From 82e3cf04c3d47f1eb193a063f65a1f50934b0d57 Mon Sep 17 00:00:00 2001 From: Vadim Rybalko Date: Wed, 9 Dec 2020 00:01:25 +0300 Subject: [PATCH] Implement optional reCAPTCHA for login page --- app/Http/Controllers/SetupController.php | 2 ++ app/Http/Controllers/UserController.php | 12 ++++++++++++ resources/views/env.blade.php | 5 +++++ resources/views/login.blade.php | 11 +++++++++++ resources/views/setup.blade.php | 9 +++++++++ 5 files changed, 39 insertions(+) diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 23b161d1a..c8205b5c0 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -103,6 +103,7 @@ public static function performSetup(Request $request) { } $polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha'); + $polr_acct_login_recaptcha = $request->input('setting:acct_login_recaptcha'); $polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key'); $polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key'); @@ -162,6 +163,7 @@ public static function performSetup(Request $request) { 'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation, 'POLR_ACCT_ACTIVATION' => $polr_acct_activation, 'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha, + 'POLR_ACCT_LOGIN_RECAPTCHA' => $polr_acct_login_recaptcha, 'ST_SHORTEN_PERMISSION' => $st_shorten_permission, 'ST_INDEX_REDIRECT' => $st_index_redirect, 'ST_REDIRECT_404' => $st_redirect_404, diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 62e8c27d5..934fad88c 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -38,6 +38,18 @@ public function performLogin(Request $request) { $username = $request->input('username'); $password = $request->input('password'); + if (env('POLR_LOGIN_RECAPTCHA')) { + // Verify reCAPTCHA if setting is enabled + $gRecaptchaResponse = $request->input('g-recaptcha-response'); + + $recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY')); + $recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip()); + + if (!$recaptcha_resp->isSuccess()) { + return redirect(route('login'))->with('error', 'You must complete the reCAPTCHA to login.'); + } + } + $credentials_valid = UserHelper::checkCredentials($username, $password); if ($credentials_valid != false) { diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php index c3a1a2376..75cdb92c3 100644 --- a/resources/views/env.blade.php +++ b/resources/views/env.blade.php @@ -59,6 +59,11 @@ # in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}} +# Set to true to require reCAPTCHAs on login pages +# If this setting is enabled, you must also provide your reCAPTCHA keys +# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY +POLR_ACCT_LOGIN_RECAPTCHA={{$POLR_ACCT_LOGIN_RECAPTCHA}} + # Set to true to require users to be logged in before shortening URLs SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}} diff --git a/resources/views/login.blade.php b/resources/views/login.blade.php index 511aaacc6..e2182265a 100644 --- a/resources/views/login.blade.php +++ b/resources/views/login.blade.php @@ -12,6 +12,11 @@
+ + @if (env('POLR_LOGIN_RECAPTCHA')) +
+ @endif + @@ -29,3 +34,9 @@
+ @endif +@endsection diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php index d19f03283..017f59ecc 100644 --- a/resources/views/setup.blade.php +++ b/resources/views/setup.blade.php @@ -226,6 +226,15 @@ +

+ Require reCAPTCHA for Login + +

+ +

reCAPTCHA Configuration: