Merge pull request #6 from Laragear/fix/interstitial-json-warn

DarkGhostHunter · web-flow · commit 46cd34a886b9 · 2025-03-30T15:07:30.000-03:00
[1.x] Fixes testing keys and response.
diff --git a/README.md b/README.md
@@ -777,6 +777,18 @@ use Laragear\Turnstile\Http\Controllers\InterstitialController;
 InterstitialController::register('/challenge', 'guest');
 ```
 
+> [!IMPORTANT]
+> 
+> The interstitial middleware will _throw_ a JSON response if the request _requires_ JSON. This is because JSON response cannot be redirected. Instead, use the `redirect_url` key of the response to redirect the user to the interstitial controller.
+> 
+> ```js
+> response = await $fetch('/comment', 'POST', {body: 'My Comment'});
+> 
+> if (response.isStatus(400) && response.hasJson('redirect_url')) {
+>   window.location.href = response.json('redirect_url')
+> }
+> ```
+
 ### Skip when authenticated
 
 If you want to skip the challenge if a user is authenticated, you may add the `auth` keyword as parameter.
@@ -861,7 +873,7 @@ return [
 
 ```php
 return [
-   The `true` value will remind the challenge forever. An integer will remind the challenge for that amount of minutes.
+    'env' => env('TURNSTILE_ENV'),
 ];
 ```
 
diff --git a/src/Http/Middleware/InterstitialMiddleware.php b/src/Http/Middleware/InterstitialMiddleware.php
@@ -5,6 +5,8 @@
 use Closure;
 use Illuminate\Contracts\Auth\Factory;
 use Illuminate\Contracts\Config\Repository;
+use Illuminate\Http\Exceptions\HttpResponseException;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Redirector;
 use Illuminate\Support\DateFactory;
@@ -43,9 +45,13 @@ public function handle(Request $request, Closure $next, string $auth = ''): mixe
             return $next($request);
         }
 
-        return $this->redirect
-            ->setIntendedUrl($request->fullUrl())
-            ->route($this->config->get('turnstile.interstitial.route'));
+        $route = $this->config->get('turnstile.interstitial.route');
+
+        if ($request->expectsJson()) {
+            $this->throwJsonException($route);
+        }
+
+        return $this->redirect->setIntendedUrl($request->fullUrl())->route($route);
     }
 
     /**
@@ -71,4 +77,18 @@ protected function shouldSkipWhenChallengeRecentlyDone(Request $request): bool
 
         return $duration === true || $this->date->createFromTimestamp($duration)->isFuture();
     }
+
+    /**
+     * Throw a JSON exception with some data for the turnstile challenge.
+     */
+    protected function throwJsonException(string $route): never
+    {
+        throw new HttpResponseException(
+            new JsonResponse([
+                'success' => false,
+                'message' => 'Requires Turnstile Challenge.',
+                'redirect_url' => $this->redirect->route($route)->getTargetUrl(),
+            ], 400)
+        );
+    }
 }
diff --git a/src/Turnstile.php b/src/Turnstile.php
@@ -299,9 +299,9 @@ protected function getSecretKey(): string
         if ($this->currentEnvironment() !== 'production') {
             $key = match (strtolower($key)) {
                 '' => $this->testingSecretKey->value,
-                strtolower(SecretKey::Passing->name) => SiteKey::VisiblePassing->value,
-                strtolower(SecretKey::Fails->name) => SiteKey::VisibleBlocks->value,
-                strtolower(SecretKey::Spent->name) => SiteKey::InvisiblePassing->value,
+                strtolower(SecretKey::Passing->name) => SecretKey::Passing->value,
+                strtolower(SecretKey::Fails->name) => SecretKey::Fails->value,
+                strtolower(SecretKey::Spent->name) => SecretKey::Spent->value,
                 default => $key,
             };
         }
diff --git a/tests/Http/Middleware/InterstitialMiddlewareTest.php b/tests/Http/Middleware/InterstitialMiddlewareTest.php
@@ -88,4 +88,26 @@ public function test_redirects_if_challenge_timestamp_is_past(): void
             ->assertRedirect('turnstile/interstitial')
             ->assertRedirectToRoute($this->app->make('config')->get('turnstile.interstitial.route'));
     }
+
+    public function test_throws_json_response_if_request_is_json(): void
+    {
+        $this->router()->get('test/intended', fn() => 'ok')->middleware('web', 'turnstile.interstitial');
+        $this->router()->post('test/intended', fn() => 'ok')->middleware('web', 'turnstile.interstitial');
+
+        $this->getJson('test/intended')
+            ->assertStatus(400)
+            ->assertJson([
+                'success' => false,
+                'message' => "Requires Turnstile Challenge.",
+                'redirect_url' => 'http://localhost/turnstile/interstitial',
+            ]);
+
+        $this->getJson('test/intended')
+            ->assertStatus(400)
+            ->assertJson([
+                'success' => false,
+                'message' => "Requires Turnstile Challenge.",
+                'redirect_url' => 'http://localhost/turnstile/interstitial',
+            ]);
+    }
 }
diff --git a/tests/TurnstileTest.php b/tests/TurnstileTest.php
@@ -528,23 +528,35 @@ public function test_uses_testing_site_key_by_name(SiteKey $key, string $name):
     public static function provideTestingSecretKeysNames(): array
     {
         return [
-            [SiteKey::VisiblePassing, 'VisiblePassing'],
-            [SiteKey::VisiblePassing, 'visiblepassing'],
-            [SiteKey::VisibleBlocks, 'VisibleBlocks'],
-            [SiteKey::VisibleBlocks, 'visibleblocks'],
-            [SiteKey::InvisiblePassing, 'InvisiblePassing'],
-            [SiteKey::InvisiblePassing, 'invisiblepassing'],
-            [SiteKey::InvisibleBlocks, 'InvisibleBlocks'],
-            [SiteKey::InvisibleBlocks, 'invisibleblocks'],
+            [SecretKey::Passing, 'Passing'],
+            [SecretKey::Passing, 'passing'],
+            [SecretKey::Fails, 'Fails'],
+            [SecretKey::Fails, 'fails'],
+            [SecretKey::Spent, 'Spent'],
+            [SecretKey::Spent, 'spent'],
         ];
     }
 
     #[DataProvider('provideTestingSecretKeysNames')]
-    public function test_uses_testing_secret_key_by_name(SiteKey $key, string $name): void
+    public function test_uses_testing_secret_key_by_name(SecretKey $key, string $name): void
     {
         $this->app->instance('env', 'not-production-nor-testing');
-        $this->app->make('config')->set('turnstile.site_key', $name);
+        $this->app->make('config')->set('turnstile.secret_key', $name);
 
-        static::assertSame($this->turnstile()->getSiteKey(), $key->value);
+        $this->mock(HttpFactory::class, function (MockInterface $mock) use ($key): void {
+            $mock->expects('asJson')->andReturnSelf();
+            $mock->expects('acceptJson')->andReturnSelf();
+            $mock->expects('withOptions')->andReturnSelf();
+            $mock->expects('post')
+                ->withArgs(static function (string $endpoint, array $data) use ($key): bool {
+                    static::assertSame($data['secret'], $key->value);
+
+                    return true;
+                })
+                ->andReturnSelf();
+            $mock->expects('throw')->andReturn($this->guzzleResponse());
+        });
+
+        $this->turnstile()->getChallenge('test-key');
     }
 }
