From 89fd6550748c90504971f444392de3afd8f7cbf5 Mon Sep 17 00:00:00 2001
From: REJack <info@rejack.de>
Date: Sun, 10 Feb 2019 18:49:26 +0100
Subject: [PATCH] updated captcha abilities & tests

---
 app/Libraries/Aauth.php                     | 29 ++++++++++-----
 app/Libraries/Aauth/CAPTCHA.php             | 41 ++++++++++++---------
 tests/Aauth/Libraries/Aauth/CAPTCHATest.php |  8 ++--
 3 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/app/Libraries/Aauth.php b/app/Libraries/Aauth.php
index 37704f7..f0c9e4a 100644
--- a/app/Libraries/Aauth.php
+++ b/app/Libraries/Aauth.php
@@ -218,15 +218,26 @@ class Aauth
 			return false;
 		}
 
-		// if ($this->config->ddos_protection && $this->config->recaptcha_active && $loginAttempts->get() > $this->config->recaptcha_login_attempts){
-		// 	$this->CI->load->helper('recaptchalib');
-		// 	$reCaptcha = new ReCaptcha( $this->config->recaptcha_secret);
-		// 	$resp      = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
-		// 	if( ! $resp->success){
-		// 		$this->error(lang('Aauth.aauth_error_recaptcha_not_correct'));
-		// 		return false;
-		// 	}
-		// }
+		if ($this->config->loginProtection && $this->config->captchaEnabled && $this->isCaptchaRequired())
+		{
+			$request = \Config\Services::request();
+
+			if ($this->config->captchaType === 'recaptcha')
+			{
+				$response = $request->getPostGet('g-recaptcha-response');
+			}
+			else if ($this->config->captchaType === 'recaptcha')
+			{
+				$response = $request->getPostGet('h-captcha-response');
+			}
+
+			if (! $this->verifyCaptchaResponse($response))
+			{
+				$this->error('Aauth.invalidCaptcha');
+
+				return false;
+			}
+		}
 
 		if ($this->config->loginUseUsername)
 		{
diff --git a/app/Libraries/Aauth/CAPTCHA.php b/app/Libraries/Aauth/CAPTCHA.php
index 8175c87..42e1572 100644
--- a/app/Libraries/Aauth/CAPTCHA.php
+++ b/app/Libraries/Aauth/CAPTCHA.php
@@ -29,7 +29,7 @@ use \App\Models\Aauth\LoginAttemptModel;
 class CAPTCHA extends \App\Libraries\Aauth
 {
 	/**
-	 * Verify Response
+	 * Verify CAPTCHA Response
 	 *
 	 * Calls the CAPTCHA site verify API to verify whether the user passes
 	 * CAPTCHA test.
@@ -38,7 +38,7 @@ class CAPTCHA extends \App\Libraries\Aauth
 	 *
 	 * @return array
 	 */
-	public function verifyResponse($response)
+	public function verifyCaptchaResponse($response)
 	{
 		if ($response === null || strlen($response) === 0)
 		{
@@ -97,30 +97,37 @@ class CAPTCHA extends \App\Libraries\Aauth
 	{
 		$content = '';
 
-		if ($this->config->loginProtection && $this->config->captchaEnabled)
+		if ($this->config->loginProtection && $this->config->captchaEnabled && $this->isCaptchaRequired())
 		{
-			$loginAttemptModel = new LoginAttemptModel();
+			$siteKey = $this->config->captchaSiteKey;
 
-			if ($loginAttemptModel->find() >= $this->config->captchaLoginAttempts)
+			if ($this->config->captchaType === 'recaptcha')
 			{
-				$siteKey = $this->config->captchaSiteKey;
-
-				if ($this->config->captchaType === 'recaptcha')
-				{
-					$content  = "<div class='g-recaptcha' data-sitekey='{$siteKey}'></div>";
-					$content .= '<script src="https://www.google.com/recaptcha/api.js" async defer></script>';
-				}
-				else if ($this->config->captchaType === 'hcaptcha')
-				{
-					$content  = "<div class='h-captcha' data-sitekey='{$siteKey}'></div>";
-					$content .= '<script src="https://hcaptcha.com/1/api.js" async defer></script>';
-				}
+				$content  = "<div class='g-recaptcha' data-sitekey='{$siteKey}'></div>";
+				$content .= '<script src="https://www.google.com/recaptcha/api.js" async defer></script>';
+			}
+			else if ($this->config->captchaType === 'hcaptcha')
+			{
+				$content  = "<div class='h-captcha' data-sitekey='{$siteKey}'></div>";
+				$content .= '<script src="https://hcaptcha.com/1/api.js" async defer></script>';
 			}
 		}
 
 		return $content;
 	}
 
+	/**
+	 * Is CAPTCHA Required
+	 *
+	 * @return boolean
+	 */
+	public function isCaptchaRequired()
+	{
+		$loginAttemptModel = new LoginAttemptModel();
+
+		return $loginAttemptModel->find() >= $this->config->captchaLoginAttempts;
+	}
+
 	/**
 	 * Submit GET
 	 *
diff --git a/tests/Aauth/Libraries/Aauth/CAPTCHATest.php b/tests/Aauth/Libraries/Aauth/CAPTCHATest.php
index 217cc2a..2bdb47d 100644
--- a/tests/Aauth/Libraries/Aauth/CAPTCHATest.php
+++ b/tests/Aauth/Libraries/Aauth/CAPTCHATest.php
@@ -93,17 +93,17 @@ class CAPTCHATest extends CIDatabaseTestCase
 		$this->assertContains('https://hcaptcha.com/1', $this->library->generateCaptchaHtml());
 	}
 
-	public function testVerifyResponse()
+	public function testVerifyCaptchaResponse()
 	{
 		$config                 = new AauthConfig();
 		$config->captchaEnabled = true;
 		$this->library          = new Aauth($config, true);
 
-		$this->assertContains('missing-input', $this->library->verifyResponse(null)['errorCodes']);
-		$this->assertContains('invalid-input-response', $this->library->verifyResponse('0123456789')['errorCodes']);
+		$this->assertContains('missing-input', $this->library->verifyCaptchaResponse(null)['errorCodes']);
+		$this->assertContains('invalid-input-response', $this->library->verifyCaptchaResponse('0123456789')['errorCodes']);
 
 		$config->captchaType = 'hcaptcha';
 		$this->library       = new Aauth($config, true);
-		$this->assertContains('invalid-input-response', $this->library->verifyResponse('0123456789')['errorCodes']);
+		$this->assertContains('invalid-input-response', $this->library->verifyCaptchaResponse('0123456789')['errorCodes']);
 	}
 }