Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Use CaptchaSession service instead of PHP Session

Browse Source 
[MAILPOET-2248]
This commit is contained in:
Rostislav Wolny
2019-08-05 08:55:16 +02:00
committed by Jack Kitterhing
parent 6a494a2fae
commit 8e1c3b8c03
5 changed files with 47 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/API/JSON/v1/Subscribers.php
View File

@ -20,6 +20,7 @@ use MailPoet\Subscribers\RequiredCustomFieldValidator;
use MailPoet\Subscribers\Source;
use MailPoet\Subscribers\SubscriberActions;
use MailPoet\Subscription\Captcha;
use MailPoet\Subscription\CaptchaSession;
use MailPoet\Subscription\Throttling as SubscriptionThrottling;
use MailPoet\Subscription\Url as SubscriptionUrl;
use MailPoet\WP\Functions as WPFunctions;
@ -58,6 +59,9 @@ class Subscribers extends APIEndpoint {
/** @var SettingsController */
private $settings;
/** @var CaptchaSession */
private $captcha_session;
public function __construct(
Listing\BulkActionController $bulk_action_controller,
SubscribersListings $subscribers_listings,
@ -66,7 +70,8 @@ class Subscribers extends APIEndpoint {
Listing\Handler $listing_handler,
Captcha $subscription_captcha,
WPFunctions $wp,
SettingsController $settings
SettingsController $settings,
CaptchaSession $captcha_session
) {
$this->bulk_action_controller = $bulk_action_controller;
$this->subscribers_listings = $subscribers_listings;
@ -76,6 +81,7 @@ class Subscribers extends APIEndpoint {
$this->subscription_captcha = $subscription_captcha;
$this->wp = $wp;
$this->settings = $settings;
$this->captcha_session = $captcha_session;
}
function get($data = []) {
@ -164,10 +170,10 @@ class Subscribers extends APIEndpoint {
if (!empty($captcha_settings['type']) && $captcha_settings['type'] === Captcha::TYPE_BUILTIN) {
if (!isset($data['captcha'])) {
// Save form data to session
$_SESSION[Captcha::SESSION_FORM_KEY] = array_merge($data, ['form_id' => $form_id]);
} elseif (!empty($_SESSION[Captcha::SESSION_FORM_KEY])) {
$this->captcha_session->setFormData(array_merge($data, ['form_id' => $form_id]));
} elseif ($this->captcha_session->getFormData()) {
// Restore form data from session
$data = array_merge($_SESSION[Captcha::SESSION_FORM_KEY], ['captcha' => $data['captcha']]);
$data = array_merge($this->captcha_session->getFormData(), ['captcha' => $data['captcha']]);
}
// Otherwise use the post data
}
@ -222,8 +228,7 @@ class Subscribers extends APIEndpoint {
} else {
if (!empty($captcha_settings['type']) && $captcha_settings['type'] === Captcha::TYPE_BUILTIN) {
// Captcha has been verified, invalidate the session vars
$_SESSION[Captcha::SESSION_KEY] = null;
$_SESSION[Captcha::SESSION_FORM_KEY] = null;
$this->captcha_session->reset();
}
$meta = [];
@ -299,12 +304,13 @@ class Subscribers extends APIEndpoint {
]);
}
} elseif ($captcha_settings['type'] === Captcha::TYPE_BUILTIN && $is_builtin_captcha_required) {
if (empty($_SESSION[Captcha::SESSION_KEY])) {
$captcha_hash = $this->captcha_session->getCaptchaHash();
if (empty($captcha_hash)) {
return $this->badRequest([
APIError::BAD_REQUEST => WPFunctions::get()->__('Please regenerate the CAPTCHA.', 'mailpoet'),
]);
} elseif (!hash_equals(strtolower($data['captcha']), $_SESSION[Captcha::SESSION_KEY])) {
$_SESSION[Captcha::SESSION_KEY] = null;
} elseif (!hash_equals(strtolower($data['captcha']), $captcha_hash)) {
$this->captcha_session->setCaptchaHash(null);
$meta = [];
$meta['refresh_captcha'] = true;
return $this->badRequest([

15
lib/Subscription/Captcha.php
View File

@ -2,6 +2,7 @@
namespace MailPoet\Subscription;
use MailPoet\Config\Session;
use MailPoet\Models\Subscriber;
use MailPoet\Models\SubscriberIP;
use MailPoet\Util\Helpers;
@ -13,17 +14,21 @@ class Captcha {
const TYPE_RECAPTCHA = 'recaptcha';
const TYPE_DISABLED = null;
const SESSION_KEY = 'mailpoet_captcha';
const SESSION_FORM_KEY = 'mailpoet_captcha_form';
/** @var WPFunctions */
private $wp;
function __construct(WPFunctions $wp = null) {
/** @var CaptchaSession */
private $captcha_session;
function __construct(WPFunctions $wp = null, CaptchaSession $captcha_session = null) {
if ($wp === null) {
$wp = new WPFunctions;
}
if ($captcha_session === null) {
$captcha_session = new CaptchaSession($wp, new Session());
}
$this->wp = $wp;
$this->captcha_session = $captcha_session;
}
function isSupported() {
@ -95,7 +100,7 @@ class Captcha {
->setMaxBehindLines(0)
->build($width ?: 220, $height ?: 60, $font);
$_SESSION[self::SESSION_KEY] = $builder->getPhrase();
$this->captcha_session->setCaptchaHash($builder->getPhrase());
if ($return) {
return $builder->get();

9
lib/Subscription/CaptchaRenderer.php
View File

@ -14,9 +14,13 @@ class CaptchaRenderer {
/** @var WPFunctions */
private $wp;
function __construct(UrlHelper $url_helper, WPFunctions $wp) {
/** @var CaptchaSession */
private $captcha_session;
function __construct(UrlHelper $url_helper, WPFunctions $wp, CaptchaSession $captcha_session) {
$this->url_helper = $url_helper;
$this->wp = $wp;
$this->captcha_session = $captcha_session;
}
public function getCaptchaPageTitle() {
@ -49,7 +53,8 @@ class CaptchaRenderer {
]
);
$form_id = isset($_SESSION[Captcha::SESSION_FORM_KEY]['form_id']) ? (int)$_SESSION[Captcha::SESSION_FORM_KEY]['form_id'] : 0;
$captcha_session_form = $this->captcha_session->getFormData();
$form_id = isset($captcha_session_form['form_id']) ? (int)$captcha_session_form['form_id'] : 0;
$form_model = FormModel::findOne($form_id);
if (!$form_model instanceof FormModel) {
return false;

9
tests/integration/API/JSON/v1/SubscribersTest.php
View File

@ -5,6 +5,7 @@ use Carbon\Carbon;
use Codeception\Util\Fixtures;
use MailPoet\API\JSON\v1\Subscribers;
use MailPoet\API\JSON\Response as APIResponse;
use MailPoet\Config\Session;
use MailPoet\DI\ContainerWrapper;
use MailPoet\Form\Util\FieldNameObfuscator;
use MailPoet\Models\CustomField;
@ -21,6 +22,8 @@ use MailPoet\Models\SubscriberSegment;
use MailPoet\Settings\SettingsController;
use MailPoet\Subscribers\Source;
use MailPoet\Subscription\Captcha;
use MailPoet\Subscription\CaptchaSession;
use MailPoet\WP\Functions;
class SubscribersTest extends \MailPoetTest {
@ -77,6 +80,9 @@ class SubscribersTest extends \MailPoetTest {
'address' => 'sender@mailpoet.com',
'name' => 'Sender',
]);
// MAILPOET SESSION
$_COOKIE[Session::COOKIE_NAME] = 'abcd';
}
function testItCanGetASubscriber() {
@ -517,7 +523,8 @@ class SubscribersTest extends \MailPoetTest {
$subscriber->count_confirmations = 1;
$subscriber->save();
$captcha_value = 'ihg5w';
$_SESSION[Captcha::SESSION_KEY] = $captcha_value;
$captcha_session = new CaptchaSession(new Functions(), new Session());
$captcha_session->setCaptchaHash($captcha_value);
$response = $this->endpoint->subscribe([
$this->obfuscatedEmail => $email,
'form_id' => $this->form->id,

9
tests/integration/Subscription/CaptchaTest.php
View File

@ -3,10 +3,13 @@ namespace MailPoet\Test\Subscription;
use Carbon\Carbon;
use Codeception\Util\Fixtures;
use MailPoet\Config\Session;
use MailPoet\Models\Subscriber;
use MailPoet\Models\SubscriberIP;
use MailPoet\Subscription\Captcha;
use MailPoet\Subscription\CaptchaSession;
use MailPoet\WP\Functions as WPFunctions;
use MailPoet\WP\Functions;
class CaptchaTest extends \MailPoetTest {
function _before() {
@ -40,10 +43,12 @@ class CaptchaTest extends \MailPoetTest {
}
function testItRendersImage() {
expect_that(empty($_SESSION[Captcha::SESSION_KEY]));
$_COOKIE[Session::COOKIE_NAME] = 'abcd';
$captcha_session = new CaptchaSession(new Functions(), new Session());
expect($captcha_session->getCaptchaHash())->false();
$image = $this->captcha->renderImage(null, null, true);
expect($image)->notEmpty();
expect_that(!empty($_SESSION[Captcha::SESSION_KEY]));
expect($captcha_session->getCaptchaHash())->notEmpty();
}
function _after() {