wso2-extensions · kaveeshadilshani · Jul 25, 2021 · Aug 5, 2021 · Sep 23, 2021 · Sep 23, 2021
diff --git a/...ty.captcha/src/main/java/org/wso2/carbon/identity/captcha/connector/CaptchaConnector.java b/...ty.captcha/src/main/java/org/wso2/carbon/identity/captcha/connector/CaptchaConnector.java
@@ -18,6 +18,7 @@
 
 package org.wso2.carbon.identity.captcha.connector;
 
+import org.wso2.carbon.identity.captcha.connector.provider.CaptchaProvider;
 import org.wso2.carbon.identity.captcha.exception.CaptchaException;
 import org.wso2.carbon.identity.governance.IdentityGovernanceService;
 
@@ -35,11 +36,29 @@ public interface CaptchaConnector {
 
     boolean canHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException;
 
+    @Deprecated
     CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws
             CaptchaException;
 
-    boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException;
+    default CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaProvider captchaProvider) throws
+            CaptchaException {
+        return null;
+    }
 
+    @Deprecated
     CaptchaPostValidationResponse postValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws
             CaptchaException;
+
+    default CaptchaPostValidationResponse postValidate(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaProvider captchaProvider) throws
+            CaptchaException{
+        return null;
+    }
+
+    @Deprecated
+    boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException;
+
+    default boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaProvider captchaProvider) throws CaptchaException{
+        return false;
+    }
+
 }
diff --git a/...ha/src/main/java/org/wso2/carbon/identity/captcha/connector/provider/CaptchaProvider.java b/...ha/src/main/java/org/wso2/carbon/identity/captcha/connector/provider/CaptchaProvider.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *  WSO2 Inc. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.captcha.connector.provider;
+
+import org.wso2.carbon.identity.captcha.exception.CaptchaException;
+import org.wso2.carbon.identity.captcha.util.CaptchaConfigs;
+import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * Captcha Provider interface.
+ */
+public interface CaptchaProvider {
+
+    String getName();
+
+    int getPriority();
+
+    CaptchaConfigs getCaptchaProperties();
+
+    void setCaptchaParamsForPreValidation(ServletRequest servletRequest, ServletResponse servletResponse,
+                                          CaptchaConstants.Flow flow) throws CaptchaException;
+
+    void setCaptchaParamsForPostValidation(ServletRequest servletRequest, ServletResponse servletResponse,
+                                          CaptchaConstants.Flow flow) throws CaptchaException;
+
+    boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException;
+
+    void addPostValidationData(ServletRequest servletRequest);
+}
diff --git a/...a/src/main/java/org/wso2/carbon/identity/captcha/connector/provider/HCaptchaProvider.java b/...a/src/main/java/org/wso2/carbon/identity/captcha/connector/provider/HCaptchaProvider.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *  WSO2 Inc. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.captcha.connector.provider;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.wso2.carbon.identity.captcha.exception.CaptchaClientException;
+import org.wso2.carbon.identity.captcha.exception.CaptchaException;
+import org.wso2.carbon.identity.captcha.exception.CaptchaServerException;
+import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
+import org.wso2.carbon.identity.captcha.util.CaptchaConfigs;
+import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
+import org.wso2.carbon.identity.captcha.util.CaptchaUtil;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * HCaptchaProvider
+ */
+public class HCaptchaProvider implements CaptchaProvider{
+
+    @Override
+    public String getName() {
+
+        return "HCaptcha";
+    }
+
+    @Override
+    public int getPriority() {
+
+        return 0;
+    }
+
+    @Override
+    public CaptchaConfigs getCaptchaProperties() {
+
+        for (CaptchaConfigs captchaConfigs: CaptchaDataHolder.getInstance().getCaptchaConfigs()){
+            if (this.getName().equals(captchaConfigs.getCaptchaProviderName())){
+                return captchaConfigs;
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public void setCaptchaParamsForPreValidation(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaConstants.Flow flow) throws CaptchaException {
+
+    }
+
+    @Override
+    public void setCaptchaParamsForPostValidation(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaConstants.Flow flow) throws CaptchaException {
+
+    }
+
+    @Override
+    public boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
+
+        String HCaptchaResponse = ((HttpServletRequest) servletRequest).getHeader("h-captcha-response");
+        if (StringUtils.isBlank(HCaptchaResponse)) {
+            throw new CaptchaClientException("reCaptcha response is not available in the request.");
+        }
+
+        CloseableHttpClient httpclient = HttpClientBuilder.create().useSystemProperties().build();
+        HttpPost httppost = new HttpPost(getCaptchaProperties().getCaptchaProperties().get("VerifyUrl").toString());
+
+
+        List<BasicNameValuePair> params = Arrays.asList(new BasicNameValuePair("secret", getCaptchaProperties()
+                .getCaptchaProperties().get("SecretKey").toString()), new BasicNameValuePair("response", HCaptchaResponse));
+        httppost.setEntity(new UrlEncodedFormEntity(params, StandardCharsets.UTF_8));
+
+        HttpResponse response;
+        try {
+            response = httpclient.execute(httppost);
+        } catch (IOException e) {
+            throw new CaptchaServerException("Unable to get the verification response.", e);
+        }
+
+        HttpEntity entity = response.getEntity();
+        if (entity == null) {
+            throw new CaptchaServerException("reCaptcha verification response is not received.");
+        }
+
+        try {
+            try (InputStream in = entity.getContent()) {
+                JsonObject verificationResponse = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject();
+                if (verificationResponse == null || verificationResponse.get("success") == null ||
+                        !verificationResponse.get("success").getAsBoolean()) {
+                    throw new CaptchaClientException("Captcha verification failed. Please try again.");
+                }
+            }
+        } catch (IOException e) {
+            throw new CaptchaServerException("Unable to read the verification response.", e);
+        }
+
+        return true;
+    }
+
+    @Override
+    public void addPostValidationData(ServletRequest servletRequest) {
+
+    }
+}
diff --git a/.../src/main/java/org/wso2/carbon/identity/captcha/connector/provider/ReCaptchaProvider.java b/.../src/main/java/org/wso2/carbon/identity/captcha/connector/provider/ReCaptchaProvider.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *  WSO2 Inc. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.captcha.connector.provider;
+
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.identity.captcha.exception.CaptchaClientException;
+import org.wso2.carbon.identity.captcha.exception.CaptchaException;
+import org.wso2.carbon.identity.captcha.internal.CaptchaDataHolder;
+import org.wso2.carbon.identity.captcha.util.CaptchaConfigs;
+import org.wso2.carbon.identity.captcha.util.CaptchaConstants;
+import org.wso2.carbon.identity.captcha.util.CaptchaUtil;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * RecaptchaProvider
+ */
+public class ReCaptchaProvider implements CaptchaProvider{
+
+    @Override
+    public String getName() {
+
+        return "Recaptcha";
+    }
+
+    @Override
+    public int getPriority() {
+
+        return 0;
+    }
+
+    @Override
+    public CaptchaConfigs getCaptchaProperties() {
+
+        for (CaptchaConfigs captchaConfigs: CaptchaDataHolder.getInstance().getCaptchaConfigs()){
+            if (this.getName().equals(captchaConfigs.getCaptchaProviderName())){
+                return captchaConfigs;
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public void setCaptchaParamsForPreValidation(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaConstants.Flow flow) throws CaptchaException {
+        HttpServletResponse httpServletResponse = ((HttpServletResponse) servletResponse);
+        switch (flow){
+            case SELF_SIGNUP_FLOW:
+            case PASSWORD_RECOVERY_FLOW:
+                httpServletResponse.setHeader("reCaptchaKey", (String) getCaptchaProperties().getCaptchaProperties().get("SiteKey"));
+                httpServletResponse.setHeader("reCaptchaAPI", (String) getCaptchaProperties().getCaptchaProperties().get("API"));
+                break;
+        }
+
+    }
+
+    @Override
+    public void setCaptchaParamsForPostValidation(ServletRequest servletRequest, ServletResponse servletResponse, CaptchaConstants.Flow flow) throws CaptchaException {
+
+    }
+
+    @Override
+    public boolean verifyCaptcha(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
+
+        String reCaptchaResponse = ((HttpServletRequest) servletRequest).getHeader("g-recaptcha-response");
+        if (StringUtils.isBlank(reCaptchaResponse)) {
+            throw new CaptchaClientException("reCaptcha response is not available in the request.");
+        }
+
+        return CaptchaUtil.isValidCaptcha(reCaptchaResponse);
+    }
+
+    @Override
+    public void addPostValidationData(ServletRequest servletRequest) {
+
+    }
+}