captcha on login now

4 weeks ago · 82e48acfa1
13 changed files with 1206 additions and 60 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@ vendor/
 composer.phar

 Configuration/Secrets.yaml
+Configuration/GCCServiceAccountCreds.json
--- a/App/Enumerators/SessionElement.php
+++ b/App/Enumerators/SessionElement.php
@ -7,4 +7,5 @@ enum SessionElement: string
    case IS_LOGGED_IN = "IS_LOGGED_IN";
    case USER_ID = "USER_ID";
    case USERNAME = "USERNAME";
+    case LAST_ASSESSMENT_RESULT = "LAST_ASSESSMENT_RESULT";
 }
--- a/App/Wrappers/CAPTCHAWrapper.php
+++ b/App/Wrappers/CAPTCHAWrapper.php
@ -0,0 +1,89 @@
+<?php
+
+namespace App\Wrappers;
+
+require_once __DIR__ . "/../../vendor/autoload.php";
+
+// Include Google Cloud dependencies using Composer
+use App\Configuration;
+use App\Enumerators\SessionElement;
+use Google\Cloud\RecaptchaEnterprise\V1\Assessment;
+use Google\Cloud\RecaptchaEnterprise\V1\Event;
+use Google\Cloud\RecaptchaEnterprise\V1\Key;
+use Google\Cloud\RecaptchaEnterprise\V1\RecaptchaEnterpriseServiceClient;
+use Google\Cloud\RecaptchaEnterprise\V1\TokenProperties\InvalidReason;
+use Google\Cloud\RecaptchaEnterprise\V1\WebKeySettings;
+use Google\Cloud\RecaptchaEnterprise\V1\WebKeySettings\IntegrationType;
+use Grpc\Gcp\Config;
+
+class CAPTCHAWrapper
+{
+    public static function CreateAssessment(
+        string $token,
+        string $action
+    ): ?float
+    {
+
+        $credFilePath = __DIR__ . "/../../Configuration/GCCServiceAccountCreds.json";
+        putenv("GOOGLE_APPLICATION_CREDENTIALS=$credFilePath");
+
+        // Create the reCAPTCHA client.
+        // TODO: Cache the client generation code (recommended) or call client.close() before exiting the method.
+        $client = new RecaptchaEnterpriseServiceClient();
+
+        $project = Configuration::GetConfig("reCAPTCHA", "ProjectID");
+
+        $projectName = $client->projectName($project);
+
+        // Set the properties of the event to be tracked.
+        $event = (new Event())
+            ->setSiteKey(Configuration::GetConfig("reCAPTCHA", "KeyID"))
+            ->setToken($token);
+
+        // Build the assessment request.
+        $assessment = (new Assessment())->setEvent($event);
+
+        $response = $client->createAssessment(
+            $projectName,
+            $assessment
+        );
+
+        // Check if the token is valid.
+        if ($response->getTokenProperties()->getValid() == false) {
+            // printf('The CreateAssessment() call failed because the token was invalid for the following reason: ');
+            // printf(InvalidReason::name($response->getTokenProperties()->getInvalidReason()));
+            return floatval(-1);
+        }
+
+        // Check if the expected action was executed.
+        if ($response->getTokenProperties()->getAction() == $action) {
+            // Get the risk score and the reason(s).
+            // For more information on interpreting the assessment, see:
+            // https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
+            // printf('The score for the protection action is:');
+            return $response->getRiskAnalysis()->getScore();
+        } else {
+            // printf('The action attribute in your reCAPTCHA tag does not match the action you are expecting to score');
+        }
+        return null;
+    }
+
+    public static function HandleCaptchaResponse(string $captchaResponse): void
+    {
+        $assessmentResponse = CAPTCHAWrapper::CreateAssessment(
+            token: $captchaResponse,
+            action: 'submit'
+        );
+
+        if ($assessmentResponse == null)
+        {
+            die("captcha assessment is null");
+        }
+        if ($assessmentResponse <= floatval(Configuration::GetConfig("reCAPTCHA", "AcceptableLowerBoundsForLogin")))
+        {
+            die("go away robot!");
+        }
+
+        SessionWrapper::Set(SessionElement::LAST_ASSESSMENT_RESULT, $assessmentResponse);
+    }
+}
--- a/App/Wrappers/SessionWrapper.php
+++ b/App/Wrappers/SessionWrapper.php
@ -8,12 +8,13 @@ class SessionWrapper
 {
    public static function Start(): void
    {
-        if (session_status() == PHP_SESSION_NONE) {
+        if (session_status() == PHP_SESSION_NONE)
+        {
            session_start();
        }
    }

-    public static function Get(SessionElement $target)
+    public static function Get(SessionElement $target): mixed
    {
        self::Start();
        if(array_key_exists(key: $target->value, array: $_SESSION))
@ -22,4 +23,10 @@ class SessionWrapper
        }
        die();
    }
+
+    public static function Set(SessionElement $target, mixed $newValue): void
+    {
+        self::Start();
+        $_SESSION[$target->value] = $newValue;
+    }
 }
--- a/App/Wrappers/TwigWrapper.php
+++ b/App/Wrappers/TwigWrapper.php
@ -43,6 +43,8 @@ class TwigWrapper
        $this->twig->addGlobal('_CURRENT_URI_', urlencode("http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"));
        $this->twig->addGlobal('_USER_TIMEZONE_OFFSET_', 60);

+        $this->twig->addGlobal('_CAPTCHA_KEY_ID_', Configuration::GetConfig('reCAPTCHA', 'KeyID'));
+

        $this->twig->addExtension(new FiltersExtension());
        $this->twig->addExtension(new FunctionExtensions($this->twig));
--- a/Configuration/Configuration.yaml
+++ b/Configuration/Configuration.yaml
@ -16,3 +16,8 @@ MariaDB:
  Username: ;MARIADB__USERNAME
  Password: ;MARIADB__PASSWORD
  Database: FolkTuneFinder_Live
+
+reCAPTCHA:
+  KeyID: ;RECAPTCHA_ENTERPRISE_KEY_ID
+  ProjectID: ;RECAPTCHA_ENTERPRISE_PROJECT_ID
+  AcceptableLowerBoundsForLogin: 0.5
--- a/Localisation/en-GB.yaml
+++ b/Localisation/en-GB.yaml
@ -3,6 +3,7 @@
 # A
 ##################################################
 ABC Notation: ABC Notation
+Account Login: Account Login
 Audio: Audio


@ -17,7 +18,9 @@ Bars: Bars
 ##################################################
 # C
 ##################################################
+Confirm Password: Confirm Password
 Copyright: Copyright
+Create an Account: Create an Account



@ -77,6 +80,7 @@ Key Signature: Key Signature
 # L
 ##################################################
 Log in to vote: Log in to vote
+Logout: Logout



--- a/Pages/logout.php
+++ b/Pages/logout.php
@ -0,0 +1,12 @@
+<?php
+
+use App\Wrappers\SessionWrapper;
+
+require_once __DIR__ . "/../vendor/autoload.php";
+
+SessionWrapper::Start();
+
+$_SESSION = [];
+
+header("Location: /");
+die();
--- a/Public/FormHandling/Login.php
+++ b/Public/FormHandling/Login.php
@ -1,11 +1,17 @@
 <?php

 use App\Enumerators\SessionElement;
+use App\Wrappers\CAPTCHAWrapper;
 use App\Wrappers\DatabaseInteractions;
 use App\Wrappers\SQLQueryBuilderWrapper;

 require_once __DIR__ . "/../../vendor/autoload.php";

+
+$captchaResponse = $_POST['g-recaptcha-response'];
+CAPTCHAWrapper::HandleCaptchaResponse($captchaResponse);
+
+
 $username = $_POST['Username'];
 $password = $_POST['Password'];

--- a/Templates/Pages/login.html.twig
+++ b/Templates/Pages/login.html.twig
@ -1,9 +1,22 @@
 {% extends "/Bases/StandardWebPage.html.twig" %}

 {% block content %}
+
+
+    <script src="https://www.google.com/recaptcha/enterprise.js?render={{ _CAPTCHA_KEY_ID_ }}"></script>
+    <script>
+        function onSubmitLoginForm(token) {
+            document.getElementById("LoginForm").submit();
+        }
+        function onSubmitCreateAccountForm(token) {
+            document.getElementById("CreateAccountForm").submit();
+        }
+    </script>
+
    <div class="InnerContent">
-        <h1>Ceilidh Kit Login</h1>
+        <h1>{{ "Account Login"|translate }}</h1>
        <form
+                id="LoginForm"
                action="/FormHandling/Login.php"
                method="POST"
        >
@ -19,7 +32,40 @@

            <br>

-            <input type="submit">
+            <button class="g-recaptcha"
+                    data-sitekey="{{ _CAPTCHA_KEY_ID_ }}"
+                    data-callback='onSubmitLoginForm'
+                    data-action='submit'>{{ "Login"|translate }}</button>
+        </form>
+
+        <h1>{{ "Create an Account"|translate }}</h1>
+        <form
+                id="CreateAccountForm"
+                action="/FormHandling/CreateAccount.php"
+                method="POST"
+        >
+            <label for="Username">{{ "Username"|translate }}</label>
+            <br>
+            <input id="Username" name="Username" type="text">
+
+            <br>
+
+            <label for="Password1">{{ "Password"|translate }}</label>
+            <br>
+            <input id="Password1" name="Password1" type="password">
+
+            <br>
+
+            <label for="Password2">{{ "Confirm Password"|translate }}</label>
+            <br>
+            <input id="Password2" name="Password2" type="password">
+
+            <br>
+
+            <button class="g-recaptcha"
+                    data-sitekey="{{ _CAPTCHA_KEY_ID_ }}"
+                    data-callback='onSubmitCreateAccountForm'
+                    data-action='submit'>{{ "Create Account"|translate }}</button>
        </form>
    </div>
 {% endblock %}
--- a/Templates/Pages/profile.html.twig
+++ b/Templates/Pages/profile.html.twig
@ -4,6 +4,8 @@
    <div class="InnerContent">
        <h1>{{ "Your Profile"|translate }}</h1>

+        <a href="/logout">{{ "Logout"|translate }}</a>
+
        <div class="DLContainer">
            <h2>{{ "Summary"|translate }}</h2>
            <dl>
--- a/composer.json
+++ b/composer.json
@ -27,6 +27,8 @@

    "algolia/algoliasearch-client-php": "*",
    "ext-pdo": "*",
-    "aura/sqlquery": "2.8.1"
+    "aura/sqlquery": "2.8.1",
+
+    "google/cloud-recaptcha-enterprise": "v1.7.0"
  }
 }
--- a/composer.lock
+++ b/composer.lock