fix(recaptcha): support reCAPTCHA v2 on form submit, not button click

Automattic · Jan 14, 2025 · 7025321 · 7025321
1 parent 9c6faab
commit 7025321
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 5 deletions.
diff --git a/includes/class-modal-checkout.php b/includes/class-modal-checkout.php
@@ -132,7 +132,7 @@ public static function init() {
 		add_filter( 'wc_get_template', [ __CLASS__, 'wc_get_template' ], 10, 2 );
 		add_filter( 'woocommerce_checkout_fields', [ __CLASS__, 'woocommerce_checkout_fields' ] );
 		add_filter( 'woocommerce_update_order_review_fragments', [ __CLASS__, 'order_review_fragments' ] );
-		add_filter( 'newspack_recaptcha_verify_captcha', [ __CLASS__, 'recaptcha_verify_captcha' ], 10, 2 );
+		add_filter( 'newspack_recaptcha_verify_captcha', [ __CLASS__, 'recaptcha_verify_captcha' ], 10, 3 );
 		add_filter( 'woocommerce_enqueue_styles', [ __CLASS__, 'dequeue_woocommerce_styles' ] );
 		add_filter( 'wcs_place_subscription_order_text', [ __CLASS__, 'order_button_text' ], 5 );
 		add_filter( 'woocommerce_order_button_text', [ __CLASS__, 'order_button_text' ], 5 );
@@ -1374,12 +1374,17 @@ class="button close-button"
 	}
 
 	/**
-	 * Prevent reCaptcha from being verified for AJAX checkout (e.g. Apple Pay).
+	 * Prevent reCAPTCHA from being verified for AJAX checkout (e.g. Apple Pay).
 	 *
 	 * @param bool   $should_verify Whether to verify the captcha.
-	 * @param string $url The URL from which the checkout originated.
+	 * @param string $url The URL from which the verification request originated.
+	 * @param string $context The context that triggered the verification request.
 	 */
-	public static function recaptcha_verify_captcha( $should_verify, $url ) {
+	public static function recaptcha_verify_captcha( $should_verify, $url, $context ) {
+		if ( 'checkout' !== $context ) {
+			return $should_verify;
+		}
+
 		$is_validation_only = boolval( filter_input( INPUT_POST, 'is_validation_only', FILTER_SANITIZE_NUMBER_INT ) );
 		parse_str( \wp_parse_url( $url, PHP_URL_QUERY ), $query );
 		if (

diff --git a/src/modal-checkout/index.js b/src/modal-checkout/index.js
@@ -426,6 +426,7 @@ import { domReady } from './utils';
 					// Clear checkout details.
 					$( '#checkout_details' ).remove();
 					if ( isEditingDetails ) {
+						$form.attr( 'data-skip-recaptcha', '1' );
 						$form.append( '<input name="is_validation_only" type="hidden" value="1" />' );
 						// Destroy reCAPTCHA inputs so we don't trigger validation between checkout steps.
 						if ( 'v3' === newspack_grecaptcha?.version ) {
@@ -447,6 +448,7 @@ import { domReady } from './utils';
 						} );
 						$form.on( 'submit', handleFormSubmit );
 					} else {
+						$form.removeAttr( 'data-skip-recaptcha' );
 						const $validationOnlyField = $form.find( '[name="is_validation_only"]' );
 						if ( $validationOnlyField.length ) {
 							$validationOnlyField.remove();

diff --git a/src/modal-checkout/templates/form-checkout.php b/src/modal-checkout/templates/form-checkout.php
@@ -31,7 +31,7 @@
 			<?php do_action( 'woocommerce_checkout_billing' ); ?>
 			<?php do_action( 'woocommerce_checkout_shipping' ); ?>
 			<?php \Newspack_Blocks\Modal_Checkout::maybe_show_wcs_gifting_fields(); ?>
-			<button class="newspack-ui__button newspack-ui__button--primary newspack-ui__button--wide" id="checkout_continue" type="submit" data-skip-recaptcha><?php esc_html_e( 'Continue', 'newspack-blocks' ); ?></button>
+			<button class="newspack-ui__button newspack-ui__button--primary newspack-ui__button--wide" id="checkout_continue" type="submit"><?php esc_html_e( 'Continue', 'newspack-blocks' ); ?></button>
 		</div>
 		<div id="after_customer_details">
 			<div class="order-review-wrapper hidden">