Merge pull request #61 from magento-mpi/MC-30896

MC-30896: Move PayPalRecaptcha module to Magento Security Extensions

Author: naydav

ReCaptchaAdminUi/etc/di.xml

@@ -7,7 +7,7 @@
  -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
-    <virtualType name="Magento\ReCaptchaApi\Model\OptionSource\Type"
+    <virtualType name="Magento\ReCaptchaAdminUi\Model\OptionSource\Type"
                  type="Magento\ReCaptchaAdminUi\Model\OptionSource">
         <arguments>
             <argument name="options" xsi:type="array">

ReCaptchaCheckout/view/frontend/layout/checkout_index_index.xml

@@ -28,7 +28,6 @@
                                                                     <item name="displayArea" xsi:type="string">additional-login-form-fields</item>
                                                                     <item name="configSource" xsi:type="string">checkoutConfig</item>
                                                                     <item name="reCaptchaId" xsi:type="string">recaptcha-checkout-inline-login</item>
-                                                                    <item name="zone" xsi:type="string">login</item>
                                                                 </item>
                                                             </item>
                                                         </item>
@@ -47,7 +46,6 @@
                                                                     <item name="displayArea" xsi:type="string">additional-login-form-fields</item>
                                                                     <item name="configSource" xsi:type="string">checkoutConfig</item>
                                                                     <item name="reCaptchaId" xsi:type="string">recaptcha-checkout-inline-login-billing</item>
-                                                                    <item name="zone" xsi:type="string">login</item>
                                                                 </item>
                                                             </item>
                                                         </item>

ReCaptchaContact/etc/adminhtml/system.xml

@@ -13,7 +13,7 @@
                 <field id="contact" translate="label" type="select" sortOrder="140" showInDefault="1"
                        showInWebsite="1" showInStore="0" canRestore="1">
                     <label>Enable for Contact Us</label>
-                    <source_model>Magento\ReCaptchaApi\Model\OptionSource\Type</source_model>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
                 </field>
             </group>
         </section>

ReCaptchaCustomer/etc/adminhtml/system.xml

@@ -13,17 +13,17 @@
                 <field id="customer_login" translate="label" type="select" sortOrder="110" showInDefault="1"
                        showInWebsite="1" showInStore="0" canRestore="1">
                     <label>Enable for Customer Login</label>
-                    <source_model>Magento\ReCaptchaApi\Model\OptionSource\Type</source_model>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
                 </field>
                 <field id="customer_forgot_password" translate="label" type="select" sortOrder="120" showInDefault="1"
                        showInWebsite="1" showInStore="0" canRestore="1">
                     <label>Enable for Forgot Password</label>
-                    <source_model>Magento\ReCaptchaApi\Model\OptionSource\Type</source_model>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
                 </field>
                 <field id="customer_create" translate="label" type="select" sortOrder="130" showInDefault="1"
                        showInWebsite="1" showInStore="0" canRestore="1">
                     <label>Enable for Create New Customer Account</label>
-                    <source_model>Magento\ReCaptchaApi\Model\OptionSource\Type</source_model>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
                 </field>
             </group>
         </section>

ReCaptchaFrontendUi/view/frontend/web/js/reCaptcha.js

@@ -89,8 +89,7 @@ define(
                     $parentForm,
                     $wrapper,
                     $reCaptcha,
-                    widgetId,
-                    listeners;
+                    widgetId;
 
                 if (this.captchaInitialized) {
                     return;
@@ -129,9 +128,26 @@ define(
 
                 // eslint-disable-next-line no-undef
                 widgetId = grecaptcha.render(this.getReCaptchaId(), parameters);
+                this.initParentForm($parentForm, widgetId);
+
+                registry.ids.push(this.getReCaptchaId());
+                registry.captchaList.push(widgetId);
+                registry.tokenFields.push(this.tokenField);
 
-                if (this.getIsInvisibleRecaptcha() && $parentForm.length > 0) {
-                    $parentForm.submit(function (event) {
+            },
+
+            /**
+             * Initialize parent form.
+             *
+             * @param {Object} parentForm
+             * @param {String} widgetId
+             */
+            initParentForm: function (parentForm, widgetId) {
+                var me = this,
+                    listeners;
+
+                if (this.getIsInvisibleRecaptcha() && parentForm.length > 0) {
+                    parentForm.submit(function (event) {
                         if (!me.tokenField.value) {
                             // eslint-disable-next-line no-undef
                             grecaptcha.execute(widgetId);
@@ -141,21 +157,16 @@ define(
                     });
 
                     // Move our (last) handler topmost. We need this to avoid submit bindings with ko.
-                    listeners = $._data($parentForm[0], 'events').submit;
+                    listeners = $._data(parentForm[0], 'events').submit;
                     listeners.unshift(listeners.pop());
 
                     // Create a virtual token field
                     this.tokenField = $('<input type="text" name="token" style="display: none" />')[0];
-                    this.$parentForm = $parentForm;
-                    $parentForm.append(this.tokenField);
+                    this.$parentForm = parentForm;
+                    parentForm.append(this.tokenField);
                 } else {
                     this.tokenField = null;
                 }
-
-                registry.ids.push(this.getReCaptchaId());
-                registry.captchaList.push(widgetId);
-                registry.tokenFields.push(this.tokenField);
-
             },
 
             validateReCaptcha: function (state) {

ReCaptchaNewsletter/etc/adminhtml/system.xml

@@ -14,7 +14,7 @@
                        showInWebsite="1" showInStore="0" canRestore="1">
                     <label>Enable Invisible reCAPTCHA in Newsletter Subscription</label>
                     <comment>If enabled, a badge will be displayed in every page.</comment>
-                    <source_model>Magento\ReCaptchaApi\Model\OptionSource\Type</source_model>
+                    <source_model>Magento\ReCaptchaAdminUi\Model\OptionSource\Type</source_model>
                 </field>
             </group>
         </section>

ReCaptchaPaypal/Block/LayoutProcessor/Checkout/Onepage.php

@@ -0,0 +1,66 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaPaypal\Block\LayoutProcessor\Checkout;
+
+use Magento\Checkout\Block\Checkout\LayoutProcessorInterface;
+use Magento\Framework\Exception\InputException;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+use Magento\ReCaptchaUi\Model\UiConfigResolverInterface;
+
+/**
+ * Provides reCaptcha component configuration.
+ */
+class Onepage implements LayoutProcessorInterface
+{
+    /**
+     * @var UiConfigResolverInterface
+     */
+    private $captchaUiConfigResolver;
+
+    /**
+     * @var IsCaptchaEnabledInterface
+     */
+    private $isCaptchaEnabled;
+
+    /**
+     * @param UiConfigResolverInterface $captchaUiConfigResolver
+     * @param IsCaptchaEnabledInterface $isCaptchaEnabled
+     */
+    public function __construct(
+        UiConfigResolverInterface $captchaUiConfigResolver,
+        IsCaptchaEnabledInterface $isCaptchaEnabled
+    ) {
+        $this->captchaUiConfigResolver = $captchaUiConfigResolver;
+        $this->isCaptchaEnabled = $isCaptchaEnabled;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @param array $jsLayout
+     * @return array
+     * @throws InputException
+     */
+    public function process($jsLayout)
+    {
+        $key = 'paypal_payflowpro';
+        if ($this->isCaptchaEnabled->isCaptchaEnabledFor($key)) {
+            $jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
+            ['payment']['children']['payments-list']['children']['paypal-captcha']['children']
+            ['recaptcha']['settings'] = $this->captchaUiConfigResolver->get($key);
+        } else {
+            if (isset($jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
+                ['payment']['children']['payments-list']['children']['paypal-captcha']['children']['recaptcha'])) {
+                unset($jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
+                    ['payment']['children']['payments-list']['children']['paypal-captcha']['children']['recaptcha']);
+            }
+        }
+
+        return $jsLayout;
+    }
+}

ReCaptchaPaypal/Model/CheckoutConfigProvider.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaPaypal\Model;
+
+use Magento\Checkout\Model\ConfigProviderInterface;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+
+/**
+ * Adds reCaptcha configuration to checkout.
+ */
+class CheckoutConfigProvider implements ConfigProviderInterface
+{
+    /**
+     * @var IsCaptchaEnabledInterface
+     */
+    private $isCaptchaEnabled;
+
+    /**
+     * @param IsCaptchaEnabledInterface $isCaptchaEnabled
+     */
+    public function __construct(
+        IsCaptchaEnabledInterface $isCaptchaEnabled
+    ) {
+        $this->isCaptchaEnabled = $isCaptchaEnabled;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getConfig()
+    {
+        return [
+            'recaptcha_paypal' => $this->isCaptchaEnabled->isCaptchaEnabledFor('paypal_payflowpro')
+        ];
+    }
+}

ReCaptchaPaypal/Observer/PayPalObserver.php

@@ -0,0 +1,136 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaPaypal\Observer;
+
+use Magento\Framework\App\Action\Action;
+use Magento\Framework\App\ActionFlag;
+use Magento\Framework\Event\Observer;
+use Magento\Framework\Event\ObserverInterface;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Serialize\SerializerInterface;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
+use Magento\ReCaptchaUi\Model\ValidationConfigResolverInterface;
+use Magento\ReCaptchaValidationApi\Api\ValidatorInterface;
+use Psr\Log\LoggerInterface;
+
+/**
+ * AjaxLoginObserver
+ */
+class PayPalObserver implements ObserverInterface
+{
+    /**
+     * @var CaptchaResponseResolverInterface
+     */
+    private $captchaResponseResolver;
+
+    /**
+     * @var ValidationConfigResolverInterface
+     */
+    private $validationConfigResolver;
+
+    /**
+     * @var ValidatorInterface
+     */
+    private $captchaValidator;
+
+    /**
+     * @var ActionFlag
+     */
+    private $actionFlag;
+
+    /**
+     * @var SerializerInterface
+     */
+    private $serializer;
+
+    /**
+     * @var IsCaptchaEnabledInterface
+     */
+    private $isCaptchaEnabled;
+
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
+    /**
+     * @param CaptchaResponseResolverInterface $captchaResponseResolver
+     * @param ValidationConfigResolverInterface $validationConfigResolver
+     * @param ValidatorInterface $captchaValidator
+     * @param ActionFlag $actionFlag
+     * @param SerializerInterface $serializer
+     * @param IsCaptchaEnabledInterface $isCaptchaEnabled
+     * @param LoggerInterface $logger
+     */
+    public function __construct(
+        CaptchaResponseResolverInterface $captchaResponseResolver,
+        ValidationConfigResolverInterface $validationConfigResolver,
+        ValidatorInterface $captchaValidator,
+        ActionFlag $actionFlag,
+        SerializerInterface $serializer,
+        IsCaptchaEnabledInterface $isCaptchaEnabled,
+        LoggerInterface $logger
+    ) {
+        $this->captchaResponseResolver = $captchaResponseResolver;
+        $this->validationConfigResolver = $validationConfigResolver;
+        $this->captchaValidator = $captchaValidator;
+        $this->actionFlag = $actionFlag;
+        $this->serializer = $serializer;
+        $this->isCaptchaEnabled = $isCaptchaEnabled;
+        $this->logger = $logger;
+    }
+
+    /**
+     * Validates reCaptcha response.
+     *
+     * @param Observer $observer
+     * @return void
+     * @throws LocalizedException
+     */
+    public function execute(Observer $observer): void
+    {
+        $key = 'paypal_payflowpro';
+        if ($this->isCaptchaEnabled->isCaptchaEnabledFor($key)) {
+            /** @var Action $controller */
+            $controller = $observer->getControllerAction();
+            $request = $controller->getRequest();
+            $response = $controller->getResponse();
+
+            $validationConfig = $this->validationConfigResolver->get($key);
+
+            try {
+                $reCaptchaResponse = $this->captchaResponseResolver->resolve($request);
+            } catch (InputException $e) {
+                $this->logger->error($e);
+
+                $jsonPayload = $this->serializer->serialize([
+                    'success' => false,
+                    'error' => true,
+                    'error_messages' => $validationConfig->getValidationFailureMessage(),
+                ]);
+                $response->representJson($jsonPayload);
+                return;
+            }
+
+            $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
+            if (false === $validationResult->isValid()) {
+                $this->actionFlag->set('', Action::FLAG_NO_DISPATCH, true);
+
+                $jsonPayload = $this->serializer->serialize([
+                    'success' => false,
+                    'error' => true,
+                    'error_messages' => $validationConfig->getValidationFailureMessage(),
+                ]);
+
+                $response->representJson($jsonPayload);
+            }
+        }
+    }
+}

ReCaptchaPaypal/README.md

@@ -0,0 +1 @@
+Please refer to: https://github.com/magento/security-package