Add captcha support #168
Add captcha support #168
Conversation
GautheyValentin changed the title 
There was a problem hiding this comment.
@GautheyValentin While I think this functionality is necessary, I think there are some flaws in your approach. Please see my comments.
| 'mutateAndGetPayload' => function( $input, AppContext $context, ResolveInfo $info ) { | ||
| // Login the user in and get an authToken and user in response. | ||
| return Auth::login_and_get_token( sanitize_user( $input['username'] ), trim( $input['password'] ) ); | ||
| return Auth::login_and_get_token( sanitize_user( $input['username'] ), trim( $input['password'] ), $input['gRecaptchaResponse'] ); |
There was a problem hiding this comment.
@GautheyValentin There needs to be validation of some kind for $input['gRecaptchaResponse'] seeing as it's not a required field it could be null.
| * @since 0.0.1 | ||
| */ | ||
| public static function login_and_get_token( $username, $password ) { | ||
| public static function login_and_get_token( $username, $password, $gRecaptchaResponse ) { |
There was a problem hiding this comment.
$gRecaptchaResponse needs a default value otherwise it will throw an exception everytime it's value is null.
An @param entry in the docblock upon would be nice too. 👌🏿
| throw new UserError( __( 'Captcha is required', 'wp-graphql-jwt-authentication' ) ); | ||
| } | ||
| | ||
| $_POST['g-recaptcha-response'] = $gRecaptchaResponse; |
There was a problem hiding this comment.
@GautheyValentin While I don't think this is bad practice and has it's uses in areas like testing, this is far from how the $_POST global was designed to be used. What you're trying to do here would probably be better addressed further up the funnel so to speak 🤔. Maybe see about getting an official filter in place within the reCaptcha plugin.
| @kidunot89 In wp-defender (Wpmudev extension) there is no filter to override de value of captcha response Code of wp-defender : /** * Get the reCAPTCHA API response. * * @param string $form * * @return bool */ protected function recaptcha_response( string $form ): bool { if ( empty( $this->private_key ) || empty( $_POST['g-recaptcha-response'] ) ) { return false; } // reCAPTCHA response post data. $response = stripslashes( sanitize_text_field( $_POST['g-recaptcha-response'] ) ); $remote_ip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP ); // @since v2.5.6 $remote_ip = (string) apply_filters( 'wd_recaptcha_remote_ip', $remote_ip ); $post_body = [ 'secret' => $this->private_key, 'response' => $response, 'remoteip' => $remote_ip, ]; $result = $this->service->recaptcha_post_request( $post_body ); // @since 2.5.6 return apply_filters( 'wd_recaptcha_check_result', $result, $form ); }Best regards |
| I understand completely, I suggest the issue be opened to get a filter put in the official recaptcha plugin 🤔 |
| Guys, I believe that this plugin should definitely include captcha support. |
3 participants
With a env variable :
GRAPHQL_JWT_REQUIRE_CAPTCHAset to trueCheck if
gRecaptchaResponseis existing and apply to$_POST['g-recaptcha-response']