MediaWiki  1.29.1
ReCaptchaNoCaptcha.class.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Auth\AuthenticationRequest;
4 
5 class ReCaptchaNoCaptcha extends SimpleCaptcha {
6  // used for renocaptcha-edit, renocaptcha-addurl, renocaptcha-badlogin, renocaptcha-createaccount,
7  // renocaptcha-create, renocaptcha-sendemail via getMessage()
8  protected static $messagePrefix = 'renocaptcha-';
9 
10  private $error = null;
15  function getFormInformation( $tabIndex = 1 ) {
16  global $wgReCaptchaSiteKey, $wgLang;
17  $lang = htmlspecialchars( urlencode( $wgLang->getCode() ) );
18 
19  $output = Html::element( 'div', [
20  'class' => [
21  'g-recaptcha',
22  'mw-confirmedit-captcha-fail' => !!$this->error,
23  ],
24  'data-sitekey' => $wgReCaptchaSiteKey
25  ] );
26  $htmlUrlencoded = htmlspecialchars( urlencode( $wgReCaptchaSiteKey ) );
27  $output .= <<<HTML
28 <noscript>
29  <div>
30  <div style="width: 302px; height: 422px; position: relative;">
31  <div style="width: 302px; height: 422px; position: absolute;">
32  <iframe src="https://www.google.com/recaptcha/api/fallback?k={$htmlUrlencoded}&hl={$lang}"
33  frameborder="0" scrolling="no"
34  style="width: 302px; height:422px; border-style: none;">
35  </iframe>
36  </div>
37  </div>
38  <div style="width: 300px; height: 60px; border-style: none;
39  bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;
40  background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
41  <textarea id="g-recaptcha-response" name="g-recaptcha-response"
42  class="g-recaptcha-response"
43  style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
44  margin: 10px 25px; padding: 0px; resize: none;" >
45  </textarea>
46  </div>
47  </div>
48 </noscript>
49 HTML;
50  return [
51  'html' => $output,
52  'headitems' => [
53  // Insert reCAPTCHA script, in display language, if available.
54  // Language falls back to the browser's display language.
55  // See https://developers.google.com/recaptcha/docs/faq
56  "<script src=\"https://www.google.com/recaptcha/api.js?hl={$lang}\" async defer></script>"
57  ]
58  ];
59  }
60 
64  protected function logCheckError( $info ) {
65  if ( $info instanceof Status ) {
66  $errors = $info->getErrorsArray();
67  $error = $errors[0][0];
68  } elseif ( is_array( $info ) ) {
69  $error = implode( ',', $info );
70  } else {
71  $error = $info;
72  }
73 
74  wfDebugLog( 'captcha', 'Unable to validate response: ' . $error );
75  }
76 
81  protected function getCaptchaParamsFromRequest( WebRequest $request ) {
82  $index = 'not used'; // ReCaptchaNoCaptcha combines captcha ID + solution into a single value
83  // API is hardwired to return captchaWord, so use that if the standard isempty
84  $response = $request->getVal( 'g-recaptcha-response', $request->getVal( 'captchaWord' ) );
85  return [ $index, $response ];
86  }
87 
98  function passCaptcha( $_, $word ) {
99  global $wgRequest, $wgReCaptchaSecretKey, $wgReCaptchaSendRemoteIP;
100 
101  $url = 'https://www.google.com/recaptcha/api/siteverify';
102  // Build data to append to request
103  $data = [
104  'secret' => $wgReCaptchaSecretKey,
105  'response' => $word,
106  ];
107  if ( $wgReCaptchaSendRemoteIP ) {
108  $data['remoteip'] = $wgRequest->getIP();
109  }
110  $url = wfAppendQuery( $url, $data );
111  $request = MWHttpRequest::factory( $url, [ 'method' => 'GET' ] );
112  $status = $request->execute();
113  if ( !$status->isOK() ) {
114  $this->error = 'http';
115  $this->logCheckError( $status );
116  return false;
117  }
118  $response = FormatJson::decode( $request->getContent(), true );
119  if ( !$response ) {
120  $this->error = 'json';
121  $this->logCheckError( $this->error );
122  return false;
123  }
124  if ( isset( $response['error-codes'] ) ) {
125  $this->error = 'recaptcha-api';
126  $this->logCheckError( $response['error-codes'] );
127  return false;
128  }
129 
130  return $response['success'];
131  }
132 
136  function addCaptchaAPI( &$resultArr ) {
137  $resultArr['captcha'] = $this->describeCaptchaType();
138  $resultArr['captcha']['error'] = $this->error;
139  }
140 
144  public function describeCaptchaType() {
145  global $wgReCaptchaSiteKey;
146  return [
147  'type' => 'recaptchanocaptcha',
148  'mime' => 'image/png',
149  'key' => $wgReCaptchaSiteKey,
150  ];
151  }
152 
160  public function getMessage( $action ) {
161  $msg = parent::getMessage( $action );
162  if ( $this->error ) {
163  $msg = new RawMessage( '<div class="error">$1</div>', [ $msg ] );
164  }
165  return $msg;
166  }
167 
174  public function APIGetAllowedParams( &$module, &$params, $flags ) {
175  if ( $flags && $this->isAPICaptchaModule( $module ) ) {
176  $params['g-recaptcha-response'] = [
177  ApiBase::PARAM_HELP_MSG => 'renocaptcha-apihelp-param-g-recaptcha-response',
178  ];
179  }
180 
181  return true;
182  }
183 
184  public function getError() {
185  return $this->error;
186  }
187 
188  public function storeCaptcha( $info ) {
189  // ReCaptcha is stored by Google; the ID will be generated at that time as well, and
190  // the one returned here won't be used. Just pretend this worked.
191  return 'not used';
192  }
193 
194  public function retrieveCaptcha( $index ) {
195  // just pretend it worked
196  return [ 'index' => $index ];
197  }
198 
199  public function getCaptcha() {
200  // ReCaptcha is handled by frontend code + an external provider; nothing to do here.
201  return [];
202  }
203 
209  public function getCaptchaInfo( $captchaData, $id ) {
210  return wfMessage( 'renocaptcha-info' );
211  }
212 
216  public function createAuthenticationRequest() {
217  return new ReCaptchaNoCaptchaAuthenticationRequest();
218  }
219 
226  public function onAuthChangeFormFields(
227  array $requests, array $fieldInfo, array &$formDescriptor, $action
228  ) {
229  global $wgReCaptchaSiteKey;
230 
231  $req = AuthenticationRequest::getRequestByClass( $requests,
232  CaptchaAuthenticationRequest::class, true );
233  if ( !$req ) {
234  return;
235  }
236 
237  // ugly way to retrieve error information
238  $captcha = ConfirmEditHooks::getInstance();
239 
240  $formDescriptor['captchaWord'] = [
241  'class' => HTMLReCaptchaNoCaptchaField::class,
242  'key' => $wgReCaptchaSiteKey,
243  'error' => $captcha->getError(),
244  ] + $formDescriptor['captchaWord'];
245  }
246 }
MWHttpRequest\factory
static factory( $url, $options=null, $caller=__METHOD__)
Generate a new request object.
Definition: MWHttpRequest.php:180
$request
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2612
$lang
if(!isset( $args[0])) $lang
Definition: testCompression.php:33
ApiBase\PARAM_HELP_MSG
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
Definition: ApiBase.php:128
$status
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist Do not use this to implement individual filters if they are compatible with the ChangesListFilter and ChangesListFilterGroup structure use sub classes of those in conjunction with the ChangesListSpecialPageStructuredFilters hook This hook can be used to implement filters that do not implement that or custom behavior that is not an individual filter e g Watchlist and Watchlist you will want to construct new ChangesListBooleanFilter or ChangesListStringOptionsFilter objects When constructing you specify which group they belong to You can reuse existing or create your you must register them with $special registerFilterGroup removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set $status
Definition: hooks.txt:1049
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
$req
this hook is for auditing only $req
Definition: hooks.txt:990
$params
$params
Definition: styleTest.css.php:40
ConfirmEditHooks\getInstance
static getInstance()
Get the global Captcha instance.
Definition: ConfirmEditHooks.php:13
wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition: GlobalFunctions.php:1092
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:40
SimpleCaptcha\getCaptchaInfo
getCaptchaInfo( $captchaData, $id)
Definition: Captcha.php:184
wfAppendQuery
wfAppendQuery( $url, $query)
Append a query string to an existing URL, which may or may not already have query string parameters a...
Definition: GlobalFunctions.php:500
SimpleCaptcha\addCaptchaAPI
addCaptchaAPI(&$resultArr)
Definition: Captcha.php:72
FormatJson\decode
static decode( $value, $assoc=false)
Decodes a JSON string.
Definition: FormatJson.php:187
ReCaptchaNoCaptchaAuthenticationRequest
Authentication request for ReCaptcha v2.
Definition: ReCaptchaNoCaptchaAuthenticationRequest.php:9
SimpleCaptcha\getCaptcha
getCaptcha()
Returns an array with 'question' and 'answer' keys.
Definition: Captcha.php:54
SimpleCaptcha\getCaptchaParamsFromRequest
getCaptchaParamsFromRequest(WebRequest $request)
Definition: Captcha.php:935
div
div
Definition: parserTests.txt:6533
$wgLang
this class mediates it Skin Encapsulates a look and feel for the wiki All of the functions that render HTML and make choices about how to render it are here and are called from various other places when and is meant to be subclassed with other skins that may override some of its functions The User object contains a reference to a and so rather than having a global skin object we just rely on the global User and get the skin with $wgUser and also has some character encoding functions and other locale stuff The current user interface language is instantiated as $wgLang
Definition: design.txt:56
$output
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist Do not use this to implement individual filters if they are compatible with the ChangesListFilter and ChangesListFilterGroup structure use sub classes of those in conjunction with the ChangesListSpecialPageStructuredFilters hook This hook can be used to implement filters that do not implement that or custom behavior that is not an individual filter e g Watchlist and Watchlist you will want to construct new ChangesListBooleanFilter or ChangesListStringOptionsFilter objects When constructing you specify which group they belong to You can reuse existing or create your you must register them with $special registerFilterGroup removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set and then return false from the hook function Ensure you consume the ChangeTagAfterDelete hook to carry out custom deletion actions as context called by AbstractContent::getParserOutput May be used to override the normal model specific rendering of page content as context as context the output can only depend on parameters provided to this hook not on global state indicating whether full HTML should be generated If generation of HTML may be but other information should still be present in the ParserOutput object & $output
Definition: hooks.txt:1049
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
SimpleCaptcha\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Modify the apprearance of the captcha field.
Definition: Captcha.php:1127
SimpleCaptcha\retrieveCaptcha
retrieveCaptcha( $index)
Fetch this session's captcha info.
Definition: Captcha.php:1046
SimpleCaptcha\createAuthenticationRequest
createAuthenticationRequest()
Definition: Captcha.php:1114
SimpleCaptcha
Demo CAPTCHA (not for production usage) and base class for real CAPTCHAs.
Definition: Captcha.php:9
SimpleCaptcha\getError
getError()
Return the error from the last passCaptcha* call.
Definition: Captcha.php:44
SimpleCaptcha\storeCaptcha
storeCaptcha( $info)
Generate a captcha session ID and save the info in PHP's session storage.
Definition: Captcha.php:1032
error
&</p >< p >< sup id="cite_ref-blank_1-1" class="reference">< a href="#cite_note-blank-1"> &</p >< div class="mw-references-wrap">< ol class="references">< li id="cite_note-blank-1">< span class="mw-cite-backlink"> ↑< sup >< a href="#cite_ref-blank_1-0"></a ></sup >< sup >< a href="#cite_ref-blank_1-1"></a ></sup ></span >< span class="reference-text">< span class="error mw-ext-cite-error" lang="en" dir="ltr"> Cite error
Definition: citeParserTests.txt:219
SimpleCaptcha\getMessage
getMessage( $action)
Show a message asking the user to enter a captcha on edit The result will be treated as wiki text.
Definition: Captcha.php:230
$response
this hook is for auditing only $response
Definition: hooks.txt:783
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:38
style
Bar style
Definition: parserTests.txt:184
SimpleCaptcha\describeCaptchaType
describeCaptchaType()
Describes the captcha type for API clients.
Definition: Captcha.php:85
SimpleCaptcha\isAPICaptchaModule
isAPICaptchaModule( $module)
Definition: Captcha.php:895
SimpleCaptcha\passCaptcha
passCaptcha( $index, $word)
Given a required captcha run, test form input for correct input on the open session.
Definition: Captcha.php:987
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead. & $feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition: hooks.txt:306
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:1956
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
name
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at name
Definition: design.txt:12
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
$wgRequest
if(! $wgDBerrorLogTZ) $wgRequest
Definition: Setup.php:639
Html\element
static element( $element, $attribs=[], $contents='')
Identical to rawElement(), but HTML-escapes $contents (like Xml::element()).
Definition: Html.php:231
SimpleCaptcha\APIGetAllowedParams
APIGetAllowedParams(&$module, &$params, $flags)
Definition: Captcha.php:905
SimpleCaptcha\getFormInformation
getFormInformation( $tabIndex=1)
Insert a captcha prompt into the edit form.
Definition: Captcha.php:121
$flags
it s the revision text itself In either if gzip is the revision text is gzipped $flags
Definition: hooks.txt:2749
array
the array() calling protocol came about after MediaWiki 1.4rc1.