security-package: Added try/catch to Magento\ReCaptchaUi\Model\RequestHandler.php

Author: engcom-Foxtrot

ReCaptchaCustomer/Observer/AjaxLoginObserver.php

@@ -11,12 +11,14 @@
 use Magento\Framework\App\ActionFlag;
 use Magento\Framework\Event\Observer;
 use Magento\Framework\Event\ObserverInterface;
+use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Serialize\SerializerInterface;
-use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaUi\Model\ValidationConfigResolverInterface;
 use Magento\ReCaptchaValidationApi\Api\ValidatorInterface;
+use Psr\Log\LoggerInterface;
 
 /**
  * AjaxLoginObserver
@@ -53,28 +55,36 @@ class AjaxLoginObserver implements ObserverInterface
      */
     private $isCaptchaEnabled;
 
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
     /**
      * @param CaptchaResponseResolverInterface $captchaResponseResolver
      * @param ValidationConfigResolverInterface $validationConfigResolver
      * @param ValidatorInterface $captchaValidator
      * @param ActionFlag $actionFlag
      * @param SerializerInterface $serializer
      * @param IsCaptchaEnabledInterface $isCaptchaEnabled
+     * @param LoggerInterface $logger
      */
     public function __construct(
         CaptchaResponseResolverInterface $captchaResponseResolver,
         ValidationConfigResolverInterface $validationConfigResolver,
         ValidatorInterface $captchaValidator,
         ActionFlag $actionFlag,
         SerializerInterface $serializer,
-        IsCaptchaEnabledInterface $isCaptchaEnabled
+        IsCaptchaEnabledInterface $isCaptchaEnabled,
+        LoggerInterface $logger
     ) {
         $this->captchaResponseResolver = $captchaResponseResolver;
         $this->validationConfigResolver = $validationConfigResolver;
         $this->captchaValidator = $captchaValidator;
         $this->actionFlag = $actionFlag;
         $this->serializer = $serializer;
         $this->isCaptchaEnabled = $isCaptchaEnabled;
+        $this->logger = $logger;
     }
 
     /**
@@ -91,11 +101,18 @@ public function execute(Observer $observer): void
             $request = $controller->getRequest();
             $response = $controller->getResponse();
 
-            $reCaptchaResponse = $this->captchaResponseResolver->resolve($request);
             $validationConfig = $this->validationConfigResolver->get($key);
+            try {
+                $reCaptchaResponse = $this->captchaResponseResolver->resolve($request);
+            } catch (InputException $e) {
+                $reCaptchaResponse = null;
+                $this->logger->error($e);
+            }
 
-            $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
-            if (false === $validationResult->isValid()) {
+            if (null !== $reCaptchaResponse) {
+                $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
+            }
+            if (null === $reCaptchaResponse || false === $validationResult->isValid()) {
                 $this->actionFlag->set('', Action::FLAG_NO_DISPATCH, true);
 
                 $jsonPayload = $this->serializer->serialize([

ReCaptchaUi/Model/RequestHandler.php

@@ -11,8 +11,10 @@
 use Magento\Framework\App\ActionFlag;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\Response\HttpInterface as HttpResponseInterface;
+use Magento\Framework\Exception\InputException;
 use Magento\Framework\Message\ManagerInterface as MessageManagerInterface;
 use Magento\ReCaptchaValidationApi\Api\ValidatorInterface;
+use Psr\Log\LoggerInterface;
 
 /**
  * @inheritdoc
@@ -44,25 +46,33 @@ class RequestHandler implements RequestHandlerInterface
      */
     private $actionFlag;
 
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
     /**
      * @param CaptchaResponseResolverInterface $captchaResponseResolver
      * @param ValidationConfigResolverInterface $validationConfigResolver
      * @param ValidatorInterface $captchaValidator
      * @param MessageManagerInterface $messageManager
      * @param ActionFlag $actionFlag
+     * @param LoggerInterface $logger
      */
     public function __construct(
         CaptchaResponseResolverInterface $captchaResponseResolver,
         ValidationConfigResolverInterface $validationConfigResolver,
         ValidatorInterface $captchaValidator,
         MessageManagerInterface $messageManager,
-        ActionFlag $actionFlag
+        ActionFlag $actionFlag,
+        LoggerInterface $logger
     ) {
         $this->captchaResponseResolver = $captchaResponseResolver;
         $this->validationConfigResolver = $validationConfigResolver;
         $this->captchaValidator = $captchaValidator;
         $this->messageManager = $messageManager;
         $this->actionFlag = $actionFlag;
+        $this->logger = $logger;
     }
 
     /**
@@ -74,20 +84,20 @@ public function execute(
         HttpResponseInterface $response,
         string $redirectOnFailureUrl
     ): void {
-
+        $validationConfig = $this->validationConfigResolver->get($key);
         try {
             $reCaptchaResponse = $this->captchaResponseResolver->resolve($request);
-            $validationConfig = $this->validationConfigResolver->get($key);
+        } catch (InputException $e) {
+            $reCaptchaResponse = null;
+            $this->logger->error($e);
+        }
 
+        if (null !== $reCaptchaResponse) {
             $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
-            if (false === $validationResult->isValid()) {
-                $this->messageManager->addErrorMessage($validationConfig->getValidationFailureMessage());
-                $this->actionFlag->set('', Action::FLAG_NO_DISPATCH, true);
+        }
 
-                $response->setRedirect($redirectOnFailureUrl);
-            }
-        } catch (\Exception $e) {
-            $this->messageManager->addErrorMessage($e->getMessage());
+        if (null === $reCaptchaResponse || false === $validationResult->isValid()) {
+            $this->messageManager->addErrorMessage($validationConfig->getValidationFailureMessage());
             $this->actionFlag->set('', Action::FLAG_NO_DISPATCH, true);
 
             $response->setRedirect($redirectOnFailureUrl);

ReCaptchaUser/Observer/LoginObserver.php

@@ -10,12 +10,14 @@
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Event\Observer;
 use Magento\Framework\Event\ObserverInterface;
+use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Exception\Plugin\AuthenticationException;
-use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaUi\Model\ValidationConfigResolverInterface;
 use Magento\ReCaptchaValidationApi\Api\ValidatorInterface;
+use Psr\Log\LoggerInterface;
 
 /**
  * LoginObserver
@@ -52,12 +54,18 @@ class LoginObserver implements ObserverInterface
      */
     private $loginActionName;
 
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
     /**
      * @param CaptchaResponseResolverInterface $captchaResponseResolver
      * @param ValidationConfigResolverInterface $validationConfigResolver
      * @param ValidatorInterface $captchaValidator
      * @param IsCaptchaEnabledInterface $isCaptchaEnabled
      * @param RequestInterface $request
+     * @param LoggerInterface $logger
      * @param string $loginActionName
      */
     public function __construct(
@@ -66,6 +74,7 @@ public function __construct(
         ValidatorInterface $captchaValidator,
         IsCaptchaEnabledInterface $isCaptchaEnabled,
         RequestInterface $request,
+        LoggerInterface $logger,
         string $loginActionName
     ) {
         $this->captchaResponseResolver = $captchaResponseResolver;
@@ -74,6 +83,7 @@ public function __construct(
         $this->isCaptchaEnabled = $isCaptchaEnabled;
         $this->request = $request;
         $this->loginActionName = $loginActionName;
+        $this->logger = $logger;
     }
 
     /**
@@ -88,11 +98,18 @@ public function execute(Observer $observer): void
         if ($this->isCaptchaEnabled->isCaptchaEnabledFor($key)
             && $this->request->getFullActionName() === $this->loginActionName
         ) {
-            $reCaptchaResponse = $this->captchaResponseResolver->resolve($this->request);
             $validationConfig = $this->validationConfigResolver->get($key);
+            try {
+                $reCaptchaResponse = $this->captchaResponseResolver->resolve($this->request);
+            } catch (InputException $e) {
+                $reCaptchaResponse = null;
+                $this->logger->error($e);
+            }
 
-            $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
-            if (false === $validationResult->isValid()) {
+            if (null !== $reCaptchaResponse) {
+                $validationResult = $this->captchaValidator->isValid($reCaptchaResponse, $validationConfig);
+            }
+            if (null === $reCaptchaResponse || false === $validationResult->isValid()) {
                 throw new AuthenticationException(__($validationConfig->getValidationFailureMessage()));
             }
         }