Merge "Add hCaptcha"

README.md

@@ -22,6 +22,7 @@ in a stylized way
 questions defined by the administrator(s)
 * ReCaptchaNoCaptcha - users have to solve different types of visually or
 audially tasks.
+* hCaptcha - users have to solve visual tasks
 
 ### License
 

hCaptcha/extension.json

@@ -0,0 +1,37 @@
+{
+	"name": "hCaptcha",
+	"author": [
+		"Sam Reed",
+		"..."
+	],
+	"url": "https://www.mediawiki.org/wiki/Extension:ConfirmEdit",
+	"descriptionmsg": "hcaptcha-desc",
+	"license-name": "GPL-2.0-or-later",
+	"type": "antispam",
+	"MessagesDirs": {
+		"hNoCaptcha": [
+			"i18n"
+		]
+	},
+	"AutoloadNamespaces": {
+		"MediaWiki\\Extensions\\ConfirmEdit\\hCaptcha\\": "includes/"
+	},
+	"config": {
+		"CaptchaClass": {
+			"value": "MediaWiki\\Extensions\\ConfirmEdit\\hCaptcha\\HCaptcha"
+		},
+		"HCaptchaSiteKey": {
+			"description": "Sitekey from hCaptcha (requires creating an account)",
+			"value": ""
+		},
+		"HCaptchaSecretKey": {
+			"description": "Secret key from hCaptcha (requires creating an account)",
+			"value": ""
+		},
+		"HCaptchaSendRemoteIP": {
+			"description": "Whether to send the client's IP address to hCaptcha",
+			"value": false
+		}
+	},
+	"manifest_version": 2
+}

hCaptcha/i18n/en.json

@@ -0,0 +1,13 @@
+{
+	"@metadata": {
+		"authors": []
+	},
+	"hcaptcha-desc": "[https://www.hcaptcha.com/ hCaptcha] module for Confirm Edit",
+	"hcaptcha-edit": "To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:",
+	"hcaptcha-addurl": "Your edit includes new external links. To protect the wiki against automated spam, we kindly ask you to solve the following CAPTCHA:",
+	"hcaptcha-badlogin": "To protect the wiki against automated password cracking, we kindly ask you to solve the following hCaptcha:",
+	"hcaptcha-createaccount": "To protect the wiki against automated account creation, we kindly ask you to solve the following hCaptcha:",
+	"hcaptcha-createaccount-fail": "It seems you haven't solved the hCaptcha.",
+	"hcaptcha-create": "To protect the wiki against automated page creation, we kindly ask you to solve the following hCaptcha:",
+	"hcaptcha-help": "Please solve a hCaptcha challenge and return the response value as captchaWord."
+}

hCaptcha/i18n/qqq.json

@@ -0,0 +1,13 @@
+{
+	"@metadata": {
+		"authors": []
+	},
+	"hcaptcha-desc": "{{Optional}}\n{{desc}}",
+	"hcaptcha-edit": "Message above the CAPTCHA for edit action.\n{{related|ConfirmEdit-edit}}",
+	"hcaptcha-addurl": "Message above the CAPTCHA for addurl (user added new external links to the page) action.\n{{related|ConfirmEdit-addurl}}",
+	"hcaptcha-badlogin": "Message above the CAPTCHA for badlogin action.\n{{related|ConfirmEdit-badlogin}}",
+	"hcaptcha-createaccount": "Message above the CAPTCHA for createaccount (user creates a new account) action.\n{{related|ConfirmEdit-createaccount}}",
+	"hcaptcha-createaccount-fail": "Error message, when the CAPTCHA isn't solved correctly.\n{{related|ConfirmEdit-createaccount-fail}}",
+	"hcaptcha-create": "Message above the CAPTCHA for create (user creates a new page) action.\n{{related|ConfirmEdit-create}}",
+	"hcaptcha-help": "Explanation of how to solve the CAPTCHA for API clients."
+}

hCaptcha/includes/HCaptcha.php

@@ -0,0 +1,231 @@
+<?php
+
+namespace MediaWiki\Extensions\ConfirmEdit\hCaptcha;
+
+use ApiBase;
+use CaptchaAuthenticationRequest;
+use ConfirmEditHooks;
+use FormatJson;
+use Html;
+use MediaWiki\Auth\AuthenticationRequest;
+use Message;
+use MWHttpRequest;
+use RawMessage;
+use SimpleCaptcha;
+use Status;
+use WebRequest;
+
+class HCaptcha extends SimpleCaptcha {
+	// used for hcaptcha-edit, hcaptcha-addurl, hcaptcha-badlogin, hcaptcha-createaccount,
+	// hcaptcha-create, hcaptcha-sendemail via getMessage()
+	protected static $messagePrefix = 'hcaptcha-';
+
+	private $error;
+
+	/**
+	 * Get the captcha form.
+	 * @param int $tabIndex
+	 * @return array
+	 */
+	public function getFormInformation( $tabIndex = 1 ) {
+		global $wgHCaptchaSiteKey;
+
+		$output = Html::element( 'div', [
+			'class' => [
+				'h-captcha',
+				'mw-confirmedit-captcha-fail' => (bool)$this->error,
+			],
+			'data-sitekey' => $wgHCaptchaSiteKey
+		] );
+
+		return [
+			'html' => $output,
+			'headitems' => [
+				"<script src=\"https://hcaptcha.com/1/api.js\" async defer></script>"
+			]
+		];
+	}
+
+	/**
+	 * @param Status|array|string $info
+	 */
+	protected function logCheckError( $info ) {
+		if ( $info instanceof Status ) {
+			$errors = $info->getErrorsArray();
+			$error = $errors[0][0];
+		} elseif ( is_array( $info ) ) {
+			$error = implode( ',', $info );
+		} else {
+			$error = $info;
+		}
+
+		\wfDebugLog( 'captcha', 'Unable to validate response: ' . $error );
+	}
+
+	/**
+	 * @param WebRequest $request
+	 * @return array
+	 */
+	protected function getCaptchaParamsFromRequest( WebRequest $request ) {
+		$response = $request->getVal( 'h-captcha-response' );
+		return [ '', $response ];
+	}
+
+	/**
+	 * Check, if the user solved the captcha.
+	 *
+	 * Based on reference implementation:
+	 * https://github.com/google/recaptcha#php and https://docs.hcaptcha.com/
+	 *
+	 * @param mixed $_ Not used
+	 * @param string $token token from the POST data
+	 * @return bool
+	 */
+	protected function passCaptcha( $_, $token ) {
+		global $wgRequest, $wgHCaptchaSecretKey, $wgHCaptchaSendRemoteIP;
+
+		$url = 'https://hcaptcha.com/siteverify';
+		$data = [
+			'secret' => $wgHCaptchaSecretKey,
+			'response' => $token,
+		];
+		if ( $wgHCaptchaSendRemoteIP ) {
+			$data['remoteip'] = $wgRequest->getIP();
+		}
+		$request = MWHttpRequest::factory(
+			$url,
+			[
+				'method' => 'POST',
+				'postData' => $data,
+			]
+		);
+		$status = $request->execute();
+		if ( !$status->isOK() ) {
+			$this->error = 'http';
+			$this->logCheckError( $status );
+			return false;
+		}
+		$response = FormatJson::decode( $request->getContent(), true );
+		if ( !$response ) {
+			$this->error = 'json';
+			$this->logCheckError( $this->error );
+			return false;
+		}
+		if ( isset( $response['error-codes'] ) ) {
+			$this->error = 'hcaptcha-api';
+			$this->logCheckError( $response['error-codes'] );
+			return false;
+		}
+
+		return $response['success'];
+	}
+
+	/**
+	 * @param array &$resultArr
+	 */
+	protected function addCaptchaAPI( &$resultArr ) {
+	}
+
+	/**
+	 * @return array
+	 */
+	public function describeCaptchaType() {
+		global $wgHCaptchaSiteKey;
+		return [
+			'type' => 'hcaptcha',
+			'mime' => 'application/javascript',
+			'key' => $wgHCaptchaSiteKey,
+		];
+	}
+
+	/**
+	 * Show a message asking the user to enter a captcha on edit
+	 * The result will be treated as wiki text
+	 *
+	 * @param string $action Action being performed
+	 * @return Message
+	 */
+	public function getMessage( $action ) {
+		$msg = parent::getMessage( $action );
+		if ( $this->error ) {
+			$msg = new RawMessage( '<div class="error">$1</div>', [ $msg ] );
+		}
+		return $msg;
+	}
+
+	/**
+	 * @param ApiBase $module
+	 * @param array &$params
+	 * @param int $flags
+	 * @return bool
+	 */
+	public function apiGetAllowedParams( ApiBase $module, &$params, $flags ) {
+		return true;
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function getError() {
+		return $this->error;
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function storeCaptcha( $info ) {
+		return 'not used';
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function retrieveCaptcha( $index ) {
+		// just pretend it worked
+		return [ 'index' => $index ];
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function getCaptcha() {
+		return [];
+	}
+
+	/**
+	 * @return HCaptchaAuthenticationRequest
+	 */
+	public function createAuthenticationRequest() {
+		return new HCaptchaAuthenticationRequest();
+	}
+
+	/**
+	 * @param array $requests
+	 * @param array $fieldInfo
+	 * @param array &$formDescriptor
+	 * @param string $action
+	 */
+	public function onAuthChangeFormFields(
+		array $requests, array $fieldInfo, array &$formDescriptor, $action
+	) {
+		global $wgHCaptchaSiteKey;
+
+		$req = AuthenticationRequest::getRequestByClass(
+			$requests,
+			CaptchaAuthenticationRequest::class,
+			true
+		);
+		if ( !$req ) {
+			return;
+		}
+
+		// ugly way to retrieve error information
+		$captcha = ConfirmEditHooks::getInstance();
+
+		$formDescriptor['captchaWord'] = [
+			'class' => HTMLHCaptchaField::class,
+			'key' => $wgHCaptchaSiteKey,
+			'error' => $captcha->getError(),
+		] + $formDescriptor['captchaWord'];
+	}
+}

hCaptcha/includes/HCaptchaAuthenticationRequest.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace MediaWiki\Extensions\ConfirmEdit\hCaptcha;
+
+use CaptchaAuthenticationRequest;
+use MediaWiki\Auth\AuthenticationRequest;
+
+class HCaptchaAuthenticationRequest extends CaptchaAuthenticationRequest {
+	public function __construct() {
+		parent::__construct( '', [] );
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function loadFromSubmission( array $data ) {
+		// unhack the hack in parent
+		return AuthenticationRequest::loadFromSubmission( $data );
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function getFieldInfo() {
+		$fieldInfo = parent::getFieldInfo();
+
+		return [
+			'captchaWord' => [
+				'type' => 'string',
+				'label' => $fieldInfo['captchaInfo']['label'],
+				'help' => \wfMessage( 'hcaptcha-help' ),
+			],
+		];
+	}
+}

hCaptcha/includes/HTMLHCaptchaField.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace MediaWiki\Extensions\ConfirmEdit\hCaptcha;
+
+use Html;
+use HTMLFormField;
+
+class HTMLHCaptchaField extends HTMLFormField {
+	/** @var string Public key parameter to be passed to hCaptcha. */
+	protected $key;
+
+	/** @var string Error returned by hCaptcha in the previous round. */
+	protected $error;
+
+	/**
+	 * Parameters:
+	 * - key: (string, required) Public key
+	 * - error: (string) Error from previous round
+	 * @param array $params
+	 */
+	public function __construct( array $params ) {
+		$params += [ 'error' => null ];
+		parent::__construct( $params );
+
+		$this->key = $params['key'];
+		$this->error = $params['error'];
+
+		$this->mName = 'h-captcha-response';
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function getInputHTML( $value ) {
+		$out = $this->mParent->getOutput();
+
+		$out->addHeadItem(
+			'h-captcha',
+			"<script src=\"https://hcaptcha.com/1/api.js\" async defer></script>"
+		);
+		return Html::element( 'div', [
+			'class' => [
+				'h-captcha',
+				'mw-confirmedit-captcha-fail' => (bool)$this->error,
+			],
+			'data-sitekey' => $this->key,
+		] );
+	}
+}