diff --git a/app/Events/Auth/FailedCaptcha.php b/app/Events/Auth/FailedCaptcha.php index ac1786ce4..ba741cf6d 100644 --- a/app/Events/Auth/FailedCaptcha.php +++ b/app/Events/Auth/FailedCaptcha.php @@ -29,31 +29,31 @@ use Illuminate\Queue\SerializesModels; class FailedCaptcha { use SerializesModels; - + /** - * The IP that the request originated from. - * - * @var string - */ + * The IP that the request originated from. + * + * @var string + */ public $ip; /** * The domain that was used to try to verify the request with recaptcha api. - * + * * @var string */ public $domain; - + /** - * Create a new event instance. - * - * @param string $ip - * @param string $domain - * @return void - */ + * Create a new event instance. + * + * @param string $ip + * @param string $domain + * @return void + */ public function __construct($ip, $domain) { $this->ip = $ip; $this->domain = $domain; } -} \ No newline at end of file +} diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php index 25a02b75c..9dd80824a 100644 --- a/app/Http/Controllers/Auth/ForgotPasswordController.php +++ b/app/Http/Controllers/Auth/ForgotPasswordController.php @@ -1,7 +1,7 @@ + * Copyright (c) 2015 - 2017 Dane Everitt . * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/app/Http/Middleware/VerifyReCaptcha.php b/app/Http/Middleware/VerifyReCaptcha.php index 224b3f241..d47984c77 100644 --- a/app/Http/Middleware/VerifyReCaptcha.php +++ b/app/Http/Middleware/VerifyReCaptcha.php @@ -3,8 +3,7 @@ namespace Pterodactyl\Http\Middleware; use Closure; -use Alert; -use \Pterodactyl\Events\Auth\FailedCaptcha; +use Pterodactyl\Events\Auth\FailedCaptcha; class VerifyReCaptcha { @@ -17,8 +16,10 @@ class VerifyReCaptcha */ public function handle($request, Closure $next) { - if (!config('recaptcha.enabled')) return $next($request); - + if (! config('recaptcha.enabled')) { + return $next($request); + } + $response_domain = null; if ($request->has('g-recaptcha-response')) { @@ -40,20 +41,21 @@ class VerifyReCaptcha // Compare the domain received by google with the app url $domain_verified = false; if (config('recaptcha.verify_domain')) { - $matches; - preg_match('/^(?:https?:\/\/)?((?:www\.)?[^:\/\n]+)/', config('app.url'), $matches); - $domain = $matches[1]; - $domain_verified = $response_domain === $domain; + $matches; + preg_match('/^(?:https?:\/\/)?((?:www\.)?[^:\/\n]+)/', config('app.url'), $matches); + $domain = $matches[1]; + $domain_verified = $response_domain === $domain; } - if ($result->success && (!config('recaptcha.verify_domain') || $domain_verified)) { + if ($result->success && (! config('recaptcha.verify_domain') || $domain_verified)) { return $next($request); } } } - + // Emit an event and return to the previous view with an error (only the captcha error will be shown!) event(new FailedCaptcha($request->ip(), $response_domain)); + return back()->withErrors(['g-recaptcha-response' => trans('strings.captcha_invalid')])->withInput(); } } diff --git a/config/recaptcha.php b/config/recaptcha.php index 6e9737493..7ad27cbec 100644 --- a/config/recaptcha.php +++ b/config/recaptcha.php @@ -2,25 +2,25 @@ return [ - /** + /* * Enable or disable captchas */ 'enabled' => env('RECAPTCHA_ENABLED', true), - /** + /* * Use a custom secret key, we use our public one by default */ 'secret_key' => env('RECAPTCHA_SECRET_KEY', '6LekAxoUAAAAAPW-PxNWaCLH76WkClMLSa2jImwD'), - /** + /* * Use a custom website key, we use our public one by default */ - 'website_key' => env('RECAPTCHA_WEBSITE_KEY' ,'6LekAxoUAAAAADjWZJ4ufcDRZBBiH9vfHawqRbup'), + 'website_key' => env('RECAPTCHA_WEBSITE_KEY', '6LekAxoUAAAAADjWZJ4ufcDRZBBiH9vfHawqRbup'), - /** + /* * Domain verification is enabled by default and compares the domain used when solving the captcha * as public keys can't have domain verification on google's side enabled (obviously). */ 'verify_domain' => true, -]; \ No newline at end of file +];