Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Captcha trait

Browse Source
This commit is contained in:
Roman
2024-05-03 19:05:43 +02:00
parent 3a639d9a3c
commit 76cd92ee0e
4 changed files with 162 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
Core/API/Traits/Captcha.trait.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
namespace Core\API\Traits;
use Core\API\Parameter\StringType;
use Core\API\VerifyCaptcha;
use Core\Objects\Context;
trait Captcha {
function addCaptchaParameters(array &$parameters): void {
$settings = $this->context->getSettings();
if ($settings->isCaptchaEnabled()) {
$parameters["captcha"] = new StringType("captcha");
}
}
function checkCaptcha(string $action): bool {
$settings = $this->context->getSettings();
if ($settings->isCaptchaEnabled()) {
$captcha = $this->getParam("captcha");
$req = new VerifyCaptcha($this->context);
if (!$req->execute(array("captcha" => $captcha, "action" => $action))) {
return $this->createError($req->getLastError());
}
}
return true;
}
}

70
Core/API/UserAPI.class.php
View File

@@ -124,9 +124,9 @@ namespace Core\API\User {
use Core\API\Parameter\Parameter;
use Core\API\Parameter\StringType;
use Core\API\Template\Render;
use Core\API\Traits\Captcha;
use Core\API\Traits\Pagination;
use Core\API\UserAPI;
use Core\API\VerifyCaptcha;
use Core\Driver\SQL\Condition\CondBool;
use Core\Driver\SQL\Condition\CondLike;
use Core\Driver\SQL\Condition\CondOr;
@@ -716,6 +716,8 @@ namespace Core\API\User {
class Register extends UserAPI {
use Captcha;
public function __construct(Context $context, bool $externalCall = false) {
$parameters = array(
"username" => new StringType("username", 32),
@@ -724,10 +726,7 @@ namespace Core\API\User {
"confirmPassword" => new StringType("confirmPassword"),
);
$settings = $context->getSettings();
if ($settings->isCaptchaEnabled()) {
$parameters["captcha"] = new StringType("captcha");
}
$this->addCaptchaParameters($parameters);
parent::__construct($context, $externalCall, $parameters);
$this->csrfTokenRequired = false;
@@ -745,12 +744,8 @@ namespace Core\API\User {
return $this->createError("User Registration is not enabled.");
}
if ($settings->isCaptchaEnabled()) {
$captcha = $this->getParam("captcha");
$req = new VerifyCaptcha($this->context);
if (!$req->execute(array("captcha" => $captcha, "action" => "register"))) {
return $this->createError($req->getLastError());
}
if (!$this->checkCaptcha("register")) {
return false;
}
$username = $this->getParam("username");
@@ -840,7 +835,8 @@ namespace Core\API\User {
'email' => new Parameter('email', Parameter::TYPE_EMAIL, true, NULL),
'password' => new StringType('password', -1, true, NULL),
'groups' => new ArrayType('groups', Parameter::TYPE_INT, true, true, NULL),
'confirmed' => new Parameter('confirmed', Parameter::TYPE_BOOLEAN, true, NULL)
'confirmed' => new Parameter('confirmed', Parameter::TYPE_BOOLEAN, true, NULL),
'active' => new Parameter('active', Parameter::TYPE_BOOLEAN, true, NULL)
));
$this->loginRequired = true;
@@ -865,6 +861,7 @@ namespace Core\API\User {
$password = $this->getParam("password");
$groups = $this->getParam("groups");
$confirmed = $this->getParam("confirmed");
$active = $this->getParam("active");
$email = (!is_null($email) && empty($email)) ? null : $email;
@@ -918,13 +915,22 @@ namespace Core\API\User {
if (!is_null($confirmed)) {
if ($id === $currentUser->getId() && $confirmed === false) {
return $this->createError("Cannot make own account unconfirmed.");
return $this->createError("Cannot change confirmed flag on own account.");
} else {
$user->confirmed = $confirmed;
$columnsToUpdate[] = "confirmed";
}
}
if (!is_null($active)) {
if ($id === $currentUser->getId() && $active === false) {
return $this->createError("Cannot change active flag on own account.");
} else {
$user->active = $active;
$columnsToUpdate[] = "active";
}
}
if (empty($columnsToUpdate) || $user->save($sql, $columnsToUpdate)) {
$deleteQuery = $sql->delete("UserGroup")->whereEq("user_id", $id);
@@ -995,16 +1001,15 @@ namespace Core\API\User {
}
class RequestPasswordReset extends UserAPI {
use Captcha;
public function __construct(Context $context, $externalCall = false) {
$parameters = array(
$parameters = [
'email' => new Parameter('email', Parameter::TYPE_EMAIL),
);
$settings = $context->getSettings();
if ($settings->isCaptchaEnabled()) {
$parameters["captcha"] = new StringType("captcha");
}
];
$this->addCaptchaParameters($parameters);
parent::__construct($context, $externalCall, $parameters);
}
@@ -1019,12 +1024,8 @@ namespace Core\API\User {
return $this->createError("The mail service is not enabled, please contact the server administration.");
}
if ($settings->isCaptchaEnabled()) {
$captcha = $this->getParam("captcha");
$req = new VerifyCaptcha($this->context);
if (!$req->execute(array("captcha" => $captcha, "action" => "resetPassword"))) {
return $this->createError($req->getLastError());
}
if (!$this->checkCaptcha("resetPassword")) {
return false;
}
$sql = $this->context->getSQL();
@@ -1088,16 +1089,15 @@ namespace Core\API\User {
}
class ResendConfirmEmail extends UserAPI {
use Captcha;
public function __construct(Context $context, $externalCall = false) {
$parameters = array(
'email' => new Parameter('email', Parameter::TYPE_EMAIL),
);
$settings = $context->getSettings();
if ($settings->isCaptchaEnabled()) {
$parameters["captcha"] = new StringType("captcha");
}
$this->addCaptchaParameters($parameters);
parent::__construct($context, $externalCall, $parameters);
}
@@ -1108,12 +1108,8 @@ namespace Core\API\User {
}
$settings = $this->context->getSettings();
if ($settings->isCaptchaEnabled()) {
$captcha = $this->getParam("captcha");
$req = new VerifyCaptcha($this->context);
if (!$req->execute(array("captcha" => $captcha, "action" => "resendConfirmation"))) {
return $this->createError($req->getLastError());
}
if (!$this->checkCaptcha("resendConfirmation")) {
return false;
}
$email = $this->getParam("email");