[ Mini Kiebo ]

Server: Windows NT DESKTOP-5B8S0D4 6.2 build 9200 (Windows 8 Professional Edition) i586 Path: D:/Backup/05122024/htdocs/jurnal-kesmas/lib/pkp/classes/form/validation/ [ Home ]
File: FormValidatorReCaptcha.php
<?php

/**
 * @file classes/form/validation/FormValidatorReCaptcha.php
 *
 * Copyright (c) 2014-2021 Simon Fraser University
 * Copyright (c) 2000-2021 John Willinsky
 * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
 *
 * @class FormValidatorReCaptcha
 *
 * @ingroup form_validation
 *
 * @brief Form validation check reCaptcha values.
 */

namespace PKP\form\validation;

use APP\core\Application;
use Exception;
use InvalidArgumentException;
use PKP\config\Config;
use PKP\form\Form;

class FormValidatorReCaptcha extends FormValidator
{
    /** @var string The response field containing the reCaptcha response */
    private const RECAPTCHA_RESPONSE_FIELD = 'g-recaptcha-response';
    /** @var string The request URL */
    private const RECAPTCHA_URL = 'https://www.google.com/recaptcha/api/siteverify';
    /** @var string The initiating IP address of the user */
    private $_userIp;
    /** @var string The hostname to expect in the validation response */
    private $_hostname;

    /**
     * Constructor.
     *
     * @param \PKP\form\Form $form
     * @param string $userIp IP address of user request
     * @param string $message Key of message to display on mismatch
     * @param string|null $hostname Hostname to expect in validation response
     */
    public function __construct(Form $form, string $userIp, string $message, ?string $hostname = null)
    {
        parent::__construct($form, self::RECAPTCHA_RESPONSE_FIELD, FormValidator::FORM_VALIDATOR_REQUIRED_VALUE, $message);
        $this->_userIp = $userIp;
        $this->_hostname = $hostname;
    }

    //
    // Public methods
    //
    /**
     * @see FormValidator::isValid()
     * Determine whether or not the form meets this ReCaptcha constraint.
     *
     */
    public function isValid(): bool
    {
        $form = $this->getForm();
        try {
            $this->validateResponse($form->getData(self::RECAPTCHA_RESPONSE_FIELD), $this->_userIp, $this->_hostname);
            return true;
        } catch (Exception $exception) {
            $this->_message = 'common.captcha.error.missing-input-response';
            return false;
        }
    }

    /**
     * Validates the reCaptcha response
     *
     * @param string|null $response The reCaptcha response
     * @param string|null $ip The user IP address (defaults to null)
     * @param string|null $hostname The application hostname (defaults to null)
     *
     * @throws Exception Throws in case the validation fails
     */
    public static function validateResponse(?string $response, ?string $ip = null, ?string $hostname = null): void
    {
        if (!empty($ip) && !filter_var($ip, FILTER_VALIDATE_IP)) {
            throw new InvalidArgumentException('Invalid IP address.');
        }

        if (empty($response)) {
            throw new InvalidArgumentException('The reCaptcha user response is required.');
        }

        $privateKey = Config::getVar('captcha', 'recaptcha_private_key');
        if (empty($privateKey)) {
            throw new Exception('The reCaptcha is not configured correctly, the secret key is missing.');
        }

        $httpClient = Application::get()->getHttpClient();
        $response = $httpClient->request(
            'POST',
            self::RECAPTCHA_URL,
            [
                'multipart' => [
                    ['name' => 'secret', 'contents' => $privateKey],
                    ['name' => 'response', 'contents' => $response],
                    ['name' => 'remoteip', 'contents' => $ip]
                ]
            ]
        );

        $response = json_decode($response->getBody(), true);
        if (Config::getVar('captcha', 'recaptcha_enforce_hostname') && ($response['hostname'] ?? null) != $hostname) {
            throw new Exception('The hostname validation of the reCaptcha response failed.');
        }

        $errorMap = [
            'missing-input-secret' => 'The secret parameter is missing.',
            'invalid-input-secret' => 'The secret parameter is invalid or malformed.',
            'missing-input-response' => 'The response parameter is missing.',
            'invalid-input-response' => 'The response parameter is invalid or malformed.',
            'invalid-keys' => 'The configured keys are invalid.',
            'bad-request' => 'The request is invalid or malformed.',
            'timeout-or-duplicate' => 'The response is no longer valid: either is too old or has been used previously.'
        ];

        if (!($response['success'] ?? false)) {
            $errors = [];
            foreach ($response['error-codes'] ?? [] as $error) {
                $errors[] = $errorMap[$error] ?? $error;
            }
            throw new Exception(implode("\n", $errors) ?: 'The reCaptcha validation failed.');
        }
    }
}

if (!PKP_STRICT_MODE) {
    class_alias('\PKP\form\validation\FormValidatorReCaptcha', '\FormValidatorReCaptcha');
}