Skip to content

Commit

Permalink
Merge pull request #768 from Lakshan-Banneheke/recaptcha-warn
Browse files Browse the repository at this point in the history
Add warn logs for recaptcha v3 and recaptcha enterprise
  • Loading branch information
Buddhimah authored Oct 9, 2023
2 parents 94534eb + f9c7f75 commit eb0867a
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ public class CaptchaDataHolder {
// Threshold for score in reCAPTCHA v3.
private double reCaptchaScoreThreshold;

// Threshold for score for warn logs in reCAPTCHA v3.
private double reCaptchaWarnScoreThreshold;

private IdentityGovernanceService identityGovernanceService;

private RealmService realmService;
Expand Down Expand Up @@ -168,6 +171,16 @@ public void setReCaptchaScoreThreshold(double reCaptchaScoreThreshold) {
this.reCaptchaScoreThreshold = reCaptchaScoreThreshold;
}

public double getReCaptchaWarnScoreThreshold() {

return reCaptchaWarnScoreThreshold;
}

public void setReCaptchaWarnScoreThreshold(double reCaptchaWarnScoreThreshold) {

this.reCaptchaWarnScoreThreshold = reCaptchaWarnScoreThreshold;
}

public String getReCaptchaErrorRedirectUrls() {
return reCaptchaErrorRedirectUrls;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ public class CaptchaConstants {

public static final String RE_CAPTCHA_SCORE_THRESHOLD = "recaptcha.threshold";

public static final String RE_CAPTCHA_WARN_SCORE_THRESHOLD = "recaptcha.threshold.warn";

public static final String BASIC_AUTHENTICATOR = "BasicAuthenticator";

public static final String BASIC_AUTH_MECHANISM = "basic";
Expand All @@ -81,6 +83,9 @@ public class CaptchaConstants {
// Default value for threshold for score in reCAPTCHA v3.
public static final double CAPTCHA_V3_DEFAULT_THRESHOLD = 0.5;

// Default value for threshold for score to issue warn logs in reCAPTCHA v3.
public static final double CAPTCHA_V3_DEFAULT_WARN_THRESHOLD = 0.7;

public static final String SSO_LOGIN_RECAPTCHA_CONNECTOR_NAME = "sso.login.recaptcha";

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,7 @@ private static void verifyReCaptchaEnterpriseResponse(HttpEntity entity)
throws CaptchaServerException, CaptchaClientException {

final double scoreThreshold = CaptchaDataHolder.getInstance().getReCaptchaScoreThreshold();
final double warnScoreThreshold = CaptchaDataHolder.getInstance().getReCaptchaWarnScoreThreshold();

try {
try (InputStream in = entity.getContent()) {
Expand Down Expand Up @@ -380,6 +381,8 @@ private static void verifyReCaptchaEnterpriseResponse(HttpEntity entity)
}
if (score < scoreThreshold) {
throw new CaptchaClientException("reCaptcha score is less than the threshold.");
} else if (score < warnScoreThreshold) {
log.warn("User access with low reCaptcha score.");
}
}
}
Expand All @@ -394,6 +397,7 @@ private static void verifyReCaptchaResponse(HttpEntity entity)
throws CaptchaServerException, CaptchaClientException {

final double scoreThreshold = CaptchaDataHolder.getInstance().getReCaptchaScoreThreshold();
final double warnScoreThreshold = CaptchaDataHolder.getInstance().getReCaptchaWarnScoreThreshold();

try {
try (InputStream in = entity.getContent()) {
Expand All @@ -418,6 +422,8 @@ private static void verifyReCaptchaResponse(HttpEntity entity)
}
if (score < scoreThreshold) {
throw new CaptchaClientException("reCaptcha score is less than the threshold.");
} else if (score < warnScoreThreshold) {
log.warn("reCaptcha score is below warn threshold.");
}
} else {
if (log.isDebugEnabled()) {
Expand Down Expand Up @@ -616,6 +622,9 @@ private static void setReCaptchaConfigs(Properties properties) {
throw new RuntimeException(getValidationErrorMessage(CaptchaConstants.RE_CAPTCHA_SCORE_THRESHOLD));
}

double reCaptchaWarnScoreThreshold = getReCaptchaWarnThreshold(properties);
CaptchaDataHolder.getInstance().setReCaptchaWarnScoreThreshold(reCaptchaWarnScoreThreshold);

String forcefullyEnableRecaptchaForAllTenants =
properties.getProperty(CaptchaConstants.FORCEFULLY_ENABLED_RECAPTCHA_FOR_ALL_TENANTS);
CaptchaDataHolder.getInstance().setForcefullyEnabledRecaptchaForAllTenants(
Expand All @@ -642,6 +651,31 @@ private static double getReCaptchaThreshold(Properties properties) throws Number
return Double.parseDouble(threshold);
}

/**
* Method to get the warn threshold value used by reCAPTCHA v3.
*
* @param properties Properties.
* @return Warn threshold value set by the user or the default warn threshold.
* @throws java.lang.NumberFormatException Error while parsing the threshold value into double.
*/
private static double getReCaptchaWarnThreshold(Properties properties) throws NumberFormatException {

String warnThreshold = properties.getProperty(CaptchaConstants.RE_CAPTCHA_WARN_SCORE_THRESHOLD);
if (StringUtils.isBlank(warnThreshold)) {
if (log.isDebugEnabled()) {
log.debug("Error parsing recaptcha.threshold.warn from config in WebsiteConfig.properties. Hence using the default value : " +
CaptchaConstants.CAPTCHA_V3_DEFAULT_WARN_THRESHOLD);
}
return CaptchaConstants.CAPTCHA_V3_DEFAULT_WARN_THRESHOLD;
}
try {
return Double.parseDouble(warnThreshold);
} catch (NumberFormatException e) {
log.warn("NumberFormatException for ReCaptcha warn score threshold. Using default value.");
return CaptchaConstants.CAPTCHA_V3_DEFAULT_WARN_THRESHOLD;
}
}

private static void setSSOLoginConnectorConfigs(Properties properties) {

Map<String, String> connectorPropertyMap = new HashMap<>();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,8 @@ recaptcha.request.wrap.urls={{recaptcha.request_wrap_urls}}
# recaptcha v3 score threshold
recaptcha.threshold={{recaptcha.threshold}}

# recaptcha enterprise score threshold to issue warn logs
recaptcha.threshold.warn={{recaptcha.threshold_warn}}

# reCaptcha API key for enterprise recaptcha
recaptcha.api.key={{recaptcha.api_key}}

0 comments on commit eb0867a

Please sign in to comment.