From 21599e68c6dfd6fd5c0261c82ba123904f1fd894 Mon Sep 17 00:00:00 2001 From: Italo Date: Tue, 5 Nov 2019 18:51:38 -0300 Subject: [PATCH 1/2] Added AJAX acclaration --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a5967b6..52bc1ff 100644 --- a/README.md +++ b/README.md @@ -42,9 +42,9 @@ Just add the `data-recaptcha="true"` attribute to the forms where you want to ha ``` -The Google reCAPTCHA script from Google will be automatically injected on all responses for better analytics. +The Google reCAPTCHA script from Google will be automatically injected on all responses for better analytics. -> Check the `manual` mode if you want control on how to deal with the frontend reCAPTCHA script. +> Alternatively, you may want to use the [`manual` mode](#manual) if you want control on how to deal with the frontend reCAPTCHA script. ### Backend @@ -413,6 +413,16 @@ This blade views requires the Google reCAPTCHA v3 script, and detects the forms There you can edit how the script is downloaded from Google, and how it checks for forms to link with the backend. +### AJAX Requests + +Depending of your application, AJAX Requests won't include the reCAPTCHA token. This may be for various reasons: + +* Using virtual DOM frameworks like Vue and React. +* Creating a form after the page loaded with JavaScript. +* An AJAX Requests being done entirely in JavaScript. + +In any of these scenarios, you may want disable the injection script and [use the reCAPATCHA v3 scripts directly](https://developers.google.com/recaptcha/docs/v3). + ## License -The MIT License (MIT). Please see [License File](LICENSE.md) for more information. \ No newline at end of file +The MIT License (MIT). Please see [License File](LICENSE.md) for more information. From 0be13b9ee6c818d51c2462b8cb0390f0944c6470 Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Sun, 24 Nov 2019 20:14:21 -0300 Subject: [PATCH 2/2] Removed exception when route is not a POST method. --- src/Http/Middleware/CheckRecaptcha.php | 30 ++++++++----------------- tests/Middleware/CheckRecaptchaTest.php | 21 ++++++++--------- 2 files changed, 18 insertions(+), 33 deletions(-) diff --git a/src/Http/Middleware/CheckRecaptcha.php b/src/Http/Middleware/CheckRecaptcha.php index b1ea9e4..dadaa12 100644 --- a/src/Http/Middleware/CheckRecaptcha.php +++ b/src/Http/Middleware/CheckRecaptcha.php @@ -3,14 +3,13 @@ namespace DarkGhostHunter\Captchavel\Http\Middleware; use Closure; -use DarkGhostHunter\Captchavel\Exceptions\FailedRecaptchaException; -use DarkGhostHunter\Captchavel\Exceptions\InvalidCaptchavelMiddlewareMethod; -use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; +use Illuminate\Http\Request; use DarkGhostHunter\Captchavel\ReCaptcha; +use ReCaptcha\ReCaptcha as ReCaptchaFactory; use Illuminate\Contracts\Config\Repository as Config; use Illuminate\Contracts\Validation\Factory as Validator; -use Illuminate\Http\Request; -use ReCaptcha\ReCaptcha as ReCaptchaFactory; +use DarkGhostHunter\Captchavel\Exceptions\FailedRecaptchaException; +use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; class CheckRecaptcha { @@ -72,25 +71,14 @@ public function __construct(Validator $validator, */ public function handle($request, Closure $next, float $threshold = null) { - $this->isPostMethod($request); - $this->hasValidRequest($request); - $this->hasValidReCaptcha($request, $threshold ?? $this->config['threshold']); + if ($request->getRealMethod() === 'POST') { + $this->hasValidRequest($request); + $this->hasValidReCaptcha($request, $threshold ?? $this->config['threshold']); + } return $next($request); } - /** - * Detect if the Request is a "write" method - * - * @param \Illuminate\Http\Request $request - * @return bool - * @throws \Throwable - */ - protected function isPostMethod(Request $request) - { - return throw_unless($request->getRealMethod() === 'POST', InvalidCaptchavelMiddlewareMethod::class); - } - /** * Return if the Request has a valid reCAPTCHA token * @@ -148,4 +136,4 @@ protected function sanitizeAction(string $action) { return preg_replace('/[^A-z\/\_]/s', '', $action); } -} \ No newline at end of file +} diff --git a/tests/Middleware/CheckRecaptchaTest.php b/tests/Middleware/CheckRecaptchaTest.php index c25150f..1766cfd 100644 --- a/tests/Middleware/CheckRecaptchaTest.php +++ b/tests/Middleware/CheckRecaptchaTest.php @@ -2,17 +2,16 @@ namespace DarkGhostHunter\Captchavel\Tests; -use DarkGhostHunter\Captchavel\Exceptions\FailedRecaptchaException; -use DarkGhostHunter\Captchavel\Exceptions\InvalidCaptchavelMiddlewareMethod; -use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; -use DarkGhostHunter\Captchavel\Http\Middleware\CheckRecaptcha; -use DarkGhostHunter\Captchavel\ReCaptcha; -use Illuminate\Support\Carbon; +use ReCaptcha\Response; use Illuminate\Support\Str; +use ReCaptcha\RequestMethod; +use Illuminate\Support\Carbon; use Orchestra\Testbench\TestCase; +use DarkGhostHunter\Captchavel\ReCaptcha; use ReCaptcha\ReCaptcha as ReCaptchaFactory; -use ReCaptcha\RequestMethod; -use ReCaptcha\Response; +use DarkGhostHunter\Captchavel\Http\Middleware\CheckRecaptcha; +use DarkGhostHunter\Captchavel\Exceptions\FailedRecaptchaException; +use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; class CheckRecaptchaTest extends TestCase { @@ -103,13 +102,11 @@ public function testFailsOnNonPostMethod() $response = $this->get('get-route'); - $response->assertStatus(500); - $this->assertInstanceOf(InvalidCaptchavelMiddlewareMethod::class, $response->exception); + $response->assertStatus(200); $response = $this->call('head', 'head-route'); - $response->assertStatus(500); - $this->assertInstanceOf(InvalidCaptchavelMiddlewareMethod::class, $response->exception); + $response->assertStatus(200); } public function testFailsInvalidToken()