add ReCAPTCHA on the reset password form. Related to the issue pkp#6984

Godoy0722 · Godoy0722 · commit 25d7f544c895 · 2025-04-04T17:00:38.000+01:00
diff --git a/classes/template/PKPTemplateManager.php b/classes/template/PKPTemplateManager.php
@@ -244,6 +244,9 @@ public function initialize(PKPRequest $request)
                 if (Config::getVar('captcha', 'captcha_on_login')) {
                     array_push($contexts, 'frontend-login-index', 'frontend-login-signIn');
                 }
+                if (Config::getVar('captcha', 'captcha_on_lost_password')) {
+                    array_push($contexts, 'frontend-login-lostPassword', 'frontend-login-requestResetPassword');
+                }
                 if (count($contexts)) {
                     // These are the supported locales: https://developers.google.com/recaptcha/docs/language
                     // It seems Google has already mapping for locales missing in that list, so that we can provide locale es it is.
@@ -1030,7 +1033,7 @@ public function setupBackendPage()
                                 ];
                                 $isNewSubmissionLinkPresent = true;
                             }
-                            
+
                             $menu['dashboards'] = [
                                 'name' => __('navigation.dashboards'),
                                 'icon' => 'Dashboard',
@@ -1380,15 +1383,15 @@ public function display($template = null, $cache_id = null, $compile_id = null,
         ];
 
         if($context) {
-            $pageContext = array_merge($pageContext, [                
+            $pageContext = array_merge($pageContext, [
                 'dateFormatShort' => PKPString::convertStrftimeFormat($context->getLocalizedDateFormatShort()),
                 'dateFormatLong' => PKPString::convertStrftimeFormat($context->getLocalizedDateFormatLong()),
                 'datetimeFormatShort' => PKPString::convertStrftimeFormat($context->getLocalizedDateTimeFormatShort()),
                 'datetimeFormatLong' => PKPString::convertStrftimeFormat($context->getLocalizedDateTimeFormatLong()),
                 'timeFormat' => PKPString::convertStrftimeFormat($context->getLocalizedTimeFormat()),
             ]);
         } else {
-            $pageContext = array_merge($pageContext, [                
+            $pageContext = array_merge($pageContext, [
                 'dateFormatShort' => PKPString::convertStrftimeFormat(Config::getVar('general', 'date_format_short')),
                 'dateFormatLong' => PKPString::convertStrftimeFormat(Config::getVar('general', 'date_format_long')),
                 'datetimeFormatShort' => PKPString::convertStrftimeFormat(Config::getVar('general', 'datetime_format_short')),
diff --git a/pages/login/LoginHandler.php b/pages/login/LoginHandler.php
@@ -214,6 +214,11 @@ public function lostPassword($args, $request)
         $this->setupTemplate($request);
         $templateMgr = TemplateManager::getManager($request);
 
+        $isCaptchaEnabled = Config::getVar('captcha', 'recaptcha') && Config::getVar('captcha', 'captcha_on_lost_password');
+        if ($isCaptchaEnabled) {
+            $templateMgr->assign('recaptchaPublicKey', Config::getVar('captcha', 'recaptcha_public_key'));
+        }
+
         $this->_generateAltchaComponent('altcha_on_lost_password', $templateMgr);
         $templateMgr->display('frontend/pages/userLostPassword.tpl');
     }
@@ -226,6 +231,17 @@ public function requestResetPassword($args, $request)
         $this->setupTemplate($request);
         $templateMgr = TemplateManager::getManager($request);
 
+        $isCaptchaEnabled = Config::getVar('captcha', 'recaptcha') && Config::getVar('captcha', 'captcha_on_lost_password');
+        $recaptchaError = null;
+        if ($isCaptchaEnabled) {
+            $templateMgr->assign('recaptchaPublicKey', Config::getVar('captcha', 'recaptcha_public_key'));
+            try {
+                FormValidatorReCaptcha::validateResponse($request->getUserVar('g-recaptcha-response'), $request->getRemoteAddr(), $request->getServerHost());
+            } catch (Exception $exception) {
+                $recaptchaError = 'common.captcha.error.missing-input-response';
+            }
+        }
+
         $altchaHasError = $this->_validateAltchasResponse($request, 'altcha_on_lost_password');
 
         if ($altchaHasError) {
diff --git a/templates/frontend/pages/userLostPassword.tpl b/templates/frontend/pages/userLostPassword.tpl
@@ -40,6 +40,17 @@
 				</label>
 			</div>
 
+			{if $recaptchaPublicKey}
+				<fieldset class="recaptcha_wrapper">
+					<div class="fields">
+						<div class="recaptcha">
+							<div class="g-recaptcha" data-sitekey="{$recaptchaPublicKey|escape}">
+							</div><label for="g-recaptcha-response" style="display:none;" hidden>Recaptcha response</label>
+						</div>
+					</div>
+				</fieldset>
+			{/if}
+
 			{* altcha spam blocker *}
 			{if $altchaEnabled}
 				<fieldset class="altcha_wrapper">
@@ -48,7 +59,7 @@
 					</div>
 				</fieldset>
 			{/if}
-			
+
 			<div class="buttons">
 				<button class="submit" type="submit">
 					{translate key="user.login.resetPassword"}
