ b/app/Modules/Users/Language/Pl/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Ro/messages.php b/app/Modules/Users/Language/Ro/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Ro/messages.php
+++ b/app/Modules/Users/Language/Ro/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Language/Ru/messages.php b/app/Modules/Users/Language/Ru/messages.php
index 315237ccd1..29193b0026 100644
--- a/app/Modules/Users/Language/Ru/messages.php
+++ b/app/Modules/Users/Language/Ru/messages.php
@@ -9,6 +9,7 @@
   'Insert the current E-Mail' => '',
   'Insert the current Password' => '',
   'Insert the new Password' => '',
+  'Invalid reCAPTCHA submitted.' => '',
   'Login' => '',
   'Login to <b>{0}</b>' => '',
   'Password' => '',
diff --git a/app/Modules/Users/Views/Reminders/Remind.php b/app/Modules/Users/Views/Reminders/Remind.php
index 9cc8eea8b3..5953350bd5 100644
--- a/app/Modules/Users/Views/Reminders/Remind.php
+++ b/app/Modules/Users/Views/Reminders/Remind.php
@@ -22,11 +22,13 @@
                     <div class="form-group">
                         <p><input type="email" name="email" id="email" class="form-control input-lg col-xs-12 col-sm-12 col-md-12" placeholder="<?= __d('users', 'E-mail'); ?>"><br><br></p>
                     </div>
+                    <?php $recaptchaSiteKey = Config::get('recaptcha.siteKey'); if (! empty($recaptchaSiteKey)) { ?>
                     <div class="row pull-right" style="margin-top: 10px; margin-right: 0;">
-                        <div class="g-recaptcha" data-sitekey="<?= Config::get('recaptcha.siteKey'); ?>"></div>
+                        <div class="g-recaptcha" data-sitekey="<?= $recaptchaSiteKey; ?>"></div>
                     </div>
                     <div class="clearfix"></div>
                     <hr>
+                    <?php } ?>
                     <div class="row" style="margin-top: 22px;">
                         <div class="col-xs-6 col-sm-6 col-md-6">
                             <input type="submit" name="submit" class="btn btn-success col-sm-10" value="<?= __d('users', 'Send Reset Link'); ?>">
diff --git a/app/Modules/Users/Views/Users/Login.php b/app/Modules/Users/Views/Users/Login.php
index abe4bdadb1..c8e61f65df 100644
--- a/app/Modules/Users/Views/Users/Login.php
+++ b/app/Modules/Users/Views/Users/Login.php
@@ -26,11 +26,13 @@
                     <p><label><input name="remember" type="checkbox"> <?= __d('users', 'Remember me'); ?></label></p>
                 </div>
                 <hr>
+                <?php $recaptchaSiteKey = Config::get('recaptcha.siteKey'); if (! empty($recaptchaSiteKey)) { ?>
                 <div class="row pull-right" style="margin-right: 0;">
-                    <div class="g-recaptcha" data-sitekey="<?= Config::get('recaptcha.siteKey'); ?>"></div>
+                    <div class="g-recaptcha" data-sitekey="<?= $recaptchaSiteKey; ?>"></div>
                 </div>
                 <div class="clearfix"></div>
                 <hr>
+                <?php } ?>
                 <div class="form-group" style="margin-top: 22px;">
                     <div class="col-xs-6 col-sm-6 col-md-6">
                         <input type="submit" name="submit" class="btn btn-success col-sm-8" value="<?= __d('users', 'Login'); ?>">
diff --git a/system/Helpers/ReCaptcha.php b/system/Helpers/ReCaptcha.php
index 858fa3d0ab..73398f9999 100644
--- a/system/Helpers/ReCaptcha.php
+++ b/system/Helpers/ReCaptcha.php
@@ -22,6 +22,8 @@ class ReCaptcha
      */
     const GOOGLEHOST = 'https://www.google.com/recaptcha/api/siteverify';
 
+    private $active = true;
+
     private $siteKey;
     private $secret;
 
@@ -35,8 +37,22 @@ public function __construct()
         //
         $config = Config::get('recaptcha');
 
-        $this->recaptcha_siteKey = $config['siteKey'];
-        $this->recaptcha_secret  = $config'secret'];
+        // Wheter is active or not.
+        $this->active  = $config['active'];
+
+        // The Google keys
+        $this->siteKey = $config['siteKey'];
+        $this->secret  = $config['secret'];
+    }
+
+    /**
+     * Get the Status
+     *
+     * @return string
+     */
+    protected function isActive()
+    {
+        return $this->active;
     }
 
     /**
@@ -65,11 +81,14 @@ protected function getSecret()
      * @param  string $response
      * @return boolean
      */
-    protected function checkResponse($response)
+    protected function check($response = null)
     {
-        if (empty($response)) {
-            return false;
-        }
+        if(! $this->active) return true;
+
+        //
+        $response = $response ?: Request::input('g-recaptcha-response', '');
+
+        if (empty($response)) return false;
 
         $google_url = sprintf('%s?secret=%s&response=%s&remoteip=%s',
             self::GOOGLEHOST,