Rapi-Blog
view release on metacpan or search on metacpan
lib/Rapi/Blog.pm view on Meta::CPAN
@{$self->underlay_scaffolds},
$CommonUnderlay
]
}
sub _enforce_valid_recaptcha_config {
my $self = shift;
my $cfg = $self->recaptcha_config or return 1; # No config at all is valid
my @valid_keys = qw/public_key private_key verify_url strict_mode/;
my %keys = map {$_=>1} @valid_keys;
for my $k (keys %$cfg) {
$keys{$k} or die join('',
"Unknown recaptcha_config param '$k' - ",
"only valid params are: ",join(', ',@valid_keys)
)
}
die "Invalid recaptcha_config - both 'public_key' and 'private_key' params are required"
unless ($cfg->{public_key} && $cfg->{private_key});
if(exists $cfg->{strict_mode}) {
my $v = $cfg->{strict_mode};
my $disp = defined $v ? "'$v'" : 'undef';
die "Bad value $disp for 'strict_mode' in recaptcha_config - must be either 1 (true) or 0 (false)\n"
unless ("$v" eq '0' || "$v" eq '1')
}
}
lib/Rapi/Blog.pm view on Meta::CPAN
=head2 recaptcha_config
Optional HashRef config to enable Google reCAPTCHA v2 validation on supported forms. An account and API
key pair must be setup with Google first. This config supports the following params:
=head3 public_key
Required. The public, or "SITE KEY" provided by the Google reCAPTCHA settings, after being setup in the
Google reCAPTCHA system L<www.google.com/recaptcha/admin|http://www.google.com/recaptcha/admin>
=head3 private_key
Required. The private, or "SECRET KEY" provided by the Google reCAPTCHA settings, after being setup in the
Google reCAPTCHA system L<www.google.com/recaptcha/admin|http://www.google.com/recaptcha/admin>. Both the
C<public_key> and the C<private_key> are provided as a pair and both are required.
=head3 verify_url
Optional URL to use when performing the actual reCAPCTHA validation with Google. Defaults to
C<https://www.google.com/recaptcha/api/siteverify> which should probably never need to be changed.
=head3 strict_mode
Optional mode (turned off by default) which can be enabled to tighten the enforcement reCAPTCHA,
requiring it in all locations which is is setup on the server side, regardless of whether or not the
lib/Rapi/Blog/Util.pm view on Meta::CPAN
my $cfg = $c->ra_builder->recaptcha_config;
# When 'strict_mode' is active, we force recaptcha verification in all places it is supported
# (i.e. force ->opportunistic_recaptcha_verify to behave the same as ->recaptcha_verify)
# This prevents circumventing recaptcha validation by clients constructing their own POST request.
# The downside is that if front-side templates fail to properly enable the reCAPTCHA client side
# setup, the associated forms will always fail to submit because reCAPTCHA will always fail
return 1 if ($cfg->{strict_mode});
$cfg->{public_key}
&& $cfg->{private_key}
&& $c->req->method eq 'POST'
&& exists $c->req->params->{'g-recaptcha-response'}
}
# opportunistic_recaptcha_verify only runs, and possibly fails, if all the needed reCAPTCHA pieces
# are active. When 'strict_mode' is turned on, this method behaves the same as recaptcha_verify.
# See the POD for more information of 'strict_mode'
sub opportunistic_recaptcha_verify {
shift if ($_[0] && $_[0] eq __PACKAGE__);
my $c = shift || RapidApp->active_request_context or return 1;
lib/Rapi/Blog/Util.pm view on Meta::CPAN
sub recaptcha_verify {
shift if ($_[0] && $_[0] eq __PACKAGE__);
my $c = shift || RapidApp->active_request_context;
&recaptcha_active($c) or return 0;
my $cfg = $c->ra_builder->recaptcha_config;
my $packet = {
secret => $cfg->{private_key},
response => $c->req->params->{'g-recaptcha-response'},
#remoteip => $c->req->address
};
my $content_payload = join('&',map { join('=',$_,$packet->{$_}) } keys %$packet);
my $url = $cfg->{verify_url} || 'https://www.google.com/recaptcha/api/siteverify';
# for refernece, this is how to turn of certificate validation, which should not be needed
# as long as the remote endpoint is a Google system
#local $ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;
( run in 0.309 second using v1.01-cache-2.11-cpan-4d50c553e7e )