chore(Code): Update to WISE API June 2023 (#16)

chore(Login): Use recaptcha V3 (WISE-Community#228) Co-authored-by: Geoffrey Kwan <[email protected]>
encorelab · Sep 21, 2023 · d6cfb30 · d6cfb30
1 parent e375387
commit d6cfb30
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 18 deletions.
diff --git a/src/main/java/org/wise/portal/presentation/web/exception/RecaptchaVerificationException.java b/src/main/java/org/wise/portal/presentation/web/exception/RecaptchaVerificationException.java
@@ -0,0 +1,11 @@
+package org.wise.portal.presentation.web.exception;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class RecaptchaVerificationException extends AuthenticationException {
+  private static final long serialVersionUID = 1L;
+
+  public RecaptchaVerificationException(String msg) {
+    super(msg);
+  }
+}
diff --git a/src/main/java/org/wise/portal/presentation/web/filters/WISEAuthenticationFailureHandler.java b/src/main/java/org/wise/portal/presentation/web/filters/WISEAuthenticationFailureHandler.java
@@ -33,6 +33,7 @@
 import org.wise.portal.domain.authentication.MutableUserDetails;
 import org.wise.portal.domain.user.User;
 import org.wise.portal.presentation.web.controllers.ControllerUtil;
+import org.wise.portal.presentation.web.exception.RecaptchaVerificationException;
 import org.wise.portal.service.user.UserService;
 
 import javax.servlet.ServletException;
@@ -75,35 +76,28 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
         Integer numberOfRecentFailedLoginAttempts = 1;
         Date currentTime = new Date();
         if (ControllerUtil.isRecentFailedLoginWithinTimeLimit(user)) {
-          numberOfRecentFailedLoginAttempts = userDetails.getNumberOfRecentFailedLoginAttempts() + 1;
+          numberOfRecentFailedLoginAttempts = userDetails.getNumberOfRecentFailedLoginAttempts()
+              + 1;
         }
         userDetails.setNumberOfRecentFailedLoginAttempts(numberOfRecentFailedLoginAttempts);
         userDetails.setRecentFailedLoginTime(currentTime);
         userService.updateUser(user);
       }
     } else if (request.getServletPath().contains("google-login")) {
-      response.sendRedirect(appProperties.getProperty("wise.hostname") + "/join?googleUserNotFound=true");
+      response.sendRedirect(
+          appProperties.getProperty("wise.hostname") + "/join?googleUserNotFound=true");
       return;
     }
-
-    if (this.isNewSite(request)) {
+    if (exception instanceof RecaptchaVerificationException) {
       try {
         JSONObject responseJSON = ControllerUtil.createErrorResponse();
-        responseJSON.put("isRecaptchaRequired", ControllerUtil.isReCaptchaRequired(request));
+        responseJSON.put("isRecaptchaVerificationFailed", true);
         response.getWriter().write(responseJSON.toString());
       } catch (JSONException e) {
       }
-    } else {
-      //setDefaultFailureUrl(determineFailureUrl(request, response, exception));
-      //super.onAuthenticationFailure(request, response, exception);
     }
   }
 
-  private boolean isNewSite(HttpServletRequest request) {
-    String site = request.getParameter("site");
-    return "new".equals(site);
-  }
-
   /**
    * Get the failure url. This function checks if the public and private
    * keys for the captcha have been provided and if the user has failed

diff --git a/...ain/java/org/wise/portal/presentation/web/filters/WISEAuthenticationProcessingFilter.java b/...ain/java/org/wise/portal/presentation/web/filters/WISEAuthenticationProcessingFilter.java
@@ -40,6 +40,7 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.wise.portal.domain.user.User;
 import org.wise.portal.presentation.web.controllers.ControllerUtil;
+import org.wise.portal.presentation.web.exception.RecaptchaVerificationException;
 import org.wise.portal.service.session.SessionService;
 import org.wise.portal.service.user.UserService;
 
@@ -75,13 +76,12 @@ public class WISEAuthenticationProcessingFilter extends UsernamePasswordAuthenti
   @Override
   public Authentication attemptAuthentication(HttpServletRequest request,
       HttpServletResponse response) throws AuthenticationException {
-    if (ControllerUtil.isReCaptchaRequired(request)) {
-      String gReCaptchaResponse = request.getParameter("g-recaptcha-response");
+    if (ControllerUtil.isReCaptchaEnabled()) {
+      String gReCaptchaResponse = request.getParameter("recaptchaResponse");
       if (!ControllerUtil.isReCaptchaResponseValid(gReCaptchaResponse)) {
-        String errorMessage = "Please verify that you are not a robot.";
         try {
-          unsuccessfulAuthentication(request, response, new AuthenticationException(errorMessage) {
-          });
+          unsuccessfulAuthentication(request, response,
+              new RecaptchaVerificationException("Recaptcha verification failed"));
         } catch (IOException e) {
 
         } catch (ServletException e) {