Sultan
/
invoiceninja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add in turnstile to protect client register routes

This commit is contained in:
David Bomba 2024-11-27 16:10:04 +11:00
parent 823cf89938
commit a3a3f6a1d2
5 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Http/Controllers/Auth/ContactRegisterController.php
View File

@ -44,7 +44,16 @@ class ContactRegisterController extends Controller
$t = app('translator');
$t->replace(Ninja::transformTranslations($company->settings));
return render('auth.register', ['register_company' => $company, 'account' => $company->account, 'submitsForm' => false]);
$domain_name = request()->getHost();
$show_turnstile = false;
if (config('ninja.cloudflare.turnstile.site_key') && strpos($domain_name, config('ninja.app_domain')) !== false) {
$show_turnstile = true;
}
return render('auth.register', ['register_company' => $company, 'account' => $company->account, 'submitsForm' => false, 'show_turnstile' => $show_turnstile]);
}
public function register(RegisterRequest $request)

2
app/Http/Requests/ClientPortal/RegisterRequest.php
View File

@ -59,6 +59,8 @@ class RegisterRequest extends FormRequest
$rules['terms'] = ['required'];
}
$rules['cf-turnstile-response'] = ['sometimes', new \App\Http\ValidationRules\Turnstile\Turnstile];
return $rules;
}

26
app/Http/ValidationRules/Turnstile/Turnstile.php
View File

@ -1,40 +1,32 @@
<?php
namespace App\Http\ValidationRules;
namespace App\Http\ValidationRules\Turnstile;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Support\Facades\Http;
class Turnstile implements ValidationRule
{
/**
* Run the validation rule.
*
* @param \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString $fail
*/
public function validate(string $attribute, mixed $value, Closure $fail): void
{
$response = Http::asForm()->post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
'secret' => config('ninja.cloudflare.turnstile.secret'),
'response' => $value,
'remoteip' => request()->ip(),
]);
]);
$data = $response->json();
if ($response->failed()) {
if($data['success']){
$fail("Captcha failed");
}
else {
$fail("Captcha failed");
}
}
}
public function message()
{
return 'The verification failed. Please try again.';
}
}

2
resources/views/portal/ninja2020/auth/register.blade.php
View File

@ -150,7 +150,7 @@
</span>
</span>
@if(config('ninja.cloudflare.turnstile.site_key'))
@if($show_turnstile)
<div class="col-span-12 flex justify-center mt-4">
<div class="cf-turnstile" data-sitekey="{{ config('ninja.cloudflare.turnstile.site_key') }}"></div>
@error('cf-turnstile-response')

4
routes/client.php
View File

@ -23,8 +23,8 @@ Route::get('client', [ContactLoginController::class, 'showLoginForm'])->name('cl
Route::get('client/login/{company_key?}', [ContactLoginController::class, 'showLoginForm'])->name('client.login')->middleware(['domain_db', 'contact_account','locale', 'throttle:portal']);
Route::post('client/login/{company_key?}', [ContactLoginController::class, 'login'])->name('client.login.submit');
Route::get('client/register/{company_key?}', [ContactRegisterController::class, 'showRegisterForm'])->name('client.register')->middleware(['domain_db', 'contact_account', 'contact_register','locale']);
Route::post('client/register/{company_key?}', [ContactRegisterController::class, 'register'])->middleware(['domain_db', 'contact_account', 'contact_register', 'locale', 'throttle:portal']);
Route::get('client/register/{company_key?}', [ContactRegisterController::class, 'showRegisterForm'])->name('client.register')->middleware(['domain_db', 'contact_account', 'contact_register','locale'])->middleware('throttle:5,1');
Route::post('client/register/{company_key?}', [ContactRegisterController::class, 'register'])->middleware(['domain_db', 'contact_account', 'contact_register', 'locale', ])->middleware('throttle:5,1');
Route::get('client/password/reset', [ContactForgotPasswordController::class, 'showLinkRequestForm'])->name('client.password.request')->middleware(['domain_db', 'contact_account','locale', 'throttle:portal']);
Route::post('client/password/email', [ContactForgotPasswordController::class, 'sendResetLinkEmail'])->name('client.password.email')->middleware(['locale', 'throttle:portal']);