Merge pull request #273 from fixeditforyou/master

excelwebzone · web-flow · commit 8bb31b2073ae · 2021-09-08T07:52:45.000-07:00
Fix action name validation
diff --git a/src/Form/Type/EWZRecaptchaV3Type.php b/src/Form/Type/EWZRecaptchaV3Type.php
@@ -9,6 +9,8 @@
 
 class EWZRecaptchaV3Type extends AbstractEWZRecaptchaType
 {
+    public const DEFAULT_ACTION_NAME = 'form';
+
     /** @var bool */
     private $hideBadge;
 
diff --git a/src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig b/src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig
@@ -9,7 +9,7 @@
 
     <script{% if form.vars.script_nonce_csp is defined and form.vars.script_nonce_csp is not same as('') %} nonce="{{ form.vars.script_nonce_csp }}"{% endif %}>
       grecaptcha.ready(function () {
-        grecaptcha.execute('{{ form.vars.public_key }}', { action: '{{ form.vars.action_name|default('form') }}' }).then(function (token) {
+        grecaptcha.execute('{{ form.vars.public_key }}', { action: '{{ form.vars.action_name|default(constant('EWZ\\Bundle\\RecaptchaBundle\\Form\\Type\\EWZRecaptchaV3Type::DEFAULT_ACTION_NAME')) }}' }).then(function (token) {
           var recaptchaResponse = document.getElementById('{{ id }}');
           recaptchaResponse.value = token;
         });
diff --git a/src/Validator/Constraints/IsTrueValidatorV3.php b/src/Validator/Constraints/IsTrueValidatorV3.php
@@ -2,8 +2,10 @@
 
 namespace EWZ\Bundle\RecaptchaBundle\Validator\Constraints;
 
+use EWZ\Bundle\RecaptchaBundle\Form\Type\EWZRecaptchaV3Type;
 use Psr\Log\LoggerInterface;
 use ReCaptcha\ReCaptcha;
+use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
@@ -87,11 +89,12 @@ private function isTokenValid($token)
     {
         try {
             $remoteIp = $this->requestStack->getCurrentRequest()->getClientIp();
+            $action = $this->getActionName();
 
             $recaptcha = new ReCaptcha($this->secretKey);
 
             $response = $recaptcha
-                ->setExpectedAction('form')
+                ->setExpectedAction($action)
                 ->setScoreThreshold($this->scoreThreshold)
                 ->verify($token, $remoteIp);
 
@@ -107,4 +110,16 @@ private function isTokenValid($token)
             return false;
         }
     }
+
+    private function getActionName(): string
+    {
+        $object = $this->context->getObject();
+        $action = null;
+
+        if ($object instanceof FormInterface) {
+            $action = $object->getConfig()->getOption('action_name');
+        }
+
+        return $action ?: EWZRecaptchaV3Type::DEFAULT_ACTION_NAME;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@`
`9`	`9`
`10`	`10`	`class EWZRecaptchaV3Type extends AbstractEWZRecaptchaType`
`11`	`11`	`{`
	`12`	`+ public const DEFAULT_ACTION_NAME = 'form';`
	`13`	`+`
`12`	`14`	`/** @var bool */`
`13`	`15`	`private $hideBadge;`
`14`	`16`