From 18dc0923186065b18ebbf61a914ab8f070df26bb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 3 Dec 2020 11:06:40 +0100 Subject: [PATCH] Remove reCAPTCHA v1 implementation API keys can no longer be created and Google removed the necessary endpoints for it to work. Thus the code is dead code by now. --- com.woltlab.wcf/templates/recaptcha.tpl | 95 +--------- .../install/files/acp/templates/recaptcha.tpl | 95 +--------- .../files/lib/form/RecaptchaForm.class.php | 34 +--- .../system/captcha/RecaptchaHandler.class.php | 35 +--- .../recaptcha/RecaptchaHandler.class.php | 167 ------------------ 5 files changed, 13 insertions(+), 413 deletions(-) delete mode 100644 wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandler.class.php diff --git a/com.woltlab.wcf/templates/recaptcha.tpl b/com.woltlab.wcf/templates/recaptcha.tpl index ce0a66293e..42f74ff043 100644 --- a/com.woltlab.wcf/templates/recaptcha.tpl +++ b/com.woltlab.wcf/templates/recaptcha.tpl @@ -1,100 +1,7 @@ {if $recaptchaLegacyMode|empty} {include file='captcha'} {else} - {* No explicit keys were set, use legacy V1 API and WoltLab's OEM keys *} - {if RECAPTCHA_PUBLICKEY === '' || RECAPTCHA_PRIVATEKEY === ''} -
-
-

{lang}wcf.recaptcha.title{/lang}

-

{lang}wcf.recaptcha.description{/lang}

-
- -
- {if !$ajaxCaptcha|isset || !$ajaxCaptcha} - - {/if} -
- -
-
-
- - {if (($errorType|isset && $errorType|is_array && $errorType[recaptchaString]|isset) || ($errorField|isset && $errorField == 'recaptchaString'))} - {if $errorType|is_array && $errorType[recaptchaString]|isset} - {assign var='__errorType' value=$errorType[recaptchaString]} - {else} - {assign var='__errorType' value=$errorType} - {/if} - - {if $__errorType == 'empty'} - {lang}wcf.global.form.error.empty{/lang} - {else} - {lang}wcf.recaptcha.error.recaptchaString.{$__errorType}{/lang} - {/if} - - {/if} -
- - {event name='fields'} - -
- -
- - {if !$ajaxCaptcha|isset || !$ajaxCaptcha} - - - {else} - - {/if} -
-
- {else} + {if RECAPTCHA_PUBLICKEY !== '' && RECAPTCHA_PRIVATEKEY !== ''} {if $supportsAsyncCaptcha|isset && $supportsAsyncCaptcha && RECAPTCHA_PUBLICKEY_INVISIBLE && RECAPTCHA_PRIVATEKEY_INVISIBLE}

{lang}wcf.recaptcha.title{/lang}

diff --git a/wcfsetup/install/files/acp/templates/recaptcha.tpl b/wcfsetup/install/files/acp/templates/recaptcha.tpl index ce0a66293e..42f74ff043 100644 --- a/wcfsetup/install/files/acp/templates/recaptcha.tpl +++ b/wcfsetup/install/files/acp/templates/recaptcha.tpl @@ -1,100 +1,7 @@ {if $recaptchaLegacyMode|empty} {include file='captcha'} {else} - {* No explicit keys were set, use legacy V1 API and WoltLab's OEM keys *} - {if RECAPTCHA_PUBLICKEY === '' || RECAPTCHA_PRIVATEKEY === ''} -
-
-

{lang}wcf.recaptcha.title{/lang}

-

{lang}wcf.recaptcha.description{/lang}

-
- -
- {if !$ajaxCaptcha|isset || !$ajaxCaptcha} - - {/if} -
- -
-
-
- - {if (($errorType|isset && $errorType|is_array && $errorType[recaptchaString]|isset) || ($errorField|isset && $errorField == 'recaptchaString'))} - {if $errorType|is_array && $errorType[recaptchaString]|isset} - {assign var='__errorType' value=$errorType[recaptchaString]} - {else} - {assign var='__errorType' value=$errorType} - {/if} - - {if $__errorType == 'empty'} - {lang}wcf.global.form.error.empty{/lang} - {else} - {lang}wcf.recaptcha.error.recaptchaString.{$__errorType}{/lang} - {/if} - - {/if} -
- - {event name='fields'} - -
- -
- - {if !$ajaxCaptcha|isset || !$ajaxCaptcha} - - - {else} - - {/if} -
-
- {else} + {if RECAPTCHA_PUBLICKEY !== '' && RECAPTCHA_PRIVATEKEY !== ''} {if $supportsAsyncCaptcha|isset && $supportsAsyncCaptcha && RECAPTCHA_PUBLICKEY_INVISIBLE && RECAPTCHA_PRIVATEKEY_INVISIBLE}

{lang}wcf.recaptcha.title{/lang}

diff --git a/wcfsetup/install/files/lib/form/RecaptchaForm.class.php b/wcfsetup/install/files/lib/form/RecaptchaForm.class.php index d05d7ffbe2..ccd4162853 100644 --- a/wcfsetup/install/files/lib/form/RecaptchaForm.class.php +++ b/wcfsetup/install/files/lib/form/RecaptchaForm.class.php @@ -1,9 +1,7 @@ challenge = StringUtil::trim($_POST['recaptcha_challenge_field']); - if (isset($_POST['recaptcha_response_field'])) $this->response = StringUtil::trim($_POST['recaptcha_response_field']); - } - else { - // V2 - if (isset($_POST['g-recaptcha-response'])) $this->response = $_POST['g-recaptcha-response']; - } + if (isset($_POST['g-recaptcha-response'])) $this->response = $_POST['g-recaptcha-response']; } /** @@ -75,14 +65,7 @@ abstract class RecaptchaForm extends AbstractForm { */ protected function validateCaptcha() { if ($this->useCaptcha) { - if (!RECAPTCHA_PUBLICKEY || !RECAPTCHA_PRIVATEKEY) { - // V1 - RecaptchaHandler::getInstance()->validate($this->challenge, $this->response); - } - else { - // V2 - RecaptchaHandlerV2::getInstance()->validate($this->response); - } + RecaptchaHandlerV2::getInstance()->validate($this->response); $this->useCaptcha = false; } @@ -103,16 +86,9 @@ abstract class RecaptchaForm extends AbstractForm { public function assignVariables() { parent::assignVariables(); - if (!RECAPTCHA_PUBLICKEY || !RECAPTCHA_PRIVATEKEY) { - // V1 - RecaptchaHandler::getInstance()->assignVariables(); - } - else { - // V2 - WCF::getTPL()->assign([ - 'recaptchaLegacyMode' => true - ]); - } + WCF::getTPL()->assign([ + 'recaptchaLegacyMode' => true + ]); WCF::getTPL()->assign([ 'useCaptcha' => $this->useCaptcha diff --git a/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php b/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php index f0374e2215..cb15d569de 100644 --- a/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php +++ b/wcfsetup/install/files/lib/system/captcha/RecaptchaHandler.class.php @@ -2,7 +2,6 @@ namespace wcf\system\captcha; use wcf\system\recaptcha\RecaptchaHandlerV2; use wcf\system\WCF; -use wcf\util\StringUtil; /** * Captcha handler for reCAPTCHA. @@ -37,16 +36,9 @@ class RecaptchaHandler implements ICaptchaHandler { public function getFormElement() { if (WCF::getSession()->getVar('recaptchaDone')) return ''; - if (!RECAPTCHA_PUBLICKEY || !RECAPTCHA_PRIVATEKEY) { - // V1 - \wcf\system\recaptcha\RecaptchaHandler::getInstance()->assignVariables(); - } - else { - // V2 - WCF::getTPL()->assign([ - 'recaptchaLegacyMode' => true - ]); - } + WCF::getTPL()->assign([ + 'recaptchaLegacyMode' => true + ]); return WCF::getTPL()->fetch('recaptcha'); } @@ -72,16 +64,8 @@ class RecaptchaHandler implements ICaptchaHandler { * @inheritDoc */ public function readFormParameters() { - if (!RECAPTCHA_PUBLICKEY || !RECAPTCHA_PRIVATEKEY) { - // V1 - if (isset($_POST['recaptcha_challenge_field'])) $this->challenge = StringUtil::trim($_POST['recaptcha_challenge_field']); - if (isset($_POST['recaptcha_response_field'])) $this->response = StringUtil::trim($_POST['recaptcha_response_field']); - } - else { - // V2 - if (isset($_POST['recaptcha-type'])) $this->challenge = $_POST['recaptcha-type']; - if (isset($_POST['g-recaptcha-response'])) $this->response = $_POST['g-recaptcha-response']; - } + if (isset($_POST['recaptcha-type'])) $this->challenge = $_POST['recaptcha-type']; + if (isset($_POST['g-recaptcha-response'])) $this->response = $_POST['g-recaptcha-response']; } /** @@ -97,13 +81,6 @@ class RecaptchaHandler implements ICaptchaHandler { public function validate() { if (WCF::getSession()->getVar('recaptchaDone')) return; - if (!RECAPTCHA_PUBLICKEY || !RECAPTCHA_PRIVATEKEY) { - // V1 - \wcf\system\recaptcha\RecaptchaHandler::getInstance()->validate($this->challenge, $this->response); - } - else { - // V2 - RecaptchaHandlerV2::getInstance()->validate($this->response, $this->challenge ?: 'v2'); - } + RecaptchaHandlerV2::getInstance()->validate($this->response, $this->challenge ?: 'v2'); } } diff --git a/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandler.class.php b/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandler.class.php deleted file mode 100644 index 2480c7250f..0000000000 --- a/wcfsetup/install/files/lib/system/recaptcha/RecaptchaHandler.class.php +++ /dev/null @@ -1,167 +0,0 @@ - - * and released under the conditions of the GNU Lesser General Public License. - * - * @author Alexander Ebert - * @copyright 2001-2019 WoltLab GmbH - * @license GNU Lesser General Public License - * @package WoltLabSuite\Core\System\Recaptcha - */ -class RecaptchaHandler extends SingletonFactory { - /** - * list of supported languages - * @var string[] - * @see http://code.google.com/intl/de-DE/apis/recaptcha/docs/customization.html#i18n - */ - protected $supportedLanguages = ['de', 'en', 'es', 'fr', 'nl', 'pt', 'ru', 'tr']; - - /** - * language code - * @var string - */ - protected $languageCode = ''; - - /** - * public key - * @var string - */ - protected $publicKey = ''; - - /** - * private key - * @var string - */ - protected $privateKey = ''; - - // reply codes (see ) - const VALID_ANSWER = 'valid'; - const ERROR_UNKNOWN = 'unknown'; - const ERROR_INVALID_PUBLICKEY = 'invalid-site-public-key'; - const ERROR_INVALID_PRIVATEKEY = 'invalid-site-private-key'; - const ERROR_INVALID_COOKIE = 'invalid-request-cookie'; - const ERROR_INCORRECT_SOLUTION = 'incorrect-captcha-sol'; - const ERROR_INCORRECT_PARAMS = 'verify-params-incorrect'; - const ERROR_INVALID_REFFERER = 'invalid-referrer'; - const ERROR_NOT_REACHABLE = 'recaptcha-not-reachable'; - const ERROR_TIMEOUT_OR_DUPLICATE = 'timeout-or-duplicate'; - - /** - * @inheritDoc - */ - protected function init() { - // set appropriate language code, fallback to EN if language code is not known to reCAPTCHA-API - $this->languageCode = WCF::getLanguage()->getFixedLanguageCode(); - if (!in_array($this->languageCode, $this->supportedLanguages)) { - $this->languageCode = 'en'; - } - - // WoltLab's V1 OEM keys - $this->publicKey = '6LfOlMYSAAAAADvo3s4puBAYDqI-6YK2ybe7BJE5'; - $this->privateKey = '6LfOlMYSAAAAAKR3m_EFxmDv1xS8PCfeaSZ2LdG9'; - } - - /** - * Validates response against given challenge. - * - * @param string $challenge - * @param string $response - * @throws SystemException - * @throws UserInputException - */ - public function validate($challenge, $response) { - // fail if challenge or response are empty to avoid sending api requests - if (empty($challenge) || empty($response)) { - throw new UserInputException('recaptchaString', 'false'); - } - - $response = $this->verify($challenge, $response); - switch ($response) { - case self::VALID_ANSWER: - break; - - case self::ERROR_INCORRECT_SOLUTION: - throw new UserInputException('recaptchaString', 'false'); - break; - - case self::ERROR_NOT_REACHABLE: - // if reCaptcha server is unreachable mark captcha as done - // this should be better than block users until server is back. - // - RouL - break; - - case self::ERROR_INVALID_COOKIE: - // do not throw a system exception, if validation fails - // while javascript is disabled. Otherwise, bots may produce - // a lot of log entries. - throw new UserInputException('recaptchaString', 'false'); - break; - - case self::ERROR_TIMEOUT_OR_DUPLICATE: - // User was to slow to fill the captcha. - throw new UserInputException('recaptchaString', 'false'); - break; - - default: - throw new SystemException('reCAPTCHA returned the following error: '.$response); - } - - WCF::getSession()->register('recaptchaDone', true); - } - - /** - * Queries server to verify successful response. - * - * @param string $challenge - * @param string $response - * @return string - */ - protected function verify($challenge, $response) { - $request = new HTTPRequest('http://www.google.com/recaptcha/api/verify', ['timeout' => 10], [ - 'privatekey' => $this->privateKey, - 'remoteip' => UserUtil::getIpAddress(), - 'challenge' => $challenge, - 'response' => $response - ]); - - try { - $request->execute(); - $reply = $request->getReply(); - $reCaptchaResponse = explode("\n", $reply['body']); - - if (StringUtil::trim($reCaptchaResponse[0]) === "true") { - return self::VALID_ANSWER; - } - else { - return StringUtil::trim($reCaptchaResponse[1]); - } - } - catch (SystemException $e) { - return self::ERROR_NOT_REACHABLE; - } - } - - /** - * Assigns template variables for reCAPTCHA. - */ - public function assignVariables() { - WCF::getTPL()->assign([ - 'recaptchaLanguageCode' => $this->languageCode, - 'recaptchaPublicKey' => $this->publicKey, - 'recaptchaUseSSL' => RouteHandler::secureConnection(), // @deprecated 2.1 - 'recaptchaLegacyMode' => true - ]); - } -} -- 2.20.1