From c8c30b678e787ec827653ad7756f79d8cc262952 Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Wed, 8 Apr 2020 13:32:58 -0400 Subject: [PATCH 1/5] Reworked script to renew recaptcha script every 120 seconds. --- resources/views/script.blade.php | 45 ++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/resources/views/script.blade.php b/resources/views/script.blade.php index 9b8458f..c22fc58 100644 --- a/resources/views/script.blade.php +++ b/resources/views/script.blade.php @@ -9,24 +9,35 @@ return; } - Array.from(document.getElementsByTagName('form')) - .filter((form) => form.dataset.recaptcha === 'true') - .forEach((form) => { - let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; - grecaptcha.execute(site_key, { - action: action - .substring(action.indexOf('?'), action.length) - .replace(/[^A-z\/_]/gi, '') - }).then((token) => { - if (token) { - let child = document.createElement('input'); - child.setAttribute('type', 'hidden'); - child.setAttribute('name', '_recaptcha'); - child.setAttribute('value', token); - form.appendChild(child); + let elements = Array.from(document.getElementsByTagName('form')) + .filter((form) => form.dataset.recaptcha === 'true'); + + let renew = (form) => { + let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; + grecaptcha.execute(site_key, { + action: action + .substring(action.indexOf('?'), action.length) + .replace(/[^A-z\/_]/gi, '') + }).then((token) => { + if (token) { + + let inputs = form.getElementsByClassName('recaptcha-token'); + + if (inputs.length) { + Array.from(inputs).forEach((input) => input.remove()); } - }); + + let child = document.createElement('input'); + child.setAttribute('type', 'hidden'); + child.setAttribute('name', '_recaptcha'); + child.setAttribute('class', 'recaptcha-token'); + child.setAttribute('value', token); + form.appendChild(child); + } }); + }; + + setTimeout(() => elements.forEach(renew), 1000 * 120); }; // End Captchavel Script - \ No newline at end of file + From 3f5fc70e2050a0ac74347e26aa55a658494afbb9 Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Wed, 8 Apr 2020 13:50:09 -0400 Subject: [PATCH 2/5] Fixes checking if it has the `is_robot` value to query or input. --- src/Http/Middleware/TransparentRecaptcha.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Http/Middleware/TransparentRecaptcha.php b/src/Http/Middleware/TransparentRecaptcha.php index b19ce2e..fbdd525 100644 --- a/src/Http/Middleware/TransparentRecaptcha.php +++ b/src/Http/Middleware/TransparentRecaptcha.php @@ -2,9 +2,9 @@ namespace DarkGhostHunter\Captchavel\Http\Middleware; -use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; -use Illuminate\Http\Request; use ReCaptcha\Response; +use Illuminate\Http\Request; +use DarkGhostHunter\Captchavel\Exceptions\InvalidRecaptchaException; class TransparentRecaptcha extends CheckRecaptcha { @@ -42,8 +42,8 @@ protected function resolve(Request $request, float $threshold) null, now()->toIso8601ZuluString(), null, - (int)$request->query->has('is_robot'), + (int)$request->has('is_robot'), $this->sanitizeAction($request->getRequestUri())) ); } -} \ No newline at end of file +} From 0f97f8a6cdc05b4c5f1be745861445e992b717a0 Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Wed, 8 Apr 2020 14:57:33 -0400 Subject: [PATCH 3/5] Added token regeneration when submitting. --- resources/views/script.blade.php | 40 ++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/resources/views/script.blade.php b/resources/views/script.blade.php index c22fc58..4e2808e 100644 --- a/resources/views/script.blade.php +++ b/resources/views/script.blade.php @@ -14,27 +14,33 @@ let renew = (form) => { let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; - grecaptcha.execute(site_key, { - action: action - .substring(action.indexOf('?'), action.length) - .replace(/[^A-z\/_]/gi, '') - }).then((token) => { - if (token) { - let inputs = form.getElementsByClassName('recaptcha-token'); + const getKey = () => { + grecaptcha.execute(site_key, { + action: action + .substring(action.indexOf('?'), action.length) + .replace(/[^A-z\/_]/gi, '') + }).then((token) => { + if (token) { + Array.from(form.getElementsByClassName('recaptcha-token')) + .forEach((input) => input.remove()); - if (inputs.length) { - Array.from(inputs).forEach((input) => input.remove()); + let child = document.createElement('input'); + + child.setAttribute('type', 'hidden'); + child.setAttribute('name', '_recaptcha'); + child.setAttribute('class', 'recaptcha-token'); + child.setAttribute('value', token); + + form.appendChild(child); } + }); + }; + + getKey(); - let child = document.createElement('input'); - child.setAttribute('type', 'hidden'); - child.setAttribute('name', '_recaptcha'); - child.setAttribute('class', 'recaptcha-token'); - child.setAttribute('value', token); - form.appendChild(child); - } - }); + form.removeEventListener('submit', getKey); + form.addEventListener('submit', getKey); }; setTimeout(() => elements.forEach(renew), 1000 * 120); From f538de0ee3b24bc1fd09776e2544cf842b2e711b Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Wed, 8 Apr 2020 18:09:34 -0400 Subject: [PATCH 4/5] Moved recaptcha token generation to the submit event of the form. --- resources/views/script.blade.php | 53 ++++++++++++-------------------- 1 file changed, 19 insertions(+), 34 deletions(-) diff --git a/resources/views/script.blade.php b/resources/views/script.blade.php index 4e2808e..0b209ef 100644 --- a/resources/views/script.blade.php +++ b/resources/views/script.blade.php @@ -9,41 +9,26 @@ return; } - let elements = Array.from(document.getElementsByTagName('form')) - .filter((form) => form.dataset.recaptcha === 'true'); - - let renew = (form) => { - let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; - - const getKey = () => { - grecaptcha.execute(site_key, { - action: action - .substring(action.indexOf('?'), action.length) - .replace(/[^A-z\/_]/gi, '') - }).then((token) => { - if (token) { - Array.from(form.getElementsByClassName('recaptcha-token')) - .forEach((input) => input.remove()); - - let child = document.createElement('input'); - - child.setAttribute('type', 'hidden'); - child.setAttribute('name', '_recaptcha'); - child.setAttribute('class', 'recaptcha-token'); - child.setAttribute('value', token); - - form.appendChild(child); - } + Array.from(document.getElementsByTagName('form')) + .filter((form) => form.dataset.recaptcha === 'true') + .forEach((form) => { + let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; + form.addEventListener('submit', () => { + grecaptcha.execute(site_key, { + action: action + .substring(action.indexOf('?'), action.length) + .replace(/[^A-z\/_]/gi, '') + }).then((token) => { + if (token) { + let child = document.createElement('input'); + child.setAttribute('type', 'hidden'); + child.setAttribute('name', '_recaptcha'); + child.setAttribute('value', token); + form.appendChild(child); + } + }); }); - }; - - getKey(); - - form.removeEventListener('submit', getKey); - form.addEventListener('submit', getKey); - }; - - setTimeout(() => elements.forEach(renew), 1000 * 120); + }); }; // End Captchavel Script From 7010c8b3ff3d8a3aef742922925ef12b922df2cf Mon Sep 17 00:00:00 2001 From: DarkGhostHunter Date: Wed, 8 Apr 2020 18:12:21 -0400 Subject: [PATCH 5/5] Added stop propagation to stop bubbling the token generation. --- resources/views/script.blade.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/resources/views/script.blade.php b/resources/views/script.blade.php index 0b209ef..cb1f380 100644 --- a/resources/views/script.blade.php +++ b/resources/views/script.blade.php @@ -13,7 +13,8 @@ .filter((form) => form.dataset.recaptcha === 'true') .forEach((form) => { let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action; - form.addEventListener('submit', () => { + form.addEventListener('submit', (event) => { + event.stopPropagation(); grecaptcha.execute(site_key, { action: action .substring(action.indexOf('?'), action.length)