diff --git a/assets/js/src/public.js b/assets/js/src/public.js
index 71eb44c75c..b246e92bfd 100644
--- a/assets/js/src/public.js
+++ b/assets/js/src/public.js
@@ -72,6 +72,10 @@ function ( // eslint-disable-line func-names
form.trigger('reset');
// reset validation
parsley.reset();
+ // reset captcha
+ if (window.grecaptcha) {
+ window.grecaptcha.reset();
+ }
// resize iframe
if (
diff --git a/lib/API/JSON/API.php b/lib/API/JSON/API.php
index af8bdc8ec9..081818c27c 100644
--- a/lib/API/JSON/API.php
+++ b/lib/API/JSON/API.php
@@ -59,8 +59,8 @@ class API {
$ignoreToken = (
Setting::getValue('re_captcha.enabled') &&
- $this->_request_endpoint == 'subscribers' &&
- $this->_request_method == 'subscribe'
+ $this->_request_endpoint === 'subscribers' &&
+ $this->_request_method === 'subscribe'
);
if(!$ignoreToken && $this->checkToken() === false) {
diff --git a/lib/API/JSON/v1/Subscribers.php b/lib/API/JSON/v1/Subscribers.php
index a1277a9070..233ae87a18 100644
--- a/lib/API/JSON/v1/Subscribers.php
+++ b/lib/API/JSON/v1/Subscribers.php
@@ -90,13 +90,13 @@ class Subscribers extends APIEndpoint {
));
}
- if($recaptcha['enabled'] && !isset($data['recaptcha'])) {
+ if(!empty($recaptcha['enabled']) && $recaptcha['enabled'] && !isset($data['recaptcha'])) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Please check the captcha.', 'mailpoet')
));
}
- if($recaptcha['enabled']) {
+ if(!empty($recaptcha['enabled']) && $recaptcha['enabled']) {
$res = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', array(
'body' => array(
'secret' => $recaptcha['secret_token'],
@@ -108,8 +108,8 @@ class Subscribers extends APIEndpoint {
APIError::BAD_REQUEST => __('Error while validating the captcha.', 'mailpoet')
));
}
- $res = json_decode($res['body']);
- if(!$res->success) {
+ $res = json_decode(wp_remote_retrieve_body($res));
+ if(empty($res) || !$res->success) {
return $this->badRequest(array(
APIError::BAD_REQUEST => __('Error while validating the captcha.', 'mailpoet')
));
diff --git a/lib/Form/Renderer.php b/lib/Form/Renderer.php
index 54de507e1f..f8aeac9d59 100644
--- a/lib/Form/Renderer.php
+++ b/lib/Form/Renderer.php
@@ -41,23 +41,19 @@ class Renderer {
}
static function renderBlocks($blocks = array(), $honeypot_enabled = true) {
- $html = array();
// add honeypot for spambots
- $html[] = ($honeypot_enabled) ?
+ $html = ($honeypot_enabled) ?
'' :
'';
foreach($blocks as $key => $block) {
- $html[] = static::renderBlock($block) . PHP_EOL;
- }
-
- if(Setting::getValue('re_captcha.enabled')) {
- $submit = array_pop($html);
- $site_key = Setting::getValue('re_captcha.site_token');
- $html[] = '';
- $html[] = $submit;
+ if($block['type'] == 'submit' && Setting::getValue('re_captcha.enabled')) {
+ $site_key = Setting::getValue('re_captcha.site_token');
+ $html .= '';
+ }
+ $html .= static::renderBlock($block) . PHP_EOL;
}
- return implode('', $html);
+ return $html;
}
static function renderBlock($block = array()) {
diff --git a/lib/Form/Widget.php b/lib/Form/Widget.php
index 9ab1e8e8d9..26df4bfe90 100644
--- a/lib/Form/Widget.php
+++ b/lib/Form/Widget.php
@@ -51,9 +51,6 @@ class Widget extends \WP_Widget {
wp_print_scripts('jquery');
wp_print_scripts('mailpoet_vendor');
wp_print_scripts('mailpoet_public');
- if(Setting::getValue('re_captcha.enabled')) {
- echo self::RECAPTCHA_API_SCRIPT;
- }
$scripts = ob_get_contents();
ob_end_clean();
@@ -278,6 +275,9 @@ EOL;
if(!empty($body)) {
$form_id = $this->id_base . '_' . $form['id'];
if(Setting::getValue('re_captcha.enabled')) {
+ if(empty($before_widget)) {
+ $before_widget = '';
+ }
$before_widget .= self::RECAPTCHA_API_SCRIPT;
}
$data = array(
diff --git a/tests/unit/API/JSON/v1/SubscribersTest.php b/tests/unit/API/JSON/v1/SubscribersTest.php
index d0cb6d72be..a4e2d334f3 100644
--- a/tests/unit/API/JSON/v1/SubscribersTest.php
+++ b/tests/unit/API/JSON/v1/SubscribersTest.php
@@ -461,6 +461,19 @@ class SubscribersTest extends \MailPoetTest {
expect($response->status)->equals(APIResponse::STATUS_OK);
}
+ function testItCannotSubscribeWithoutCaptchaWhenEnabled() {
+ Setting::setValue('re_captcha', array('enabled' => true));
+ $router = new Subscribers();
+ $response = $router->subscribe(array(
+ $this->obfuscatedEmail => 'toto@mailpoet.com',
+ 'form_id' => $this->form->id,
+ $this->obfuscatedSegments => array($this->segment_1->id, $this->segment_2->id)
+ ));
+ expect($response->status)->equals(APIResponse::STATUS_BAD_REQUEST);
+ expect($response->errors[0]['message'])->equals('Please check the captcha.');
+ Setting::setValue('re_captcha', array());
+ }
+
function testItCanSubscribeWithoutSegmentsIfTheyAreSelectedByAdmin() {
$form = $this->form->asArray();
$form['settings']['segments_selected_by'] = 'admin';
diff --git a/views/settings.html b/views/settings.html
index 60969f6020..e70891cb69 100644
--- a/views/settings.html
+++ b/views/settings.html
@@ -70,6 +70,7 @@
secret_key = $('input[name="re_captcha[secret_token]"]').val().trim();
if (enabled && (site_key == '' || secret_key == '')) {
$('#settings_re_captcha_tokens_error').show();
+ window.location.href = '#advanced';
return false;
}
// if we're setting up a sending method, try to activate it
diff --git a/views/settings/advanced.html b/views/settings/advanced.html
index 4c240cdad8..9056c0b55f 100644
--- a/views/settings/advanced.html
+++ b/views/settings/advanced.html
@@ -207,18 +207,20 @@
- Please fill the reCAPTCHA keys.
+ <%= __('Please fill the reCAPTCHA keys.') %>