1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
|
23 | |
|
24 | |
|
25 | |
|
26 | |
|
27 | |
|
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
|
33 | |
|
34 | |
package fr.paris.lutece.plugins.captcha.modules.recaptcha.service; |
35 | |
|
36 | |
import fr.paris.lutece.portal.service.datastore.DatastoreService; |
37 | |
import fr.paris.lutece.portal.service.plugin.PluginService; |
38 | |
import fr.paris.lutece.portal.service.util.AppLogService; |
39 | |
import fr.paris.lutece.util.httpaccess.HttpAccess; |
40 | |
|
41 | |
import org.apache.commons.lang.StringUtils; |
42 | |
|
43 | |
import java.io.IOException; |
44 | |
import java.io.StringReader; |
45 | |
|
46 | |
import java.util.Map; |
47 | |
import java.util.concurrent.ConcurrentHashMap; |
48 | |
|
49 | |
import javax.json.Json; |
50 | |
import javax.json.JsonObject; |
51 | |
import javax.json.JsonReader; |
52 | |
|
53 | |
import javax.servlet.http.HttpServletRequest; |
54 | |
|
55 | |
|
56 | |
public class ReCaptchaService implements IReCaptchaService |
57 | |
{ |
58 | |
private static boolean _bActive; |
59 | |
private static final String PARAM_SECRET = "secret"; |
60 | |
private static final String PARAM_RESPONSE = "response"; |
61 | |
private static final String PARAM_SUCCESS = "success"; |
62 | |
private static final String PARAM_REMOTEIP = "remoteip"; |
63 | |
private static final String PARAM_RECAPTCHA_RESPONSE = "g-recaptcha-response"; |
64 | |
private static final String DSKEY_SITE_KEY = "module.captcha.recaptcha.site_property.siteKey"; |
65 | |
private static final String DSKEY_SECRET_KEY = "module.captcha.recaptcha.site_property.sercretKey"; |
66 | |
private static final String DSKEY_URL_VERIFY = "module.captcha.recaptcha.site_property.urlVerify"; |
67 | |
|
68 | |
|
69 | |
|
70 | |
|
71 | |
|
72 | |
|
73 | |
|
74 | |
public ReCaptchaService( ) |
75 | 0 | { |
76 | 0 | _bActive = PluginService.isPluginEnable( "recaptcha" ); |
77 | 0 | } |
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
@Override |
83 | |
public String getHtmlCode( ) |
84 | |
{ |
85 | 0 | String strKeySite = DatastoreService.getDataValue( DSKEY_SITE_KEY, "" ); |
86 | |
|
87 | 0 | if ( isActive( ) && StringUtils.isNotBlank( strKeySite ) ) |
88 | |
{ |
89 | 0 | return "<div class=\"g-recaptcha\" data-sitekey=\"" + strKeySite + "\"></div>"; |
90 | |
} |
91 | |
else |
92 | |
{ |
93 | 0 | return StringUtils.EMPTY; |
94 | |
} |
95 | |
} |
96 | |
|
97 | |
|
98 | |
|
99 | |
|
100 | |
@Override |
101 | |
public boolean validate( HttpServletRequest request ) |
102 | |
{ |
103 | 0 | String gRecaptchaResponse = request.getParameter( PARAM_RECAPTCHA_RESPONSE ); |
104 | 0 | AppLogService.info( gRecaptchaResponse ); |
105 | |
|
106 | 0 | boolean verify = false; |
107 | |
|
108 | |
try |
109 | |
{ |
110 | 0 | verify = verify( gRecaptchaResponse, request ); |
111 | |
} |
112 | 0 | catch ( IOException e ) |
113 | |
{ |
114 | 0 | AppLogService.error( e.getMessage( ) ); |
115 | 0 | } |
116 | |
|
117 | 0 | if ( isActive( ) && verify ) |
118 | |
{ |
119 | 0 | return true; |
120 | |
} |
121 | |
else |
122 | |
{ |
123 | 0 | return false; |
124 | |
} |
125 | |
} |
126 | |
|
127 | |
private boolean verify( String gRecaptchaResponse, HttpServletRequest request ) |
128 | |
throws IOException |
129 | |
{ |
130 | 0 | String strSecretKey = DatastoreService.getDataValue( DSKEY_SECRET_KEY, "" ); |
131 | 0 | String strUrl = DatastoreService.getDataValue( DSKEY_URL_VERIFY, |
132 | |
"https://www.google.com/recaptcha/api/siteverify" ); |
133 | |
|
134 | 0 | if ( ( gRecaptchaResponse == null ) || "".equals( gRecaptchaResponse ) || "".equals( strSecretKey ) || |
135 | 0 | "".equals( strUrl ) ) |
136 | |
{ |
137 | 0 | AppLogService.error( "Vérifier les paramètres du sites (clé du site, clé secrete, url recaptcha" ); |
138 | |
|
139 | 0 | return false; |
140 | |
} |
141 | |
|
142 | |
try |
143 | |
{ |
144 | 0 | HttpAccess httpAccess = new HttpAccess( ); |
145 | 0 | Map<String, String> mapParameters = new ConcurrentHashMap<String, String>( ); |
146 | |
|
147 | 0 | mapParameters.put( PARAM_SECRET, strSecretKey ); |
148 | 0 | mapParameters.put( PARAM_RESPONSE, gRecaptchaResponse ); |
149 | 0 | mapParameters.put( PARAM_REMOTEIP, request.getRemoteAddr( ) ); |
150 | |
|
151 | 0 | String strJson = httpAccess.doPost( strUrl, mapParameters ); |
152 | |
|
153 | 0 | JsonReader jsonReader = Json.createReader( new StringReader( strJson ) ); |
154 | 0 | JsonObject jsonObject = jsonReader.readObject( ); |
155 | 0 | jsonReader.close( ); |
156 | |
|
157 | 0 | return jsonObject.getBoolean( PARAM_SUCCESS ); |
158 | |
} |
159 | 0 | catch ( Exception e ) |
160 | |
{ |
161 | 0 | AppLogService.error( e.getMessage( ) ); |
162 | |
|
163 | 0 | return false; |
164 | |
} |
165 | |
} |
166 | |
|
167 | |
|
168 | |
|
169 | |
|
170 | |
@Override |
171 | |
public boolean isActive( ) |
172 | |
{ |
173 | 0 | return _bActive; |
174 | |
} |
175 | |
|
176 | |
|
177 | |
|
178 | |
|
179 | |
@Override |
180 | |
public void setActive( boolean isActive ) |
181 | |
{ |
182 | 0 | _bActive = isActive; |
183 | 0 | } |
184 | |
} |