mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 01:58:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix FLEXIAPI-151 Migrate to hCaptcha

Browse source
This commit is contained in:
Timothée Jaussoin 2024-03-18 15:13:27 +01:00
parent 2e9455ef11
commit 668c79bc12
14 changed files with 142 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -2,6 +2,8 @@
v1.5
----
- Fix FLEXIAPI-151 Migrate to hCaptcha
- Fix FLEXIAPI-150 Use the same account_id parameter for both API and Web routes
- Fix FLEXIAPI-148 Reuse AccountService in the POST /api/accounts admin endpoint
- FIX FLEXIAPI-146 Allow users to manage their own devices
- Fix FLEXIAPI-145 Put back the 'code' parameter as an alias for the 'confirmation_key' for the activateEmail and activatePhone endpoints

6
flexiapi/.env.example
View file

@ -106,6 +106,6 @@ OVH_APP_ENDPOINT=ovh-eu
OVH_APP_CONSUMER_KEY=
OVH_APP_SENDER=
# Google reCaptcha v2 parameters
NOCAPTCHA_SECRET=secret-key
NOCAPTCHA_SITEKEY=site-key
# HCaptcha
HCAPTCHA_SECRET=secret-key
HCAPTCHA_SITEKEY=site-key

2
flexiapi/app/Helpers/Utils.php
View file

@ -115,7 +115,7 @@ function resolveDomain(Request $request): string
function captchaConfigured(): bool
{
return env('NOCAPTCHA_SECRET', false) != false || env('NOCAPTCHA_SITEKEY', false) != false;
return env('HCAPTCHA_SECRET', false) != false || env('HCAPTCHA_SITEKEY', false) != false;
}
function resolveUserContacts(Request $request)

2
flexiapi/app/Http/Controllers/Account/AccountController.php
View file

@ -52,7 +52,7 @@ class AccountController extends Controller
{
$account = (new AccountService(api: false))->store($request);
$request->validate(['g-recaptcha-response' => captchaConfigured() ? 'required|captcha' : '']);
$request->validate(['h-captcha-response' => captchaConfigured() ? 'required|HCaptcha' : '']);
Auth::login($account);

2
flexiapi/app/Http/Controllers/Account/CreationRequestTokenController.php
View file

@ -51,7 +51,7 @@ class CreationRequestTokenController extends Controller
'required',
new RulesAccountCreationRequestToken
],
'g-recaptcha-response' => captchaConfigured() ? 'required|captcha' : '',
'h-captcha-response' => captchaConfigured() ? 'required|HCaptcha' : '',
]);
$accountCreationRequestToken = AccountCreationRequestToken::where('token', $request->get('account_creation_request_token'))->firstOrFail();

2
flexiapi/app/Http/Controllers/Account/EmailController.php
View file

@ -35,7 +35,7 @@ class EmailController extends Controller
public function requestChange(Request $request)
{
$request->validate(['g-recaptcha-response' => captchaConfigured() ? 'required|captcha': '']);
$request->validate(['h-captcha-response' => captchaConfigured() ? 'required|HCaptcha': '']);
if ((new BlockingService($request->user()))->checkBlock()) {
return redirect()->route('account.blocked');

2
flexiapi/app/Http/Controllers/Account/PhoneController.php
View file

@ -35,7 +35,7 @@ class PhoneController extends Controller
public function requestChange(Request $request)
{
$request->validate(['g-recaptcha-response' => captchaConfigured() ? 'required|captcha': '']);
$request->validate(['h-captcha-response' => captchaConfigured() ? 'required|HCaptcha': '']);
if ((new BlockingService($request->user()))->checkBlock()) {
return redirect()->route('account.blocked');

2
flexiapi/app/Http/Controllers/Account/RecoveryController.php
View file

@ -50,7 +50,7 @@ class RecoveryController extends Controller
$rules = [
'email' => 'required_without:phone|email|exists:accounts,email',
'phone' => 'required_without:email|starts_with:+',
'g-recaptcha-response' => captchaConfigured() ? 'required|captcha' : '',
'h-captcha-response' => captchaConfigured() ? 'required|HCaptcha' : '',
];
$account = null;

4
flexiapi/composer.json
View file

@ -9,7 +9,6 @@
"license": "MIT",
"require": {
"php": ">=8.0.2",
"anhskohbo/no-captcha": "^3.5",
"awobaz/compoships": "^2.2",
"doctrine/dbal": "^3.6",
"endroid/qr-code": "^4.8",
@ -21,7 +20,8 @@
"parsedown/laravel": "^1.2",
"phpunit/phpunit": "^9.6",
"react/socket": "^1.14",
"respect/validation": "^2.2"
"respect/validation": "^2.2",
"scyllaly/hcaptcha": "^4.4"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.9",

233
flexiapi/composer.lock generated
View file

@ -4,72 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "920b287a3d53f86cce05f254b7e3cb7b",
"content-hash": "255a77afa50eaa780b140f0b760339af",
"packages": [
{
"name": "anhskohbo/no-captcha",
"version": "3.5.0",
"source": {
"type": "git",
"url": "https://github.com/anhskohbo/no-captcha.git",
"reference": "81302b9ddfb4ee5904b66f24bf3e11ea74fa0b92"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/anhskohbo/no-captcha/zipball/81302b9ddfb4ee5904b66f24bf3e11ea74fa0b92",
"reference": "81302b9ddfb4ee5904b66f24bf3e11ea74fa0b92",
"shasum": ""
},
"require": {
"guzzlehttp/guzzle": "^6.2|^7.0",
"illuminate/support": "^5.0|^6.0|^7.0|^8.0|^9.0|^10.0",
"php": ">=5.5.5"
},
"require-dev": {
"phpunit/phpunit": "~4.8|^9.5.10"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Anhskohbo\\NoCaptcha\\NoCaptchaServiceProvider"
],
"aliases": {
"NoCaptcha": "Anhskohbo\\NoCaptcha\\Facades\\NoCaptcha"
}
}
},
"autoload": {
"psr-4": {
"Anhskohbo\\NoCaptcha\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "anhskohbo",
"email": "anhskohbo@gmail.com"
}
],
"description": "No CAPTCHA reCAPTCHA For Laravel.",
"keywords": [
"captcha",
"laravel",
"laravel4",
"laravel5",
"laravel6",
"no-captcha",
"recaptcha"
],
"support": {
"issues": "https://github.com/anhskohbo/no-captcha/issues",
"source": "https://github.com/anhskohbo/no-captcha/tree/3.5.0"
},
"time": "2023-02-15T16:07:08+00:00"
},
{
"name": "awobaz/compoships",
"version": "2.3.0",
@ -2440,16 +2376,16 @@
},
{
"name": "league/flysystem",
"version": "3.24.0",
"version": "3.25.1",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/flysystem.git",
"reference": "b25a361508c407563b34fac6f64a8a17a8819675"
"reference": "abbd664eb4381102c559d358420989f835208f18"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/flysystem/zipball/b25a361508c407563b34fac6f64a8a17a8819675",
"reference": "b25a361508c407563b34fac6f64a8a17a8819675",
"url": "https://api.github.com/repos/thephpleague/flysystem/zipball/abbd664eb4381102c559d358420989f835208f18",
"reference": "abbd664eb4381102c559d358420989f835208f18",
"shasum": ""
},
"require": {
@ -2477,7 +2413,7 @@
"friendsofphp/php-cs-fixer": "^3.5",
"google/cloud-storage": "^1.23",
"microsoft/azure-storage-blob": "^1.1",
"phpseclib/phpseclib": "^3.0.34",
"phpseclib/phpseclib": "^3.0.36",
"phpstan/phpstan": "^1.10",
"phpunit/phpunit": "^9.5.11|^10.0",
"sabre/dav": "^4.6.0"
@ -2514,7 +2450,7 @@
],
"support": {
"issues": "https://github.com/thephpleague/flysystem/issues",
"source": "https://github.com/thephpleague/flysystem/tree/3.24.0"
"source": "https://github.com/thephpleague/flysystem/tree/3.25.1"
},
"funding": [
{
@ -2526,20 +2462,20 @@
"type": "github"
}
],
"time": "2024-02-04T12:10:17+00:00"
"time": "2024-03-16T12:53:19+00:00"
},
{
"name": "league/flysystem-local",
"version": "3.23.1",
"version": "3.25.1",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/flysystem-local.git",
"reference": "b884d2bf9b53bb4804a56d2df4902bb51e253f00"
"reference": "61a6a90d6e999e4ddd9ce5adb356de0939060b92"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/flysystem-local/zipball/b884d2bf9b53bb4804a56d2df4902bb51e253f00",
"reference": "b884d2bf9b53bb4804a56d2df4902bb51e253f00",
"url": "https://api.github.com/repos/thephpleague/flysystem-local/zipball/61a6a90d6e999e4ddd9ce5adb356de0939060b92",
"reference": "61a6a90d6e999e4ddd9ce5adb356de0939060b92",
"shasum": ""
},
"require": {
@ -2573,8 +2509,7 @@
"local"
],
"support": {
"issues": "https://github.com/thephpleague/flysystem-local/issues",
"source": "https://github.com/thephpleague/flysystem-local/tree/3.23.1"
"source": "https://github.com/thephpleague/flysystem-local/tree/3.25.1"
},
"funding": [
{
@ -2586,7 +2521,7 @@
"type": "github"
}
],
"time": "2024-01-26T18:25:23+00:00"
"time": "2024-03-15T19:58:44+00:00"
},
{
"name": "league/mime-type-detection",
@ -3123,16 +3058,16 @@
},
{
"name": "nikic/php-parser",
"version": "v5.0.1",
"version": "v5.0.2",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
"reference": "2218c2252c874a4624ab2f613d86ac32d227bc69"
"reference": "139676794dc1e9231bf7bcd123cfc0c99182cb13"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/2218c2252c874a4624ab2f613d86ac32d227bc69",
"reference": "2218c2252c874a4624ab2f613d86ac32d227bc69",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/139676794dc1e9231bf7bcd123cfc0c99182cb13",
"reference": "139676794dc1e9231bf7bcd123cfc0c99182cb13",
"shasum": ""
},
"require": {
@ -3175,9 +3110,9 @@
],
"support": {
"issues": "https://github.com/nikic/PHP-Parser/issues",
"source": "https://github.com/nikic/PHP-Parser/tree/v5.0.1"
"source": "https://github.com/nikic/PHP-Parser/tree/v5.0.2"
},
"time": "2024-02-21T19:24:10+00:00"
"time": "2024-03-05T20:51:40+00:00"
},
{
"name": "nunomaduro/termwind",
@ -4455,16 +4390,16 @@
},
{
"name": "psy/psysh",
"version": "v0.12.0",
"version": "v0.12.2",
"source": {
"type": "git",
"url": "https://github.com/bobthecow/psysh.git",
"reference": "750bf031a48fd07c673dbe3f11f72362ea306d0d"
"reference": "9185c66c2165bbf4d71de78a69dccf4974f9538d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/750bf031a48fd07c673dbe3f11f72362ea306d0d",
"reference": "750bf031a48fd07c673dbe3f11f72362ea306d0d",
"url": "https://api.github.com/repos/bobthecow/psysh/zipball/9185c66c2165bbf4d71de78a69dccf4974f9538d",
"reference": "9185c66c2165bbf4d71de78a69dccf4974f9538d",
"shasum": ""
},
"require": {
@ -4528,9 +4463,9 @@
],
"support": {
"issues": "https://github.com/bobthecow/psysh/issues",
"source": "https://github.com/bobthecow/psysh/tree/v0.12.0"
"source": "https://github.com/bobthecow/psysh/tree/v0.12.2"
},
"time": "2023-12-20T15:28:09+00:00"
"time": "2024-03-17T01:53:00+00:00"
},
{
"name": "ralouphie/getallheaders",
@ -5330,6 +5265,65 @@
},
"time": "2023-02-15T01:05:24+00:00"
},
{
"name": "scyllaly/hcaptcha",
"version": "4.4.5",
"source": {
"type": "git",
"url": "https://github.com/Scyllaly/hcaptcha.git",
"reference": "3c133dfe684d34570e911de11098ebaa0d2c369d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Scyllaly/hcaptcha/zipball/3c133dfe684d34570e911de11098ebaa0d2c369d",
"reference": "3c133dfe684d34570e911de11098ebaa0d2c369d",
"shasum": ""
},
"require": {
"illuminate/support": "5.*|6.*|7.*|8.*|^9.0|10.*",
"php": ">=5.5.5"
},
"require-dev": {
"phpunit/phpunit": "~4.8|^9.5.10|^10.0"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Scyllaly\\HCaptcha\\HCaptchaServiceProvider"
],
"aliases": {
"HCaptcha": "Scyllaly\\HCaptcha\\Facades\\HCaptcha"
}
}
},
"autoload": {
"psr-4": {
"Scyllaly\\HCaptcha\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "scyllaly",
"email": "scyllaly@github.com"
}
],
"description": "hCaptcha for Laravel",
"keywords": [
"captcha",
"hcaptcha",
"laravel"
],
"support": {
"issues": "https://github.com/Scyllaly/hcaptcha/issues",
"source": "https://github.com/Scyllaly/hcaptcha/tree/4.4.5"
},
"time": "2023-03-14T16:36:21+00:00"
},
{
"name": "sebastian/cli-parser",
"version": "1.0.2",
@ -6132,16 +6126,16 @@
},
{
"name": "sebastian/resource-operations",
"version": "3.0.3",
"version": "3.0.4",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/resource-operations.git",
"reference": "0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8"
"reference": "05d5692a7993ecccd56a03e40cd7e5b09b1d404e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8",
"reference": "0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8",
"url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/05d5692a7993ecccd56a03e40cd7e5b09b1d404e",
"reference": "05d5692a7993ecccd56a03e40cd7e5b09b1d404e",
"shasum": ""
},
"require": {
@ -6153,7 +6147,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
"dev-main": "3.0-dev"
}
},
"autoload": {
@ -6174,8 +6168,7 @@
"description": "Provides a list of PHP built-in functions that operate on resources",
"homepage": "https://www.github.com/sebastianbergmann/resource-operations",
"support": {
"issues": "https://github.com/sebastianbergmann/resource-operations/issues",
"source": "https://github.com/sebastianbergmann/resource-operations/tree/3.0.3"
"source": "https://github.com/sebastianbergmann/resource-operations/tree/3.0.4"
},
"funding": [
{
@ -6183,7 +6176,7 @@
"type": "github"
}
],
"time": "2020-09-28T06:45:17+00:00"
"time": "2024-03-14T16:00:52+00:00"
},
{
"name": "sebastian/type",
@ -8839,23 +8832,23 @@
"packages-dev": [
{
"name": "barryvdh/laravel-debugbar",
"version": "v3.10.6",
"version": "v3.12.2",
"source": {
"type": "git",
"url": "https://github.com/barryvdh/laravel-debugbar.git",
"reference": "1fcb37307ebb32207dce16fa160a92b14d8b671f"
"reference": "43555503052443964ce2c1c1f3b0378e58219eb8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/barryvdh/laravel-debugbar/zipball/1fcb37307ebb32207dce16fa160a92b14d8b671f",
"reference": "1fcb37307ebb32207dce16fa160a92b14d8b671f",
"url": "https://api.github.com/repos/barryvdh/laravel-debugbar/zipball/43555503052443964ce2c1c1f3b0378e58219eb8",
"reference": "43555503052443964ce2c1c1f3b0378e58219eb8",
"shasum": ""
},
"require": {
"illuminate/routing": "^9|^10|^11",
"illuminate/session": "^9|^10|^11",
"illuminate/support": "^9|^10|^11",
"maximebf/debugbar": "~1.20.1",
"maximebf/debugbar": "~1.21.0",
"php": "^8.0",
"symfony/finder": "^6|^7"
},
@ -8907,7 +8900,7 @@
],
"support": {
"issues": "https://github.com/barryvdh/laravel-debugbar/issues",
"source": "https://github.com/barryvdh/laravel-debugbar/tree/v3.10.6"
"source": "https://github.com/barryvdh/laravel-debugbar/tree/v3.12.2"
},
"funding": [
{
@ -8919,20 +8912,20 @@
"type": "github"
}
],
"time": "2024-03-01T14:41:13+00:00"
"time": "2024-03-13T09:50:34+00:00"
},
{
"name": "composer/pcre",
"version": "3.1.1",
"version": "3.1.2",
"source": {
"type": "git",
"url": "https://github.com/composer/pcre.git",
"reference": "00104306927c7a0919b4ced2aaa6782c1e61a3c9"
"reference": "4775f35b2d70865807c89d32c8e7385b86eb0ace"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/pcre/zipball/00104306927c7a0919b4ced2aaa6782c1e61a3c9",
"reference": "00104306927c7a0919b4ced2aaa6782c1e61a3c9",
"url": "https://api.github.com/repos/composer/pcre/zipball/4775f35b2d70865807c89d32c8e7385b86eb0ace",
"reference": "4775f35b2d70865807c89d32c8e7385b86eb0ace",
"shasum": ""
},
"require": {
@ -8974,7 +8967,7 @@
],
"support": {
"issues": "https://github.com/composer/pcre/issues",
"source": "https://github.com/composer/pcre/tree/3.1.1"
"source": "https://github.com/composer/pcre/tree/3.1.2"
},
"funding": [
{
@ -8990,7 +8983,7 @@
"type": "tidelift"
}
],
"time": "2023-10-11T07:11:09+00:00"
"time": "2024-03-07T15:38:35+00:00"
},
{
"name": "composer/xdebug-handler",
@ -9182,16 +9175,16 @@
},
{
"name": "maximebf/debugbar",
"version": "v1.20.2",
"version": "v1.21.3",
"source": {
"type": "git",
"url": "https://github.com/maximebf/php-debugbar.git",
"reference": "484625c23a4fa4f303617f29fcacd42951c9c01d"
"reference": "0b407703b08ea0cf6ebc61e267cc96ff7000911b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/maximebf/php-debugbar/zipball/484625c23a4fa4f303617f29fcacd42951c9c01d",
"reference": "484625c23a4fa4f303617f29fcacd42951c9c01d",
"url": "https://api.github.com/repos/maximebf/php-debugbar/zipball/0b407703b08ea0cf6ebc61e267cc96ff7000911b",
"reference": "0b407703b08ea0cf6ebc61e267cc96ff7000911b",
"shasum": ""
},
"require": {
@ -9211,7 +9204,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.20-dev"
"dev-master": "1.21-dev"
}
},
"autoload": {
@ -9242,13 +9235,13 @@
],
"support": {
"issues": "https://github.com/maximebf/php-debugbar/issues",
"source": "https://github.com/maximebf/php-debugbar/tree/v1.20.2"
"source": "https://github.com/maximebf/php-debugbar/tree/v1.21.3"
},
"time": "2024-02-15T10:49:09+00:00"
"time": "2024-03-12T14:23:07+00:00"
},
{
"name": "mockery/mockery",
"version": "1.6.7",
"version": "1.6.9",
"source": {
"type": "git",
"url": "https://github.com/mockery/mockery.git",

10
flexiapi/config/HCaptcha.php Normal file
View file

@ -0,0 +1,10 @@
<?php
return [
'secret' => env('HCAPTCHA_SECRET'),
'sitekey' => env('HCAPTCHA_SITEKEY'),
'server-get-config' => false,
'options' => [
'timeout' => 30,
],
];

2
flexiapi/config/app.php
View file

@ -228,6 +228,7 @@ return [
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
Scyllaly\HCaptcha\HCaptchaServiceProvider::class,
/*
* Package Service Providers...
@ -275,6 +276,7 @@ return [
'File' => Illuminate\Support\Facades\File::class,
'Gate' => Illuminate\Support\Facades\Gate::class,
'Hash' => Illuminate\Support\Facades\Hash::class,
'HCaptcha' => Scyllaly\HCaptcha\Facades\HCaptcha::class,
'Lang' => Illuminate\Support\Facades\Lang::class,
'Log' => Illuminate\Support\Facades\Log::class,
'Mail' => Illuminate\Support\Facades\Mail::class,

2
flexiapi/resources/lang/en/validation.php
View file

@ -135,7 +135,7 @@ return [
'attribute-name' => [
'rule-name' => 'custom-message',
],
'g-recaptcha-response' => [
'h-captcha-response' => [
'required' => 'Please verify that you are not a robot.',
'captcha' => 'Captcha error! try again later or contact site admin.',
],

6
flexiapi/resources/views/parts/captcha.blade.php
View file

@ -1,7 +1,7 @@
@if (captchaConfigured())
<div class="large">
{!! NoCaptcha::renderJs() !!}
{!! NoCaptcha::display() !!}
@include('parts.errors', ['name' => 'g-recaptcha-response'])
{!! HCaptcha::renderJs() !!}
{!! HCaptcha::display() !!}
@include('parts.errors', ['name' => 'h-captcha-response'])
</div>
@endif