Implement optional reCAPTCHA for login page

app/Http/Controllers/SetupController.php

@@ -104,6 +104,7 @@ public static function performSetup(Request $request) {
         }
 
         $polr_acct_creation_recaptcha = $request->input('setting:acct_registration_recaptcha');
+        $polr_acct_login_recaptcha = $request->input('setting:acct_login_recaptcha');
         $polr_recaptcha_site_key = $request->input('setting:recaptcha_site_key');
         $polr_recaptcha_secret_key = $request->input('setting:recaptcha_secret_key');
 
@@ -163,6 +164,7 @@ public static function performSetup(Request $request) {
             'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation,
             'POLR_ACCT_ACTIVATION' => $polr_acct_activation,
             'POLR_ACCT_CREATION_RECAPTCHA' => $polr_acct_creation_recaptcha,
+            'POLR_ACCT_LOGIN_RECAPTCHA' => $polr_acct_login_recaptcha,
             'ST_SHORTEN_PERMISSION' => $st_shorten_permission,
             'ST_INDEX_REDIRECT' => $st_index_redirect,
             'ST_REDIRECT_404' => $st_redirect_404,

app/Http/Controllers/UserController.php

@@ -38,6 +38,18 @@ public function performLogin(Request $request) {
         $username = $request->input('username');
         $password = $request->input('password');
 
+        if (env('POLR_LOGIN_RECAPTCHA')) {
+            // Verify reCAPTCHA if setting is enabled
+            $gRecaptchaResponse = $request->input('g-recaptcha-response');
+
+            $recaptcha = new \ReCaptcha\ReCaptcha(env('POLR_RECAPTCHA_SECRET_KEY'));
+            $recaptcha_resp = $recaptcha->verify($gRecaptchaResponse, $request->ip());
+
+            if (!$recaptcha_resp->isSuccess()) {
+                return redirect(route('login'))->with('error', 'You must complete the reCAPTCHA to login.');
+            }
+        }
+
         $credentials_valid = UserHelper::checkCredentials($username, $password);
 
         if ($credentials_valid != false) {

resources/views/env.blade.php

@@ -59,6 +59,11 @@
 # in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY
 POLR_ACCT_CREATION_RECAPTCHA={{$POLR_ACCT_CREATION_RECAPTCHA}}
 
+# Set to true to require reCAPTCHAs on login pages
+# If this setting is enabled, you must also provide your reCAPTCHA keys
+# in POLR_RECAPTCHA_SITE_KEY and POLR_RECAPTCHA_SECRET_KEY
+POLR_ACCT_LOGIN_RECAPTCHA={{$POLR_ACCT_LOGIN_RECAPTCHA}}
+
 # Set to true to require users to be logged in before shortening URLs
 SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}}
 

resources/views/login.blade.php

@@ -12,6 +12,11 @@
         <form action="login" method="POST">
             <input type="text" placeholder="username" name="username" class="form-control login-field" />
             <input type="password" placeholder="password" name="password" class="form-control login-field" />
+
+            @if (env('POLR_LOGIN_RECAPTCHA'))
+            <div class="g-recaptcha" data-sitekey="{{env('POLR_RECAPTCHA_SITE_KEY')}}"></div>
+            @endif
+
             <input type="hidden" name='_token' value='{{csrf_token()}}' />
             <input type="submit" value="Login" class="login-submit btn btn-success" />
 
@@ -29,3 +34,9 @@
     <div class="col-md-3"></div>
 </div
 @endsection
+
+@section('js')
+    @if (env('POLR_LOGIN_RECAPTCHA'))
+    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+    @endif
+@endsection

resources/views/setup.blade.php

@@ -226,6 +226,15 @@
                 <option value='true'>Require reCATPCHA for registration</option>
             </select>
 
+            <p>
+                Require reCAPTCHA for Login
+                <setup-tooltip content="You must provide your reCAPTCHA keys to use this feature."></setup-tooltip>
+            </p>
+            <select name='setting:acct_login_recaptcha' class='form-control'>
+                <option value='false'>Do not require reCAPTCHA for login</option>
+                <option value='true'>Require reCATPCHA for login</option>
+            </select>
+
             <p>
                 reCAPTCHA Configuration:
                 <setup-tooltip content="You must provide reCAPTCHA keys if you intend to use any reCAPTCHA-dependent features."></setup-tooltip>