Merge pull request #273 from fixeditforyou/master

Fix action name validation
excelwebzone · Sep 8, 2021 · 8bb31b2 · 8bb31b2
2 parents 88646b5 + cfe7c7f
commit 8bb31b2
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/src/Form/Type/EWZRecaptchaV3Type.php b/src/Form/Type/EWZRecaptchaV3Type.php
@@ -9,6 +9,8 @@
 
 class EWZRecaptchaV3Type extends AbstractEWZRecaptchaType
 {
+    public const DEFAULT_ACTION_NAME = 'form';
+
     /** @var bool */
     private $hideBadge;
 

diff --git a/src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig b/src/Resources/views/Form/v3/ewz_recaptcha_widget.html.twig
@@ -9,7 +9,7 @@
 
     <script{% if form.vars.script_nonce_csp is defined and form.vars.script_nonce_csp is not same as('') %} nonce="{{ form.vars.script_nonce_csp }}"{% endif %}>
       grecaptcha.ready(function () {
-        grecaptcha.execute('{{ form.vars.public_key }}', { action: '{{ form.vars.action_name|default('form') }}' }).then(function (token) {
+        grecaptcha.execute('{{ form.vars.public_key }}', { action: '{{ form.vars.action_name|default(constant('EWZ\\Bundle\\RecaptchaBundle\\Form\\Type\\EWZRecaptchaV3Type::DEFAULT_ACTION_NAME')) }}' }).then(function (token) {
           var recaptchaResponse = document.getElementById('{{ id }}');
           recaptchaResponse.value = token;
         });

diff --git a/src/Validator/Constraints/IsTrueValidatorV3.php b/src/Validator/Constraints/IsTrueValidatorV3.php
@@ -2,8 +2,10 @@
 
 namespace EWZ\Bundle\RecaptchaBundle\Validator\Constraints;
 
+use EWZ\Bundle\RecaptchaBundle\Form\Type\EWZRecaptchaV3Type;
 use Psr\Log\LoggerInterface;
 use ReCaptcha\ReCaptcha;
+use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
@@ -87,11 +89,12 @@ private function isTokenValid($token)
     {
         try {
             $remoteIp = $this->requestStack->getCurrentRequest()->getClientIp();
+            $action = $this->getActionName();
 
             $recaptcha = new ReCaptcha($this->secretKey);
 
             $response = $recaptcha
-                ->setExpectedAction('form')
+                ->setExpectedAction($action)
                 ->setScoreThreshold($this->scoreThreshold)
                 ->verify($token, $remoteIp);
 
@@ -107,4 +110,16 @@ private function isTokenValid($token)
             return false;
         }
     }
+
+    private function getActionName(): string
+    {
+        $object = $this->context->getObject();
+        $action = null;
+
+        if ($object instanceof FormInterface) {
+            $action = $object->getConfig()->getOption('action_name');
+        }
+
+        return $action ?: EWZRecaptchaV3Type::DEFAULT_ACTION_NAME;
+    }
 }