Support validation when value contains response #31
Conversation
If the user passes in the response value directly to isValid(), e.g. by taking the `g-recaptcha-response` value directly, then this should work! Fixes zendframework#30
akrabat
force-pushed
the
element-name-g-recaptcha-response
branch
from
0f669fd
to
6076a48
Compare
akrabat
force-pushed
the
element-name-g-recaptcha-response
branch
from
8a5e745
to
308b949
Compare
|
Note that we set the SSL Transport to TLS in the tests specifically because Travis uses PHP 5.6.5. From PHP 5.6.7, the Socket adapter uses TLS by default, but in 5.6.5, it uses SSLv3, which Google doesn't accept. |
| @@ -27,6 +27,10 @@ | |||
| <!-- Enable this if you have installed ZendService\ReCaptcha on the | |||
| include_path or via Composer. --> | |||
| <env name="TESTS_ZEND_CAPTCHA_RECAPTCHA_SUPPORT" value="false" /> | |||
| <!-- Change these if you want to use your own keys --> | |||
There was a problem hiding this comment.
Are these real values, or mocked up ones? If we're using real values, these should be encrypted in the travis-ci config, or else somebody else may abuse them (unless google has "test values")
There was a problem hiding this comment.
They are the official test ones. See https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha-v2-what-should-i-do
There was a problem hiding this comment.
Would then:
- add the link to the comment
- describe what they represent, since they are fake values
src/ReCaptcha.php
Outdated
| @@ -260,8 +260,11 @@ public function isValid($value, $context = null) | |||
| } | |||
|
|
|||
| $service = $this->getService(); | |||
| if (array_key_exists($value, $context)) { | |||
There was a problem hiding this comment.
Nothing guarantees that $value is a string or integer here.
src/ReCaptcha.php
Outdated
| @@ -260,8 +260,11 @@ public function isValid($value, $context = null) | |||
| } | |||
|
|
|||
| $service = $this->getService(); | |||
| if (array_key_exists($value, $context)) { | |||
| $value = $context[$value]; | |||
There was a problem hiding this comment.
Instead of overriding $value, do use an } else { and call $res = $service->verify(...) with a different parameters. This avoids having a semantic change in the meaning of $value
| public function testValidationForDifferentElementName() | ||
| { | ||
| $captcha = new ReCaptcha([ | ||
| 'site_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SITE_KEY'), |
There was a problem hiding this comment.
Should probably skip these tests if either of these variables are not defined (see comment above about committed secrets)
There was a problem hiding this comment.
setUp() has a guard for the 'TESTS_ZEND_CAPTCHA_RECAPTCHA_SUPPORT environment variable. Do we need a separate one for these keys?
I think no.
There was a problem hiding this comment.
Agreed with @akrabat , though I've noted a problem with the "skip" message in setUp().
| public function testValidationForResponseElementName() | ||
| { | ||
| $captcha = new ReCaptcha([ | ||
| 'site_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SITE_KEY'), |
There was a problem hiding this comment.
Should probably skip these tests if either of these variables are not defined (see comment above about committed secrets)
test/ReCaptchaTest.php
Outdated
| 'site_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SITE_KEY'), | ||
| 'secret_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SECRET_KEY'), | ||
| ]); | ||
| $captcha->getService()->setIp('127.0.0.1'); |
There was a problem hiding this comment.
Avoid repeating a getService() call
test/ReCaptchaTest.php
Outdated
| 'site_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SITE_KEY'), | ||
| 'secret_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SECRET_KEY'), | ||
| ]); | ||
| $captcha->getService()->setIp('127.0.0.1'); |
There was a problem hiding this comment.
Avoid repeating a getService() call
test/ReCaptchaTest.php
Outdated
| $captcha->getService()->setIp('127.0.0.1'); | ||
| $captcha->getService()->setHttpClient($this->getHttpClient()); | ||
|
|
||
| $response = getenv('TESTS_ZEND_SERVICE_RECAPTCHA_RESPONSE'); |
There was a problem hiding this comment.
Ah, so I assume the environment vars are actual mock values?
test/ReCaptchaTest.php
Outdated
| $this->assertTrue($captcha->isValid($value, $context)); | ||
| } | ||
|
|
||
| private function getHttpClient() |
There was a problem hiding this comment.
Return type in docblock, please
| $socket->setOptions([ | ||
| 'ssltransport' => 'tls', | ||
| ]); | ||
| return new HttpClient(null, [ |
There was a problem hiding this comment.
This indenting is not PSR-2 compliant
There was a problem hiding this comment.
Yes it is!
$ vendor/bin/phpcs test/ReCaptchaTest.php
.
Time: 101ms; Memory: 6Mb
There was a problem hiding this comment.
Definitely PSR-2 compliant; single argument spanning multiple lines. If both arguments were arrays, then you would need to start each on a new line, but because it's only one, can be done this way.
This avoids having a semantic change in the meaning of $value.
This makes sure that we can use it with array_key_exists.
|
Updated as per @Ocramius' comments. Travis passed: https://travis-ci.org/zendframework/zend-captcha/builds/204158887 |
There was a problem hiding this comment.
Looks good! The only concern I have is that the setUp() validation of the TESTS_ZEND_CAPTCHA_RECAPTCHA_SUPPORT constant emits a misleading message when the constant is missing. I realize that's from a previous commit somewhere, but might as well change it now, since these tests rely on it.
Once fixed, feel free to merge!
test/ReCaptchaTest.php
Outdated
| @@ -28,14 +30,6 @@ public function setUp() | |||
| if (! getenv('TESTS_ZEND_CAPTCHA_RECAPTCHA_SUPPORT')) { | |||
| $this->markTestSkipped('Enable TESTS_ZEND_CAPTCHA_RECAPTCHA_SUPPORT to test PDF render'); | |||
There was a problem hiding this comment.
I think this message needs to be different, as recaptcha has nothing to do with PDF...
| public function testValidationForDifferentElementName() | ||
| { | ||
| $captcha = new ReCaptcha([ | ||
| 'site_key' => getenv('TESTS_ZEND_SERVICE_RECAPTCHA_SITE_KEY'), |
There was a problem hiding this comment.
Agreed with @akrabat , though I've noted a problem with the "skip" message in setUp().
| $socket->setOptions([ | ||
| 'ssltransport' => 'tls', | ||
| ]); | ||
| return new HttpClient(null, [ |
There was a problem hiding this comment.
Definitely PSR-2 compliant; single argument spanning multiple lines. If both arguments were arrays, then you would need to start each on a new line, but because it's only one, can be done this way.
akrabat
force-pushed
the
element-name-g-recaptcha-response
branch
from
1286ce9
to
64346d0
Compare
If the user passes in the response value directly to isValid(), e.g. by taking the
g-recaptcha-responsevalue directly, then this should work!Fixes #30