Changes based on comments in recaptcha enterprise

wso2-extensions · Sep 11, 2023 · fd3ae49 · fd3ae49
1 parent bdadd5c
commit fd3ae49
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 69 deletions.
diff --git a/.../src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java b/.../src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java
@@ -20,7 +20,6 @@
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.http.HttpEntity;
@@ -90,34 +89,22 @@ public Response verifyCaptcha(ReCaptchaResponseTokenDTO reCaptchaResponse, Strin
         HttpEntity entity = response.getEntity();
         ReCaptchaVerificationResponseDTO reCaptchaVerificationResponseDTO = new ReCaptchaVerificationResponseDTO();
 
-        if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
-            // For ReCaptcha Enterprise.
+
             if (entity == null) {
-                RecoveryUtil.handleBadRequest("ReCaptcha Enterprise verification response is not received.",
+                RecoveryUtil.handleBadRequest("ReCaptcha verification response is not received.",
                         Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT);
             }
-            try {
-                try (InputStream in = entity.getContent()) {
-                    JsonObject verificationResponse = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject();
+            try (InputStream in = entity.getContent()) {
+                JsonObject verificationResponse = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject();
+
+                if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
+                    // For Recaptcha Enterprise
                     JsonObject tokenProperties = verificationResponse.get(CaptchaConstants.CAPTCHA_TOKEN_PROPERTIES)
                             .getAsJsonObject();
                     boolean success = tokenProperties.get(CaptchaConstants.CAPTCHA_VALID).getAsBoolean();
                     reCaptchaVerificationResponseDTO.setSuccess(success);
-                }
-            } catch (IOException e) {
-                log.error("Unable to read the verification response.", e);
-                RecoveryUtil.handleBadRequest("Unable to read the verification response.",
-                        Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT);
-            }
-        } else {
-            // For ReCaptcha v2 and v3.
-            try {
-                if (entity == null) {
-                    RecoveryUtil.handleBadRequest("ReCaptcha verification response is not received.",
-                            Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT);
-                }
-                try (InputStream in = entity.getContent()) {
-                    JsonObject verificationResponse = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject();
+                } else {
+                    // For ReCaptcha v2 and v3.
                     reCaptchaVerificationResponseDTO.setSuccess(verificationResponse.get(
                             CaptchaConstants.CAPTCHA_SUCCESS).getAsBoolean());
                 }
@@ -126,7 +113,6 @@ public Response verifyCaptcha(ReCaptchaResponseTokenDTO reCaptchaResponse, Strin
                 RecoveryUtil.handleBadRequest("Unable to read the verification response.",
                         Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT);
             }
-        }
 
         return Response.ok(reCaptchaVerificationResponseDTO).build();
     }

diff --git a/...y.api.user.recovery/src/test/resources/repository/conf/identity/captcha-config.properties b/...y.api.user.recovery/src/test/resources/repository/conf/identity/captcha-config.properties
@@ -21,9 +21,6 @@
 # Enable Google reCAPTCHA
 recaptcha.enabled=true
 
-# Google reCAPTCHA type
-recaptcha.type=default
-
 # reCaptcha API URL
 recaptcha.api.url=https://www.google.com/recaptcha/api.js
 

diff --git a/...dentity.captcha/src/main/java/org/wso2/carbon/identity/captcha/util/CaptchaConstants.java b/...dentity.captcha/src/main/java/org/wso2/carbon/identity/captcha/util/CaptchaConstants.java
@@ -76,7 +76,7 @@ public class CaptchaConstants {
     public static final String CAPTCHA_TOKEN_PROPERTIES = "tokenProperties";
     public static final String CAPTCHA_RISK_ANALYSIS = "riskAnalysis";
     // Captcha Types.
-    public static final String RE_CAPTCHA_TYPE_ENTERPRISE = "enterprise";
+    public static final String RE_CAPTCHA_TYPE_ENTERPRISE = "recaptcha-enterprise";
 
     // Default value for threshold for score in reCAPTCHA v3.
     public static final double CAPTCHA_V3_DEFAULT_THRESHOLD = 0.5;

diff --git a/...bon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/util/CaptchaUtil.java b/...bon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/util/CaptchaUtil.java
@@ -272,6 +272,46 @@ public static Map<String, String> getClaimValues(User user, int tenantId,
         return claimValues;
     }
 
+    public static boolean isValidCaptcha(String reCaptchaResponse) throws CaptchaException {
+
+        CloseableHttpClient httpclient = HttpClientBuilder.create().useSystemProperties().build();
+        String reCaptchaType = CaptchaDataHolder.getInstance().getReCaptchaType();
+
+        HttpPost httpPost;
+
+        // If the reCaptcha type is defined and, it is enterprise, the enterprise process will be done. Otherwise,
+        // the reCaptcha v2/v3 process will be done.
+        if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
+            // For ReCaptcha Enterprise.
+            httpPost = createReCaptchaEnterpriseVerificationHttpPost(reCaptchaResponse);
+        } else {
+            // For ReCaptcha v2 and v3.
+            httpPost = createReCaptchaVerificationHttpPost(reCaptchaResponse);
+        }
+
+        HttpResponse response;
+        try {
+            response = httpclient.execute(httpPost);
+        } catch (IOException e) {
+            throw new CaptchaServerException("Unable to get the verification response.", e);
+        }
+
+        HttpEntity entity = response.getEntity();
+        if (entity == null) {
+            throw new CaptchaServerException("reCaptcha verification response is not received.");
+        }
+
+        if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
+            // For ReCaptcha Enterprise.
+            verifyReCaptchaEnterpriseResponse(entity);
+        } else {
+            // For Recaptcha v2 and v3.
+            verifyReCaptchaResponse(entity);
+        }
+
+        return true;
+    }
+
     private static HttpPost createReCaptchaEnterpriseVerificationHttpPost(String reCaptchaResponse) {
 
         HttpPost httpPost;
@@ -394,46 +434,6 @@ private static void verifyReCaptchaResponse(HttpEntity entity)
         }
     }
 
-    public static boolean isValidCaptcha(String reCaptchaResponse) throws CaptchaException {
-
-        CloseableHttpClient httpclient = HttpClientBuilder.create().useSystemProperties().build();
-        String reCaptchaType = CaptchaDataHolder.getInstance().getReCaptchaType();
-
-        HttpPost httpPost;
-
-        // If the reCaptcha type is defined and, it is enterprise, the enterprise process will be done. Otherwise,
-        // the reCaptcha v2/v3 process will be done.
-        if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
-            // For ReCaptcha Enterprise.
-            httpPost = createReCaptchaEnterpriseVerificationHttpPost(reCaptchaResponse);
-        } else {
-            // For ReCaptcha v2 and v3.
-            httpPost = createReCaptchaVerificationHttpPost(reCaptchaResponse);
-        }
-
-        HttpResponse response;
-        try {
-            response = httpclient.execute(httpPost);
-        } catch (IOException e) {
-            throw new CaptchaServerException("Unable to get the verification response.", e);
-        }
-
-        HttpEntity entity = response.getEntity();
-        if (entity == null) {
-            throw new CaptchaServerException("reCaptcha verification response is not received.");
-        }
-
-        if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) {
-            // For ReCaptcha Enterprise.
-            verifyReCaptchaEnterpriseResponse(entity);
-        } else {
-            // For Recaptcha v2 and v3.
-            verifyReCaptchaResponse(entity);
-        }
-
-        return true;
-    }
-
     public static boolean isMaximumFailedLoginAttemptsReached(String usernameWithDomain, String tenantDomain) throws
             CaptchaException {
 

diff --git a/...identity.captcha/src/test/java/org/wso2/carbon/identity/captcha/util/CaptchaUtilTest.java b/...identity.captcha/src/test/java/org/wso2/carbon/identity/captcha/util/CaptchaUtilTest.java
@@ -22,7 +22,6 @@
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
 import org.testng.Assert;
-import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
@@ -32,7 +31,8 @@
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
-import static org.testng.Assert.*;
+
+import static org.testng.Assert.assertThrows;
 
 /**
  * Unit tests for CaptchaUtil.java