Commit ffedd039 authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1811177: Updating recaptcha to 1.2.1



behatnotneeded

Change-Id: I6747ae20072b4d05f164acc96f3c7485bd7a1a6f
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 6249c8fe
......@@ -2,6 +2,6 @@ reCAPTCHA PHP library
=====================
Website: https://github.com/google/recaptcha
Version: 1.1.2
Version: 1.2.1
reCAPTCHA is a free CAPTCHA service that protect websites from spam and abuse. This is Google authored code that provides plugins for third-party integration with reCAPTCHA.
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -35,16 +35,82 @@ class ReCaptcha
* Version of this client library.
* @const string
*/
const VERSION = 'php_1.1.2';
const VERSION = 'php_1.2.1';
/**
* URL for reCAPTCHA sitevrerify API
* @const string
*/
const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
/**
* Invalid JSON received
* @const string
*/
const E_INVALID_JSON = 'invalid-json';
/**
* Could not connect to service
* @const string
*/
const E_CONNECTION_FAILED = 'connection-failed';
/**
* Did not receive a 200 from the service
* @const string
*/
const E_BAD_RESPONSE = 'bad-response';
/**
* Not a success, but no error codes received!
* @const string
*/
const E_UNKNOWN_ERROR = 'unknown-error';
/**
* ReCAPTCHA response not provided
* @const string
*/
const E_MISSING_INPUT_RESPONSE = 'missing-input-response';
/**
* Expected hostname did not match
* @const string
*/
const E_HOSTNAME_MISMATCH = 'hostname-mismatch';
/**
* Expected APK package name did not match
* @const string
*/
const E_APK_PACKAGE_NAME_MISMATCH = 'apk_package_name-mismatch';
/**
* Expected action did not match
* @const string
*/
const E_ACTION_MISMATCH = 'action-mismatch';
/**
* Score threshold not met
* @const string
*/
const E_SCORE_THRESHOLD_NOT_MET = 'score-threshold-not-met';
/**
* Challenge timeout
* @const string
*/
const E_CHALLENGE_TIMEOUT = 'challenge-timeout';
/**
* Shared secret for the site.
* @var type string
* @var string
*/
private $secret;
/**
* Method used to communicate with service. Defaults to POST request.
* Method used to communicate with service. Defaults to POST request.
* @var RequestMethod
*/
private $requestMethod;
......@@ -52,8 +118,9 @@ class ReCaptcha
/**
* Create a configured instance to use the reCAPTCHA service.
*
* @param string $secret shared secret between site and reCAPTCHA server.
* @param string $secret The shared key between your site and reCAPTCHA.
* @param RequestMethod $requestMethod method used to send the request. Defaults to POST.
* @throws \RuntimeException if $secret is invalid
*/
public function __construct($secret, RequestMethod $requestMethod = null)
{
......@@ -66,19 +133,14 @@ class ReCaptcha
}
$this->secret = $secret;
if (!is_null($requestMethod)) {
$this->requestMethod = $requestMethod;
} else {
$this->requestMethod = new RequestMethod\Post();
}
$this->requestMethod = (is_null($requestMethod)) ? new RequestMethod\Post() : $requestMethod;
}
/**
* Calls the reCAPTCHA siteverify API to verify whether the user passes
* CAPTCHA test.
* CAPTCHA test and additionally runs any specified additional checks
*
* @param string $response The value of 'g-recaptcha-response' in the submitted form.
* @param string $response The user response token provided by reCAPTCHA, verifying the user on your site.
* @param string $remoteIp The end user's IP address.
* @return Response Response from the service.
*/
......@@ -86,12 +148,114 @@ class ReCaptcha
{
// Discard empty solution submissions
if (empty($response)) {
$recaptchaResponse = new Response(false, array('missing-input-response'));
$recaptchaResponse = new Response(false, array(self::E_MISSING_INPUT_RESPONSE));
return $recaptchaResponse;
}
$params = new RequestParameters($this->secret, $response, $remoteIp, self::VERSION);
$rawResponse = $this->requestMethod->submit($params);
return Response::fromJson($rawResponse);
$initialResponse = Response::fromJson($rawResponse);
$validationErrors = array();
if (isset($this->hostname) && strcasecmp($this->hostname, $initialResponse->getHostname()) !== 0) {
$validationErrors[] = self::E_HOSTNAME_MISMATCH;
}
if (isset($this->apkPackageName) && strcasecmp($this->apkPackageName, $initialResponse->getApkPackageName()) !== 0) {
$validationErrors[] = self::E_APK_PACKAGE_NAME_MISMATCH;
}
if (isset($this->action) && strcasecmp($this->action, $initialResponse->getAction()) !== 0) {
$validationErrors[] = self::E_ACTION_MISMATCH;
}
if (isset($this->threshold) && $this->threshold > $initialResponse->getScore()) {
$validationErrors[] = self::E_SCORE_THRESHOLD_NOT_MET;
}
if (isset($this->timeoutSeconds)) {
$challengeTs = strtotime($initialResponse->getChallengeTs());
if ($challengeTs > 0 && time() - $challengeTs > $this->timeoutSeconds) {
$validationErrors[] = self::E_CHALLENGE_TIMEOUT;
}
}
if (empty($validationErrors)) {
return $initialResponse;
}
return new Response(
false,
array_merge($initialResponse->getErrorCodes(), $validationErrors),
$initialResponse->getHostname(),
$initialResponse->getChallengeTs(),
$initialResponse->getApkPackageName(),
$initialResponse->getScore(),
$initialResponse->getAction()
);
}
/**
* Provide a hostname to match against in verify()
* This should be without a protocol or trailing slash, e.g. www.google.com
*
* @param string $hostname Expected hostname
* @return ReCaptcha Current instance for fluent interface
*/
public function setExpectedHostname($hostname)
{
$this->hostname = $hostname;
return $this;
}
/**
* Provide an APK package name to match against in verify()
*
* @param string $apkPackageName Expected APK package name
* @return ReCaptcha Current instance for fluent interface
*/
public function setExpectedApkPackageName($apkPackageName)
{
$this->apkPackageName = $apkPackageName;
return $this;
}
/**
* Provide an action to match against in verify()
* This should be set per page.
*
* @param string $action Expected action
* @return ReCaptcha Current instance for fluent interface
*/
public function setExpectedAction($action)
{
$this->action = $action;
return $this;
}
/**
* Provide a threshold to meet or exceed in verify()
* Threshold should be a float between 0 and 1 which will be tested as response >= threshold.
*
* @param float $threshold Expected threshold
* @return ReCaptcha Current instance for fluent interface
*/
public function setScoreThreshold($threshold)
{
$this->threshold = floatval($threshold);
return $this;
}
/**
* Provide a timeout in seconds to test against the challenge timestamp in verify()
*
* @param int $timeoutSeconds Expected hostname
* @return ReCaptcha Current instance for fluent interface
*/
public function setChallengeTimeout($timeoutSeconds)
{
$this->timeoutSeconds = $timeoutSeconds;
return $this;
}
}
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -26,6 +26,7 @@
namespace ReCaptcha\RequestMethod;
use ReCaptcha\ReCaptcha;
use ReCaptcha\RequestMethod;
use ReCaptcha\RequestParameters;
......@@ -36,25 +37,28 @@ use ReCaptcha\RequestParameters;
*/
class CurlPost implements RequestMethod
{
/**
* URL to which requests are sent via cURL.
* @const string
*/
const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
/**
* Curl connection to the reCAPTCHA service
* @var Curl
*/
private $curl;
public function __construct(Curl $curl = null)
/**
* URL for reCAPTCHA sitevrerify API
* @var string
*/
private $siteVerifyUrl;
/**
* Only needed if you want to override the defaults
*
* @param Curl $curl Curl resource
* @param string $siteVerifyUrl URL for reCAPTCHA sitevrerify API
*/
public function __construct(Curl $curl = null, $siteVerifyUrl = null)
{
if (!is_null($curl)) {
$this->curl = $curl;
} else {
$this->curl = new Curl();
}
$this->curl = (is_null($curl)) ? new Curl() : $curl;
$this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
}
/**
......@@ -65,7 +69,7 @@ class CurlPost implements RequestMethod
*/
public function submit(RequestParameters $params)
{
$handle = $this->curl->init(self::SITE_VERIFY_URL);
$handle = $this->curl->init($this->siteVerifyUrl);
$options = array(
CURLOPT_POST => true,
......@@ -83,6 +87,10 @@ class CurlPost implements RequestMethod
$response = $this->curl->exec($handle);
$this->curl->close($handle);
return $response;
if ($response !== false) {
return $response;
}
return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
}
}
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -26,6 +26,7 @@
namespace ReCaptcha\RequestMethod;
use ReCaptcha\ReCaptcha;
use ReCaptcha\RequestMethod;
use ReCaptcha\RequestParameters;
......@@ -35,10 +36,20 @@ use ReCaptcha\RequestParameters;
class Post implements RequestMethod
{
/**
* URL to which requests are POSTed.
* @const string
* URL for reCAPTCHA sitevrerify API
* @var string
*/
const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
private $siteVerifyUrl;
/**
* Only needed if you want to override the defaults
*
* @param string $siteVerifyUrl URL for reCAPTCHA sitevrerify API
*/
public function __construct($siteVerifyUrl = null)
{
$this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
}
/**
* Submit the POST request with the specified parameters.
......@@ -48,23 +59,22 @@ class Post implements RequestMethod
*/
public function submit(RequestParameters $params)
{
/**
* PHP 5.6.0 changed the way you specify the peer name for SSL context options.
* Using "CN_name" will still work, but it will raise deprecated errors.
*/
$peer_key = version_compare(PHP_VERSION, '5.6.0', '<') ? 'CN_name' : 'peer_name';
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => $params->toQueryString(),
// Force the peer to validate (not needed in 5.6.0+, but still works
// Force the peer to validate (not needed in 5.6.0+, but still works)
'verify_peer' => true,
// Force the peer validation to use www.google.com
$peer_key => 'www.google.com',
),
);
$context = stream_context_create($options);
return file_get_contents(self::SITE_VERIFY_URL, false, $context);
$response = file_get_contents($this->siteVerifyUrl, false, $context);
if ($response !== false) {
return $response;
}
return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
}
}
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -36,7 +36,7 @@ class Socket
/**
* fsockopen
*
*
* @see http://php.net/fsockopen
* @param string $hostname
* @param int $port
......@@ -51,14 +51,13 @@ class Socket
if ($this->handle != false && $errno === 0 && $errstr === '') {
return $this->handle;
} else {
return false;
}
return false;
}
/**
* fwrite
*
*
* @see http://php.net/fwrite
* @param string $string
* @param int $length
......@@ -71,7 +70,7 @@ class Socket
/**
* fgets
*
*
* @see http://php.net/fgets
* @param int $length
* @return string
......@@ -83,7 +82,7 @@ class Socket
/**
* feof
*
*
* @see http://php.net/feof
* @return bool
*/
......@@ -94,7 +93,7 @@ class Socket
/**
* fclose
*
*
* @see http://php.net/fclose
* @return bool
*/
......
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -26,37 +26,17 @@
namespace ReCaptcha\RequestMethod;
use ReCaptcha\ReCaptcha;
use ReCaptcha\RequestMethod;
use ReCaptcha\RequestParameters;
/**
* Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
* instead of get_file_contents(). This is to account for people who may be on
* servers where allow_furl_open is disabled.
* servers where allow_url_open is disabled.
*/
class SocketPost implements RequestMethod
{
/**
* reCAPTCHA service host.
* @const string
*/
const RECAPTCHA_HOST = 'www.google.com';
/**
* @const string reCAPTCHA service path
*/
const SITE_VERIFY_PATH = '/recaptcha/api/siteverify';
/**
* @const string Bad request error
*/
const BAD_REQUEST = '{"success": false, "error-codes": ["invalid-request"]}';
/**
* @const string Bad response error
*/
const BAD_RESPONSE = '{"success": false, "error-codes": ["invalid-response"]}';
/**
* Socket to the reCAPTCHA service
* @var Socket
......@@ -64,17 +44,15 @@ class SocketPost implements RequestMethod
private $socket;
/**
* Constructor
* Only needed if you want to override the defaults
*
* @param \ReCaptcha\RequestMethod\Socket $socket optional socket, injectable for testing
* @param string $siteVerifyUrl URL for reCAPTCHA sitevrerify API
*/
public function __construct(Socket $socket = null)
public function __construct(Socket $socket = null, $siteVerifyUrl = null)
{
if (!is_null($socket)) {
$this->socket = $socket;
} else {
$this->socket = new Socket();
}
$this->socket = (is_null($socket)) ? new Socket() : $socket;
$this->siteVerifyUrl = (is_null($siteVerifyUrl)) ? ReCaptcha::SITE_VERIFY_URL : $siteVerifyUrl;
}
/**
......@@ -87,15 +65,16 @@ class SocketPost implements RequestMethod
{
$errno = 0;
$errstr = '';
$urlParsed = parse_url($this->siteVerifyUrl);
if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {
return self::BAD_REQUEST;
if (false === $this->socket->fsockopen('ssl://' . $urlParsed['host'], 443, $errno, $errstr, 30)) {
return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
}
$content = $params->toQueryString();
$request = "POST " . self::SITE_VERIFY_PATH . " HTTP/1.1\r\n";
$request .= "Host: " . self::RECAPTCHA_HOST . "\r\n";
$request = "POST " . $urlParsed['path'] . " HTTP/1.1\r\n";
$request .= "Host: " . $urlParsed['host'] . "\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Content-length: " . strlen($content) . "\r\n";
$request .= "Connection: close\r\n\r\n";
......@@ -111,7 +90,7 @@ class SocketPost implements RequestMethod
$this->socket->fclose();
if (0 !== strpos($response, 'HTTP/1.1 200 OK')) {
return self::BAD_RESPONSE;
return '{"success": false, "error-codes": ["'.ReCaptcha::E_BAD_RESPONSE.'"]}';
}
$parts = preg_split("#\n\s*\n#Uis", $response);
......
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -32,13 +32,13 @@ namespace ReCaptcha;
class RequestParameters
{
/**
* Site secret.
* The shared key between your site and reCAPTCHA.
* @var string
*/
private $secret;
/**
* Form response.
* The user response token provided by reCAPTCHA, verifying the user on your site.
* @var string
*/
private $response;
......
......@@ -3,7 +3,7 @@
* This is a PHP library that handles calling reCAPTCHA.
*
* @copyright Copyright (c) 2015, Google Inc.
* @link http://www.google.com/recaptcha
* @link https://www.google.com/recaptcha
*