add ReCAPTCHA on the reset password form. Related to the issue pkp#6984

Godoy0722 · Godoy0722 · commit 0bb838f04a79 · 2025-04-04T16:07:17.000+01:00
diff --git a/classes/template/PKPTemplateManager.php b/classes/template/PKPTemplateManager.php
@@ -244,6 +244,9 @@ public function initialize(PKPRequest $request)
                 if (Config::getVar('captcha', 'captcha_on_login')) {
                     array_push($contexts, 'frontend-login-index', 'frontend-login-signIn');
                 }
+                if (Config::getVar('captcha', 'captcha_on_lost_password')) {
+                    array_push($contexts, 'frontend-login-lostPassword', 'frontend-login-requestResetPassword');
+                }
                 if (count($contexts)) {
                     // These are the supported locales: https://developers.google.com/recaptcha/docs/language
                     // It seems Google has already mapping for locales missing in that list, so that we can provide locale es it is.
@@ -1030,7 +1033,7 @@ public function setupBackendPage()
                                 ];
                                 $isNewSubmissionLinkPresent = true;
                             }
-                            
+
                             $menu['dashboards'] = [
                                 'name' => __('navigation.dashboards'),
                                 'icon' => 'Dashboard',
@@ -1380,15 +1383,15 @@ public function display($template = null, $cache_id = null, $compile_id = null,
         ];
 
         if($context) {
-            $pageContext = array_merge($pageContext, [                
+            $pageContext = array_merge($pageContext, [
                 'dateFormatShort' => PKPString::convertStrftimeFormat($context->getLocalizedDateFormatShort()),
                 'dateFormatLong' => PKPString::convertStrftimeFormat($context->getLocalizedDateFormatLong()),
                 'datetimeFormatShort' => PKPString::convertStrftimeFormat($context->getLocalizedDateTimeFormatShort()),
                 'datetimeFormatLong' => PKPString::convertStrftimeFormat($context->getLocalizedDateTimeFormatLong()),
                 'timeFormat' => PKPString::convertStrftimeFormat($context->getLocalizedTimeFormat()),
             ]);
         } else {
-            $pageContext = array_merge($pageContext, [                
+            $pageContext = array_merge($pageContext, [
                 'dateFormatShort' => PKPString::convertStrftimeFormat(Config::getVar('general', 'date_format_short')),
                 'dateFormatLong' => PKPString::convertStrftimeFormat(Config::getVar('general', 'date_format_long')),
                 'datetimeFormatShort' => PKPString::convertStrftimeFormat(Config::getVar('general', 'datetime_format_short')),
diff --git a/pages/login/LoginHandler.php b/pages/login/LoginHandler.php
@@ -152,7 +152,7 @@ public function signIn(array $args, PKPRequest $request): void
                 Validation::logout();
                 $request->redirect(null, null, 'changePassword', [$user->getUsername()]);
             }
-            $source = str_replace('@', '', $request->getUserVar('source'));
+            $source = $request->getUserVar('source');
             if (preg_match('#^/\w#', (string) $source) === 1) {
                 $request->redirectUrl($source);
             }
@@ -194,7 +194,7 @@ public function signOut($args, $request)
             Validation::logout();
         }
 
-        $source = str_replace('@', '', $request->getUserVar('source'));
+        $source = $request->getUserVar('source');
         if (isset($source) && !empty($source)) {
             $request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false);
         } else {
@@ -214,6 +214,12 @@ public function lostPassword($args, $request)
         $this->setupTemplate($request);
         $templateMgr = TemplateManager::getManager($request);
 
+        // Check if reCAPTCHA is enabled for lost password
+        $isCaptchaEnabled = Config::getVar('captcha', 'captcha_on_lost_password') && Config::getVar('captcha', 'recaptcha');
+        if ($isCaptchaEnabled) {
+            $templateMgr->assign('recaptchaPublicKey', Config::getVar('captcha', 'recaptcha_public_key'));
+        }
+
         $this->_generateAltchaComponent('altcha_on_lost_password', $templateMgr);
         $templateMgr->display('frontend/pages/userLostPassword.tpl');
     }
@@ -226,8 +232,25 @@ public function requestResetPassword($args, $request)
         $this->setupTemplate($request);
         $templateMgr = TemplateManager::getManager($request);
 
-        $altchaHasError = $this->_validateAltchasResponse($request, 'altcha_on_lost_password');
+        // Validate reCAPTCHA if enabled
+        $isCaptchaEnabled = Config::getVar('captcha', 'captcha_on_lost_password') && Config::getVar('captcha', 'recaptcha');
+        if ($isCaptchaEnabled) {
+            $templateMgr->assign('recaptchaPublicKey', Config::getVar('captcha', 'recaptcha_public_key'));
+            try {
+                FormValidatorReCaptcha::validateResponse($request->getUserVar('g-recaptcha-response'), $request->getRemoteAddr(), $request->getServerHost());
+            } catch (Exception $exception) {
+                // Keep the reCAPTCHA public key in the template
+                $templateMgr->assign([
+                    'recaptchaPublicKey' => Config::getVar('captcha', 'recaptcha_public_key'),
+                    'error' => 'user.login.lostPassword.confirmationSentFailedWithReason',
+                    'reason' => __('common.captcha.error.invalid-input-response')
+                ]);
+                $templateMgr->display('frontend/pages/userLostPassword.tpl');
+                return;
+            }
+        }
 
+        $altchaHasError = $this->_validateAltchasResponse($request, 'altcha_on_lost_password');
         if ($altchaHasError) {
             $this->_generateAltchaComponent('altcha_on_lost_password', $templateMgr);
 
@@ -491,8 +514,11 @@ public function _redirectByURL($request)
      */
     protected function sendHome($request)
     {
-        $pkpPageRouter = $request->getRouter(); /** @var \PKP\core\PKPPageRouter $pkpPageRouter */
-        $pkpPageRouter->redirectHome($request);
+        if ($request->getContext()) {
+            $request->redirect(null, 'submissions');
+        } else {
+            $request->redirect(null, 'user');
+        }
     }
 
     /**
@@ -510,7 +536,6 @@ private function _validateAltchasResponse($request, $altchaConfigKey): ?string
                 return 'common.captcha.error.missing-input-response';
             }
         }
-        return null;
     }
 
     /**
diff --git a/templates/frontend/pages/userLostPassword.tpl b/templates/frontend/pages/userLostPassword.tpl
@@ -40,6 +40,18 @@
 				</label>
 			</div>
 
+			{* recaptcha spam blocker *}
+			{if $recaptchaPublicKey}
+				<fieldset class="recaptcha_wrapper">
+					<div class="fields">
+						<div class="recaptcha">
+							<div class="g-recaptcha" data-sitekey="{$recaptchaPublicKey|escape}">
+							</div><label for="g-recaptcha-response" style="display:none;" hidden>Recaptcha response</label>
+						</div>
+					</div>
+				</fieldset>
+			{/if}
+
 			{* altcha spam blocker *}
 			{if $altchaEnabled}
 				<fieldset class="altcha_wrapper">
@@ -48,7 +60,6 @@
 					</div>
 				</fieldset>
 			{/if}
-			
 			<div class="buttons">
 				<button class="submit" type="submit">
 					{translate key="user.login.resetPassword"}
