Merge branch 'develop' into WS-507-HHS-webform

brockfanning · web-flow · commit 784300ffccd3 · 2025-02-13T10:26:34.000-05:00
diff --git a/composer.json b/composer.json
@@ -89,6 +89,7 @@
         "drupal/quickedit": "^1.0",
         "drupal/rdf": "^2.0",
         "drupal/recaptcha": "^3.4",
+        "drupal/recaptcha_v3": "^2.0",
         "drupal/restui": "^1.21.0",
         "drupal/roleassign": "^2.0.0",
         "drupal/rules": "^3.0@alpha",
diff --git a/composer.lock b/composer.lock
diff --git a/config/default/captcha.settings.yml b/config/default/captcha.settings.yml
@@ -2,7 +2,7 @@ _core:
   default_config_hash: QDFjOXYIYVwCPQYHY4wAx4DUqOEkNaZokIx6DGApR9I
 enable_globally: 0
 enable_globally_on_admin_routes: false
-default_challenge: recaptcha/reCAPTCHA
+default_challenge: recaptcha_v3/submit
 description: 'This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.'
 title: CAPTCHA
 administration_mode: true
diff --git a/config/default/core.extension.yml b/config/default/core.extension.yml
@@ -139,6 +139,7 @@ module:
   quickedit: 0
   rdf: 0
   recaptcha: 0
+  recaptcha_v3: 0
   rest: 0
   restui: 0
   roleassign: 0
diff --git a/config/default/entity_clone.cloneable_entities.yml b/config/default/entity_clone.cloneable_entities.yml
@@ -71,3 +71,4 @@ cloneable_entities:
   - mailer_policy
   - config_split
   - captcha_point
+  - recaptcha_v3_action
diff --git a/config/default/recaptcha.settings.yml b/config/default/recaptcha.settings.yml
@@ -1,7 +1,7 @@
 _core:
   default_config_hash: ByOVf1cU9r5NkZ4ieBJ7k9sUid6jb03ojMN1gjJ0-OU
-site_key: 6Le3tV0qAAAAAJB8fxsSPxs3v46Zo69t2IaRFU5C
-secret_key: 6Le3tV0qAAAAAB4omG0eYGfM4AaP7pfEuFGD12gE
+site_key: ''
+secret_key: ''
 verify_hostname: false
 use_globally: false
 widget:
diff --git a/config/default/recaptcha_v3.recaptcha_v3_action.submit.yml b/config/default/recaptcha_v3.recaptcha_v3_action.submit.yml
@@ -0,0 +1,8 @@
+uuid: 07cf3e20-e94b-4432-ad26-e748d2c078a7
+langcode: en
+status: true
+dependencies: {  }
+id: submit
+label: submit
+threshold: 0.5
+challenge: recaptcha/reCAPTCHA
diff --git a/config/default/recaptcha_v3.settings.yml b/config/default/recaptcha_v3.settings.yml
@@ -0,0 +1,10 @@
+_core:
+  default_config_hash: 6xvuojdlZ8-8Q7yJyRldPaE0UK_YijOlDo6HvURmW_E
+site_key: 6Le3tV0qAAAAAJB8fxsSPxs3v46Zo69t2IaRFU5C
+secret_key: 6Le3tV0qAAAAAB4omG0eYGfM4AaP7pfEuFGD12gE
+hide_badge: false
+verify_hostname: true
+default_challenge: ''
+error_message: 'Anti-bot verification failed.'
+cacheable: false
+library_use_recaptcha_net: true
diff --git a/docroot/modules/custom/foia_api/src/Plugin/rest/resource/WebformSubmissionResource.php b/docroot/modules/custom/foia_api/src/Plugin/rest/resource/WebformSubmissionResource.php
@@ -198,7 +198,7 @@ public function post($data) {
     // Validate recaptcha.
     $captcha_errors = [];
     $captcha = $values['data']['captcha'];
-    $captcha_errors = $this->validateCaptcha($captcha);
+    $captcha_errors = $this->validateCaptchaV3($captcha);
 
     if (!empty($captcha_errors)) {
       // The react front end will know that 401 means the captcha failed and
@@ -270,7 +270,7 @@ public function post($data) {
   }
 
   /**
-   * Validates that the submitted reCAPTCHA ( google ) is correct.
+   * Validates that the submitted reCAPTCHA_v2 ( google ) is correct.
    *
    * @param string $captcha
    *   The submitted captcha value.
@@ -364,6 +364,58 @@ protected function validateCaptcha(string $captcha) {
     return $errors;
   }
 
+  /**
+   * CAPTCHA Callback; Validates the reCAPTCHA v3 code.
+   *
+   * Copied and modified from recaptcha_v3.module.
+   */
+  protected function validateCaptchaV3($captcha_response) {
+
+    // This is hardwired on the reactjs side.
+    $captcha_type_challenge = 'submit';
+    /** @var \Drupal\recaptcha_v3\ReCaptchaV3ActionInterface $recaptcha_v3 */
+    $recaptcha_v3 = ReCaptchaV3Action::load($captcha_type_challenge) ?? ReCaptchaV3Action::create([
+      'id' => '',
+      'label' => '',
+      'threshold' => 1,
+      'challenge' => 'default',
+    ]);
+    // Verify submitted reCAPTCHA v3 token.
+    $verification_response = _recaptcha_v3_verify_captcha_response($recaptcha_v3, $captcha_response);
+
+    if (!$verification_response['success']) {
+      // If we here, then token verification failed.
+      if ($verification_response['error-codes']) {
+        $errors = [];
+
+        $challenge = $recaptcha_v3->getChallenge();
+        if ($challenge === 'default') {
+          $challenge = \Drupal::config('recaptcha_v3.settings')->get('default_challenge');
+        }
+
+        foreach ($verification_response['error-codes'] as $code) {
+          // If we have fallback challenge then do not log the threshold errors.
+          if ($challenge && $code === 'score-threshold-not-met') {
+            continue;
+          }
+          $errors[] = recaptcha_v3_error_by_code($code);
+        }
+
+        if ($errors) {
+          $errors_string = implode(' ', $errors);
+          \Drupal::logger('recaptcha_v3')->error(
+            'Google reCAPTCHA v3 validation failed: @error',
+            ['@error' => $errors_string]
+          );
+        }
+      }
+
+      $error_message = \Drupal::config('recaptcha_v3.settings')->get('error_message');
+    }
+
+    return (bool) $verification_response['success'];
+  }
+
   /**
    * Logs a submission with HTTP status code, message, and optional component.
    *
