Cleanup recaptcha middleware

This commit is contained in:
Dane Everitt 2017-03-31 21:12:49 -04:00
parent 451dd7ebc8
commit ff57e2ff85
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 20 additions and 18 deletions

View file

@ -12,7 +12,7 @@ class VerifyReCaptcha
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Closure $next * @param \Closure $next
* @return mixed * @return \Illuminate\Http\RediectResponse
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
@ -20,41 +20,38 @@ class VerifyReCaptcha
return $next($request); return $next($request);
} }
$response_domain = null;
if ($request->has('g-recaptcha-response')) { if ($request->has('g-recaptcha-response')) {
$response = $request->get('g-recaptcha-response');
$client = new \GuzzleHttp\Client(); $client = new \GuzzleHttp\Client();
$res = $client->post('https://www.google.com/recaptcha/api/siteverify', [ $res = $client->post(config('recaptcha.domain'), [
'form_params' => [ 'form_params' => [
'secret' => config('recaptcha.secret_key'), 'secret' => config('recaptcha.secret_key'),
'response' => $response, 'response' => $request->input('g-recaptcha-response'),
], ],
]); ]);
if ($res->getStatusCode() === 200) { if ($res->getStatusCode() === 200) {
$result = json_decode($res->getBody()); $result = json_decode($res->getBody());
$response_domain = $result->hostname; $verified = function ($result, $request) {
if (! config('recaptcha.verify_domain')) {
// Compare the domain received by google with the app url return false;
$domain_verified = false;
if (config('recaptcha.verify_domain')) {
$matches;
preg_match('/^(?:https?:\/\/)?((?:www\.)?[^:\/\n]+)/', config('app.url'), $matches);
$domain = $matches[1];
$domain_verified = $response_domain === $domain;
} }
if ($result->success && (! config('recaptcha.verify_domain') || $domain_verified)) { $url = parse_url($request->url());
if (array_key_exists('host', $url)) {
return $result->hostname === $url['host'];
}
};
if ($result->success && (! config('recaptcha.verify_domain') || $verified($result, $request))) {
return $next($request); return $next($request);
} }
} }
} }
// Emit an event and return to the previous view with an error (only the captcha error will be shown!) // Emit an event and return to the previous view with an error (only the captcha error will be shown!)
event(new FailedCaptcha($request->ip(), $response_domain)); event(new FailedCaptcha($request->ip(), (! isset($result->hostname) ?: $result->hostname)));
return back()->withErrors(['g-recaptcha-response' => trans('strings.captcha_invalid')])->withInput(); return back()->withErrors(['g-recaptcha-response' => trans('strings.captcha_invalid')])->withInput();
} }

View file

@ -7,6 +7,11 @@ return [
*/ */
'enabled' => env('RECAPTCHA_ENABLED', true), 'enabled' => env('RECAPTCHA_ENABLED', true),
/*
* API endpoint for recaptcha checks. You should not edit this.
*/
'domain' => 'https://www.google.com/recaptcha/api/siteverify',
/* /*
* Use a custom secret key, we use our public one by default * Use a custom secret key, we use our public one by default
*/ */