-
Notifications
You must be signed in to change notification settings - Fork 3
/
Manager.php
135 lines (119 loc) · 4.21 KB
/
Manager.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?php
/**
* This code is licensed under AGPLv3 license or Afterlogic Software License
* if commercial version of the product was purchased.
* For full statements of the licenses see LICENSE-AFTERLOGIC and LICENSE-AGPL3 files.
*/
namespace Aurora\Modules\RecaptchaWebclientPlugin;
/**
* @license https://www.gnu.org/licenses/agpl-3.0.html AGPL-3.0
* @license https://afterlogic.com/products/common-licensing Afterlogic Software License
* @copyright Copyright (c) 2023, Afterlogic Corp.
*
* @ignore
*
* @property Module $oModule
*/
class Manager extends \Aurora\System\Managers\AbstractManager
{
protected $recaptchaToken = null;
protected $allowRecaptchaCheckOnLogin = true;
/**
* @param \Aurora\System\Module\AbstractModule $oModule
*/
public function __construct(\Aurora\System\Module\AbstractModule $oModule = null)
{
parent::__construct($oModule);
}
public function isRecaptchaEnabledForIP()
{
return !in_array(\Aurora\System\Utils::getClientIp(), $this->oModule->oModuleSettings->WhitelistIPs);
}
public function memorizeRecaptchaWebclientPluginToken($aArgs)
{
if (isset($aArgs['RecaptchaWebclientPluginToken']) && !empty($aArgs['RecaptchaWebclientPluginToken'])) {
$this->recaptchaToken = $aArgs['RecaptchaWebclientPluginToken'];
}
}
public function disableRecaptchaCheckOnLogin()
{
$this->allowRecaptchaCheckOnLogin = false;
}
public function needToCheckRecaptchaOnLogin()
{
if (!$this->allowRecaptchaCheckOnLogin) {
return false;
}
if (!$this->isRecaptchaEnabledForIP()) {
return false;
}
$authErrorCount = isset($_COOKIE['auth-error']) ? (int) $_COOKIE['auth-error'] : 0;
// If the user has exceeded the number of authentication attempts
if ($authErrorCount >= $this->oModule->oModuleSettings->LimitCount) {
return true;
}
return false;
}
public function checkIfRecaptchaError()
{
if ($this->recaptchaToken === null) {
\Aurora\System\Api::Log('RECAPTCHA error: no token');
return [
'Error' => [
'Code' => Enums\ErrorCodes::RecaptchaVerificationError,
'ModuleName' => $this->oModule->GetName(),
'Override' => true
]
];
}
$privateKey = $this->oModule->oModuleSettings->PrivateKey;
$recaptcha = new \ReCaptcha\ReCaptcha($privateKey, $this->getRequestMethod());
$response = $recaptcha->verify($this->recaptchaToken);
if (!$response->isSuccess()) {
\Aurora\System\Api::Log('RECAPTCHA error: ' . implode(', ', $response->getErrorCodes()));
return [
'Error' => [
'Code' => Enums\ErrorCodes::RecaptchaUnknownError,
'ModuleName' => $this->oModule->GetName(),
'Override' => true
]
];
}
return false;
}
public function clearAuthErrorCount()
{
//If the user is authenticated, reset the counter for unsuccessful attempts.
if (isset($_COOKIE['auth-error'])) {
\Aurora\System\Api::setCookie(
'auth-error',
0,
\strtotime('+1 hour'),
false
);
}
}
public function incrementAuthErrorCount()
{
$iAuthErrorCount = isset($_COOKIE['auth-error']) ? ((int) $_COOKIE['auth-error'] + 1) : 1;
\Aurora\System\Api::setCookie(
'auth-error',
$iAuthErrorCount,
\strtotime('+1 hour'),
false
);
}
private function getRequestMethod()
{
$sRequestMethod = $this->oModule->oModuleSettings->RequestMethod;
switch ($sRequestMethod) {
case Enums\RequestMethods::CurlPost:
return new \ReCaptcha\RequestMethod\CurlPost();
case Enums\RequestMethods::Post:
return new \ReCaptcha\RequestMethod\Post();
case Enums\RequestMethods::SocketPost:
default:
return new \ReCaptcha\RequestMethod\SocketPost();
}
}
}