Add/recaptcha v3 (#2773)

Co-authored-by: Fernando Jorge Mota <[email protected]> Co-authored-by: gikaragia <[email protected]>
Automattic · Mar 14, 2024 · 881c4f3 · 881c4f3
1 parent c6cefbf
commit 881c4f3
Show file tree

Hide file tree

Showing 6 changed files with 302 additions and 120 deletions.
diff --git a/includes/abstracts/abstract-wp-job-manager-form.php b/includes/abstracts/abstract-wp-job-manager-form.php
@@ -136,7 +136,7 @@ public function process() {
 	 * @param array $atts Attributes to use in the view handler.
 	 */
 	public function output( $atts = [] ) {
-		$this->enqueue_scripts();
+		WP_Job_Manager\WP_Job_Manager_Recaptcha::enqueue_scripts();
 		$step_key = $this->get_step_key( $this->step );
 		$this->show_errors();
 		$this->show_messages();
@@ -322,100 +322,8 @@ public function clear_fields() {
 	 * Enqueue the scripts for the form.
 	 */
 	public function enqueue_scripts() {
-		if ( $this->use_recaptcha_field() ) {
-			// phpcs:ignore WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion
-			wp_enqueue_script( 'recaptcha', 'https://www.google.com/recaptcha/api.js', [], false, false );
-		}
-	}
-
-	/**
-	 * Checks whether reCAPTCHA has been set up and is available.
-	 *
-	 * @return bool
-	 */
-	public function is_recaptcha_available() {
-		$site_key               = get_option( 'job_manager_recaptcha_site_key' );
-		$secret_key             = get_option( 'job_manager_recaptcha_secret_key' );
-		$is_recaptcha_available = ! empty( $site_key ) && ! empty( $secret_key );
-
-		/**
-		 * Filter whether reCAPTCHA should be available for this form.
-		 *
-		 * @since 1.30.0
-		 *
-		 * @param bool $is_recaptcha_available
-		 */
-		return apply_filters( 'job_manager_is_recaptcha_available', $is_recaptcha_available );
-	}
-
-	/**
-	 * Show reCAPTCHA field on the form.
-	 *
-	 * @return bool
-	 */
-	public function use_recaptcha_field() {
-		return false;
-	}
-
-	/**
-	 * Output the reCAPTCHA field.
-	 */
-	public function display_recaptcha_field() {
-		$field             = [];
-		$field['label']    = get_option( 'job_manager_recaptcha_label' );
-		$field['required'] = true;
-		$field['site_key'] = get_option( 'job_manager_recaptcha_site_key' );
-		get_job_manager_template(
-			'form-fields/recaptcha-field.php',
-			[
-				'key'   => 'recaptcha',
-				'field' => $field,
-			]
-		);
-	}
-
-	/**
-	 * Validate a reCAPTCHA field.
-	 *
-	 * @param bool $success
-	 *
-	 * @return bool|WP_Error
-	 */
-	public function validate_recaptcha_field( $success ) {
-		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce check happens earlier (when possible).
-		$input_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '';
-
-		$recaptcha_field_label = get_option( 'job_manager_recaptcha_label' );
-		if ( empty( $input_recaptcha_response ) ) {
-			// translators: Placeholder is for the label of the reCAPTCHA field.
-			return new WP_Error( 'validation-error', sprintf( esc_html__( '"%s" check failed. Please try again.', 'wp-job-manager' ), $recaptcha_field_label ) );
-		}
-
-		$default_remote_addr = isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '';
-		$response            = wp_remote_get(
-			add_query_arg(
-				[
-					'secret'   => get_option( 'job_manager_recaptcha_secret_key' ),
-					'response' => $input_recaptcha_response,
-					'remoteip' => isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) : $default_remote_addr,
-				],
-				'https://www.google.com/recaptcha/api/siteverify'
-			)
-		);
-
-		// translators: %s is the name of the form validation that failed.
-		$validation_error = new WP_Error( 'validation-error', sprintf( esc_html__( '"%s" check failed. Please try again.', 'wp-job-manager' ), $recaptcha_field_label ) );
-
-		if ( is_wp_error( $response ) || empty( $response['body'] ) ) {
-			return $validation_error;
-		}
-
-		$json = json_decode( $response['body'] );
-		if ( ! $json || ! $json->success ) {
-			return $validation_error;
-		}
-
-		return $success;
+		_deprecated_function( __METHOD__, '$$next-version$$', 'WP_Job_Manager\WP_Job_Manager_Form::enqueue_scripts' );
+		WP_Job_Manager\WP_Job_Manager_Recaptcha::enqueue_scripts();
 	}
 
 	/**

diff --git a/includes/admin/class-wp-job-manager-settings.php b/includes/admin/class-wp-job-manager-settings.php
@@ -455,24 +455,36 @@ protected function init_settings() {
 						],
 					],
 				],
-				'recaptcha'      => [
-					__( 'reCAPTCHA', 'wp-job-manager' ),
+				'captcha'        => [
+					__( 'CAPTCHA', 'wp-job-manager' ),
 					[
 						[
 							'name'        => 'job_manager_recaptcha_label',
 							'std'         => __( 'Are you human?', 'wp-job-manager' ),
 							'placeholder' => '',
 							'label'       => __( 'Field Label', 'wp-job-manager' ),
-							'desc'        => __( 'The label used for the reCAPTCHA field on forms.', 'wp-job-manager' ),
+							'desc'        => __( 'The label used for the CAPTCHA field on forms.', 'wp-job-manager' ),
 							'attributes'  => [],
 						],
+						[
+							'name'        => 'job_manager_recaptcha_version',
+							'std'         => 'v2',
+							'placeholder' => '',
+							'label'       => __( 'reCAPTCHA Version', 'wp-job-manager' ),
+							'desc'        => __( 'Choose between reCAPTCHA v2 or v3. Note: you will need API keys for the specific version you choose.', 'wp-job-manager' ),
+							'type'        => 'radio',
+							'options'     => [
+								'v2' => __( 'reCaptcha v2', 'wp-job-manager' ),
+								'v3' => __( 'reCaptcha v3', 'wp-job-manager' ),
+							],
+						],
 						[
 							'name'        => 'job_manager_recaptcha_site_key',
 							'std'         => '',
 							'placeholder' => '',
 							'label'       => __( 'Site Key', 'wp-job-manager' ),
 							// translators: Placeholder %s is URL to set up Google reCAPTCHA API key.
-							'desc'        => sprintf( __( 'You can retrieve your reCAPTCHA v2 "I\'m not a robot" Checkbox site key from <a href="%s">Google\'s reCAPTCHA admin dashboard</a>.', 'wp-job-manager' ), 'https://www.google.com/recaptcha/admin#list' ),
+							'desc'        => sprintf( __( 'You can retrieve your reCAPTCHA site key from <a href="%s">Google\'s reCAPTCHA admin dashboard</a>.', 'wp-job-manager' ), 'https://www.google.com/recaptcha/admin#list' ),
 							'attributes'  => [],
 						],
 						[
@@ -481,14 +493,14 @@ protected function init_settings() {
 							'placeholder' => '',
 							'label'       => __( 'Secret Key', 'wp-job-manager' ),
 							// translators: Placeholder %s is URL to set up Google reCAPTCHA API key.
-							'desc'        => sprintf( __( 'You can retrieve your reCAPTCHA v2 "I\'m not a robot" Checkbox secret key from <a href="%s">Google\'s reCAPTCHA admin dashboard</a>.', 'wp-job-manager' ), 'https://www.google.com/recaptcha/admin#list' ),
+							'desc'        => sprintf( __( 'You can retrieve your reCAPTCHA secret key from <a href="%s">Google\'s reCAPTCHA admin dashboard</a>.', 'wp-job-manager' ), 'https://www.google.com/recaptcha/admin#list' ),
 							'attributes'  => [],
 						],
 						[
 							'name'       => 'job_manager_enable_recaptcha_job_submission',
 							'std'        => '0',
 							'label'      => __( 'Job Submission Form', 'wp-job-manager' ),
-							'cb_label'   => __( 'Display a reCAPTCHA field on job submission form.', 'wp-job-manager' ),
+							'cb_label'   => __( 'Display a CAPTCHA field on job submission form.', 'wp-job-manager' ),
 							'desc'       => sprintf( __( 'This will help prevent bots from submitting job listings. You must have entered a valid site key and secret key above.', 'wp-job-manager' ), 'https://www.google.com/recaptcha/admin#list' ),
 							'type'       => 'checkbox',
 							'attributes' => [],