Merge pull request #6388 from magento-cia/cia-2.4.2-11242020

[cia] MC-38032: Captcha Improvement

Author: admanesachin

app/code/Magento/Captcha/view/adminhtml/templates/default.phtml

@@ -9,8 +9,10 @@
 /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
 
 $captcha = $block->getCaptchaModel();
+/** @var bool $validationEnabled */
+$validationEnabled = $block->hasData('frontend_validation') ? $block->getData('frontend_validation') : true;
 ?>
-<div class="admin__field _required">
+<div class="admin__field<?php if ($validationEnabled): ?> _required<?php endif; ?>">
     <label for="captcha" class="admin__field-label">
         <span><?= $block->escapeHtml(__('Please enter the letters and numbers from the image')) ?></span>
     </label>
@@ -21,7 +23,7 @@ $captcha = $block->getCaptchaModel();
             type="text"
             name="<?= $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE)
             ?>[<?= $block->escapeHtml($block->getFormId()) ?>]"
-            data-validate="{required:true}"/>
+            <?php if ($validationEnabled): ?>data-validate="{required:true}"<?php endif; ?>/>
         <?php if ($captcha->isCaseSensitive()):?>
             <div class="admin__field-note">
                 <span><?= $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong'])

app/code/Magento/Captcha/view/frontend/templates/default.phtml

@@ -8,27 +8,46 @@
 
 /** @var \Magento\Captcha\Model\DefaultModel $captcha */
 $captcha = $block->getCaptchaModel();
+/** @var bool $validationEnabled */
+$validationEnabled = $block->hasData('frontend_validation') ? $block->getData('frontend_validation') : true;
+$inputName = $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE);
+$loaderUrl = $block->escapeUrl($block->getViewFileUrl('images/loader-2.gif'));
+$note = $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']);
 ?>
-<div class="field captcha required" role="<?= $block->escapeHtmlAttr($block->getFormId()) ?>">
-    <label for="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" class="label"><span><?= $block->escapeHtml(__('Please type the letters and numbers below')) ?></span></label>
+<div class="field captcha<?php if ($validationEnabled): ?> required<?php endif; ?>"
+     role="<?= $block->escapeHtmlAttr($block->getFormId()) ?>">
+    <label for="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" class="label">
+        <span><?= $block->escapeHtml(__('Please type the letters and numbers below')) ?></span>
+    </label>
     <div class="control captcha">
-        <input name="<?= $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE) ?>[<?= $block->escapeHtmlAttr($block->getFormId()) ?>]" type="text" class="input-text required-entry" data-validate="{required:true}" id="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" autocomplete="off"/>
+        <input
+            name="<?= /* @noEscape */ $inputName ?>[<?= $block->escapeHtmlAttr($block->getFormId()) ?>]"
+            type="text"
+            class="input-text<?php if ($validationEnabled): ?> required-entry<?php endif; ?>"
+            <?php if ($validationEnabled): ?>data-validate="{required:true}"<?php endif; ?>
+            id="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
+            autocomplete="off"/>
         <div class="nested">
             <div class="field captcha no-label"
                  data-captcha="<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
                  id="captcha-container-<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
                  data-mage-init='{"captcha":{"url": "<?= $block->escapeUrl($block->getRefreshUrl()) ?>",
-                                            "imageLoader": "<?= $block->escapeUrl($block->getViewFileUrl('images/loader-2.gif')) ?>",
+                                            "imageLoader": "<?= /* @noEscape */ $loaderUrl ?>",
                                              "type": "<?= $block->escapeHtmlAttr($block->getFormId()) ?>"}}'>
                 <div class="control captcha-image">
-                    <img alt="<?= $block->escapeHtmlAttr(__('Please type the letters and numbers below')) ?>" class="captcha-img" height="<?= /* @noEscape */ (float) $block->getImgHeight() ?>" src="<?= $block->escapeUrl($captcha->getImgSrc()) ?>"/>
-                    <button type="button" class="action reload captcha-reload" title="<?= $block->escapeHtmlAttr(__('Reload captcha')) ?>"><span><?= $block->escapeHtml(__('Reload captcha')) ?></span></button>
+                    <img alt="<?= $block->escapeHtmlAttr(__('Please type the letters and numbers below')) ?>"
+                         class="captcha-img"
+                         height="<?= /* @noEscape */ (float) $block->getImgHeight() ?>"
+                         src="<?= $block->escapeUrl($captcha->getImgSrc()) ?>"/>
+                    <button type="button"
+                            class="action reload captcha-reload"
+                            title="<?= $block->escapeHtmlAttr(__('Reload captcha')) ?>">
+                        <span><?= $block->escapeHtml(__('Reload captcha')) ?></span>
+                    </button>
                 </div>
             </div>
-            <?php if ($captcha->isCaseSensitive()) :?>
-                <div class="captcha-note note">
-                    <?= $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?>
-                </div>
+            <?php if ($captcha->isCaseSensitive()):?>
+                <div class="captcha-note note"><?= /* @noEscape */ $note ?></div>
             <?php endif; ?>
         </div>
     </div>

app/code/Magento/Checkout/Api/Exception/PaymentProcessingRateLimitExceededException.php

@@ -11,7 +11,7 @@
 use Magento\Framework\Exception\LocalizedException;
 
 /**
- * Thrown when too many payment processing requests have been initiated by a user.
+ * Thrown when too many payment processing/saving requests have been initiated by a user.
  */
 class PaymentProcessingRateLimitExceededException extends LocalizedException
 {

app/code/Magento/Checkout/Api/PaymentSavingRateLimiterInterface.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Checkout\Api;
+
+use Magento\Checkout\Api\Exception\PaymentProcessingRateLimitExceededException;
+
+/**
+ * Limits number of times a user can store payment method info.
+ */
+interface PaymentSavingRateLimiterInterface
+{
+    /**
+     * Limit an attempt.
+     *
+     * @return void
+     * @throws PaymentProcessingRateLimitExceededException
+     */
+    public function limit(): void;
+}

app/code/Magento/Checkout/Model/CaptchaPaymentProcessingRateLimiter.php

@@ -12,42 +12,23 @@
 use Magento\Checkout\Api\Exception\PaymentProcessingRateLimitExceededException;
 use Magento\Checkout\Api\PaymentProcessingRateLimiterInterface;
 use Magento\Customer\Api\CustomerRepositoryInterface;
-use Magento\Captcha\Model\DefaultModel as Captcha;
 use Magento\Captcha\Helper\Data as CaptchaHelper;
 use Magento\Captcha\Observer\CaptchaStringResolver as CaptchaResolver;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\LocalizedException;
 
 /**
- * Utilize CAPTCHA as a rate-limiting mechanism.
+ * Utilize CAPTCHA to limit payment processing requests.
  */
 class CaptchaPaymentProcessingRateLimiter implements PaymentProcessingRateLimiterInterface
 {
     public const CAPTCHA_FORM = 'payment_processing_request';
 
     /**
-     * @var UserContextInterface
+     * @var CaptchaRateLimiter
      */
-    private $userContext;
-
-    /**
-     * @var CustomerRepositoryInterface
-     */
-    private $customerRepo;
-
-    /**
-     * @var CaptchaHelper
-     */
-    private $captchaHelper;
-
-    /**
-     * @var RequestInterface
-     */
-    private $request;
-
-    /**
-     * @var CaptchaResolver
-     */
-    private $captchaResolver;
+    private $limiter;
 
     /**
      * CaptchaPaymentProcessingRateLimiter constructor.
@@ -57,67 +38,36 @@ class CaptchaPaymentProcessingRateLimiter implements PaymentProcessingRateLimite
      * @param CaptchaHelper $captchaHelper
      * @param RequestInterface $request
      * @param CaptchaResolver $captchaResolver
+     * @param CaptchaRateLimiterFactory|null $limiterFactory
      */
     public function __construct(
         UserContextInterface $userContext,
         CustomerRepositoryInterface $customerRepo,
         CaptchaHelper $captchaHelper,
         RequestInterface $request,
-        CaptchaResolver $captchaResolver
+        CaptchaResolver $captchaResolver,
+        ?CaptchaRateLimiterFactory $limiterFactory
     ) {
-        $this->userContext = $userContext;
-        $this->customerRepo = $customerRepo;
-        $this->captchaHelper = $captchaHelper;
-        $this->request = $request;
-        $this->captchaResolver = $captchaResolver;
+        $limiterFactory = $limiterFactory ?? ObjectManager::getInstance()->get(CaptchaRateLimiterFactory::class);
+        $this->limiter = $limiterFactory->create([
+            'userContext' => $userContext,
+            'customerRepo' => $customerRepo,
+            'captchaHelper' => $captchaHelper,
+            'captchaResolver' => $captchaResolver,
+            'request' => $request,
+            'captchaId' => self::CAPTCHA_FORM
+        ]);
     }
 
     /**
      * @inheritDoc
      */
     public function limit(): void
     {
-        if ($this->userContext->getUserType() !== UserContextInterface::USER_TYPE_GUEST
-            && $this->userContext->getUserType() !== UserContextInterface::USER_TYPE_CUSTOMER
-            && $this->userContext->getUserType() !== null
-        ) {
-            return;
+        try {
+            $this->limiter->limit();
+        } catch (LocalizedException $exception) {
+            throw new PaymentProcessingRateLimitExceededException(__($exception->getMessage()), $exception);
         }
-
-        $login = $this->retrieveLogin();
-        /** @var Captcha $captcha */
-        $captcha = $this->captchaHelper->getCaptcha(self::CAPTCHA_FORM);
-        /** @var PaymentProcessingRateLimitExceededException|null $exception */
-        $exception = null;
-        if ($captcha->isRequired($login)) {
-            $value = $this->captchaResolver->resolve($this->request, self::CAPTCHA_FORM);
-            if ($value && !$captcha->isCorrect($value)) {
-                $exception = new PaymentProcessingRateLimitExceededException(__('Incorrect CAPTCHA'));
-            } elseif (!$value) {
-                $exception = new PaymentProcessingRateLimitExceededException(
-                    __('Please provide CAPTCHA code and try again')
-                );
-            }
-        }
-
-        $captcha->logAttempt($login);
-        if ($exception) {
-            throw $exception;
-        }
-    }
-
-    /**
-     * Retrieve current user login.
-     *
-     * @return string|null
-     */
-    private function retrieveLogin(): ?string
-    {
-        $login = null;
-        if ($this->userContext->getUserId()) {
-            $login = $this->customerRepo->getById($this->userContext->getUserId())->getEmail();
-        }
-
-        return $login;
     }
 }

app/code/Magento/Checkout/Model/CaptchaPaymentSavingRateLimiter.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Checkout\Model;
+
+use Magento\Checkout\Api\Exception\PaymentProcessingRateLimitExceededException;
+use Magento\Checkout\Api\PaymentSavingRateLimiterInterface;
+use Magento\Framework\Exception\LocalizedException;
+
+/**
+ * Utilize CAPTCHA to limit save payment requests.
+ */
+class CaptchaPaymentSavingRateLimiter implements PaymentSavingRateLimiterInterface
+{
+    public const CAPTCHA_FORM = 'payment_saving_request';
+
+    /**
+     * @var CaptchaRateLimiter
+     */
+    private $limiter;
+
+    /**
+     * CaptchaPaymentProcessingRateLimiter constructor.
+     *
+     * @param CaptchaRateLimiterFactory $limiterFactory
+     */
+    public function __construct(
+        CaptchaRateLimiterFactory $limiterFactory
+    ) {
+        $this->limiter = $limiterFactory->create(['captchaId' => self::CAPTCHA_FORM]);
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function limit(): void
+    {
+        try {
+            $this->limiter->limit();
+        } catch (LocalizedException $exception) {
+            throw new PaymentProcessingRateLimitExceededException(
+                __(
+                    'Could not store billing/shipping information at the moment'
+                    .' but you can proceed with the checkout'
+                ),
+                $exception
+            );
+        }
+    }
+}