OXDEV-9243 Allow Honeypot CAPTCHA to be enabled independently

Author: TitaKoleva

src/Captcha/Captcha/HoneyPot/Exception/CaptchaValidateException.php

@@ -9,8 +9,8 @@
 
 namespace OxidEsales\SecurityModule\Captcha\Captcha\HoneyPot\Exception;
 
-use OxidEsales\Eshop\Core\Exception\StandardException;
+use OxidEsales\Eshop\Core\Exception\InputException;
 
-class CaptchaValidateException extends StandardException
+class CaptchaValidateException extends InputException
 {
 }

src/Captcha/Captcha/HoneyPot/Service/HoneyPotCaptchaService.php

@@ -10,6 +10,7 @@
 namespace OxidEsales\SecurityModule\Captcha\Captcha\HoneyPot\Service;
 
 use OxidEsales\Eshop\Core\Request;
+use OxidEsales\SecurityModule\Captcha\Captcha\HoneyPot\Exception\CaptchaValidateException;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
 use Psr\Log\LoggerInterface;
 
@@ -43,7 +44,8 @@ public function validate(Request $request): void
         }
 
         if (strlen($value) > 1) {
-            $this->logger->debug('FORM_VALIDATION_FAILED');
+            $this->logger->debug('HONEYPOT_VALIDATION_FAILED');
+            throw new CaptchaValidateException('FORM_VALIDATION_FAILED');
         }
     }
 

src/Captcha/Form/ContactFormCaptchaValidator.php

@@ -38,7 +38,7 @@ public function __construct(
      */
     public function isValid(FormInterface $form)
     {
-        if (!$this->settingsService->isCaptchaEnabled()) {
+        if (!$this->settingsService->isCaptchaEnabled() && !$this->settingsService->isHoneyPotCaptchaEnabled()) {
             return true;
         }
 

src/Captcha/Shop/NewsletterController.php

@@ -9,8 +9,8 @@
 
 namespace OxidEsales\SecurityModule\Captcha\Shop;
 
+use OxidEsales\Eshop\Core\Exception\StandardException;
 use OxidEsales\Eshop\Core\Registry;
-use OxidEsales\SecurityModule\Captcha\Captcha\Image\Exception\CaptchaValidateException;
 use OxidEsales\SecurityModule\Captcha\Service\CaptchaServiceInterface;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
 
@@ -19,7 +19,7 @@ class NewsletterController extends NewsletterController_parent
     public function send(): ?bool
     {
         $settingsService = $this->getService(ModuleSettingsServiceInterface::class);
-        if (!$settingsService->isCaptchaEnabled()) {
+        if (!$settingsService->isCaptchaEnabled() && !$settingsService->isHoneyPotCaptchaEnabled()) {
             return parent::send();
         }
 
@@ -29,7 +29,7 @@ public function send(): ?bool
             $captchaService->validate(
                 Registry::getRequest()
             );
-        } catch (CaptchaValidateException $e) {
+        } catch (StandardException $e) {
             Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
             return false;
         }

src/Shared/Model/User.php

@@ -12,7 +12,8 @@
 use OxidEsales\Eshop\Core\Exception\InputException;
 use OxidEsales\Eshop\Core\Exception\UserException;
 use OxidEsales\Eshop\Core\Registry;
-use OxidEsales\SecurityModule\Captcha\Captcha\Image\Exception\CaptchaValidateException;
+use OxidEsales\SecurityModule\Captcha\Captcha\Image\Exception\CaptchaValidateException as ImageCaptchaException;
+use OxidEsales\SecurityModule\Captcha\Captcha\HoneyPot\Exception\CaptchaValidateException as HoneyPotCaptchaException;
 use OxidEsales\SecurityModule\Captcha\Service\CaptchaServiceInterface;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
 use OxidEsales\SecurityModule\Shared\Core\InputValidator;
@@ -28,7 +29,7 @@ class User extends User_parent
     public function checkValues($sLogin, $sPassword, $sPassword2, $aInvAddress, $aDelAddress): void
     {
         $settingsService = $this->getService(ModuleSettingsServiceInterface::class);
-        if ($settingsService->isCaptchaEnabled()) {
+        if ($settingsService->isCaptchaEnabled() || $settingsService->isHoneyPotCaptchaEnabled()) {
             /** @var InputValidator $oInputValidator */
             $oInputValidator = Registry::getInputValidator();
             $captchaService = $this->getService(CaptchaServiceInterface::class);
@@ -37,14 +38,16 @@ public function checkValues($sLogin, $sPassword, $sPassword2, $aInvAddress, $aDe
                 $captchaService->validate(
                     Registry::getRequest()
                 );
-            } catch (CaptchaValidateException $e) {
+            } catch (ImageCaptchaException $e) {
                 $oInputValidator->addValidationError(
                     "captcha",
                     oxNew(
                         InputException::class,
                         Registry::getLang()->translateString($e->getMessage())
                     )
                 );
+            } catch (HoneyPotCaptchaException $e) {
+                throw $e;
             }
         }
 
@@ -68,7 +71,7 @@ public function login($userName, $password, $setSessionCookie = false): bool
                 $captchaService->validate(
                     Registry::getRequest()
                 );
-            } catch (CaptchaValidateException $e) {
+            } catch (ImageCaptchaException $e) {
                 throw oxNew(UserException::class, $e->getMessage());
             }
         }

tests/Codeception/Acceptance/BaseCest.php

@@ -21,6 +21,11 @@ protected function getExistingUserData()
         return Fixtures::get('existingUser');
     }
 
+    protected function getNewUserData()
+    {
+        return Fixtures::get('newUser');
+    }
+
     protected function setPasswordState(bool $state)
     {
         ContainerFacade::get(PasswordSettingsServiceInterface::class)->saveIsPasswordPolicyEnabled($state);

tests/Codeception/Acceptance/HoneyPotCaptchaCest.php

@@ -0,0 +1,81 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Tests\Codeception\Acceptance;
+
+use Codeception\Util\Fixtures;
+use OxidEsales\Codeception\Module\Translation\Translator;
+use OxidEsales\Codeception\Page\DataObject\ContactData;
+use OxidEsales\SecurityModule\Tests\Codeception\Support\AcceptanceTester;
+
+/**
+ * @group oe_security_module
+ * @group oe_security_module_honeypot_captcha
+ */
+class HoneyPotCaptchaCest extends BaseCest
+{
+    private string $honeyPotInput = "lastname_confirm";
+
+    public function _before(AcceptanceTester $I): void
+    {
+        $this->setCaptchaState(false);
+        $this->setPasswordState(false);
+    }
+
+    public function testHoneyPotCaptchaOnRegistrationPage(AcceptanceTester $I): void
+    {
+        $homePage = $I->openShop();
+        $registrationPage = $homePage->openUserRegistrationPage();
+        $userData = $this->getNewUserData();
+        $this->fillRegistrationForm($I, $userData);
+        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $I->retryClick($registrationPage->saveFormButton);
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
+    public function testHoneyPotCaptchaOnContactPage(AcceptanceTester $I): void
+    {
+        $homePage = $I->openShop();
+        $contactPage = $homePage->openContactPage();
+        $userData = $this->getExistingUserData();
+
+        $contactData = new ContactData();
+        $contactData->setEmail($userData['userLoginName']);
+        $contactPage->fillInContactData($contactData);
+        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $contactPage->sendContactData();
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
+    public function testHoneyPotCaptchaOnNewsletterPage(AcceptanceTester $I): void
+    {
+
+        $userData = Fixtures::get('existingUser');
+
+        $homePage = $I->openShop();
+        $newsletterPage = $homePage->subscribeForNewsletter($userData['userLoginName']);
+        $I->executeJS("document.querySelector('input[name=\"$this->honeyPotInput\"]').value = 'some value';");
+        $newsletterPage->subscribe();
+
+        $I->see(Translator::translate('FORM_VALIDATION_FAILED'));
+    }
+
+    private function fillRegistrationForm(AcceptanceTester $I, array $userData)
+    {
+        foreach ($userData['inputFields'] as $key => $value) {
+            $I->fillField("#$key", $value);
+        }
+
+        foreach ($userData['selectFields'] as $key => $value) {
+            $I->selectOption("select#$key", $value);
+        }
+    }
+}

tests/Codeception/Support/Data/users.php

@@ -15,4 +15,20 @@
         'userName'      => 'UserNamešÄßüл',
         'userLastName'  => 'UserSurnamešÄßüл',
     ],
+    'newUser' => [
+        'inputFields' => [
+            'userLoginName'              => 'new_test_user@oxid-esales.dev',
+            'userPassword'               => 'useruser',
+            'userPasswordConfirm'        => 'useruser',
+            'invadr[oxuser__oxfname]'    => 'New',
+            'invadr[oxuser__oxlname]'    => 'User',
+            'invadr[oxuser__oxstreet]'   => 'Street',
+            'invadr[oxuser__oxstreetnr]' => '55',
+            'invadr[oxuser__oxzip]'      => '5555',
+            'invadr[oxuser__oxcity]'     => 'City',
+        ],
+        'selectFields' => [
+            'invCountrySelect' => 'a7c40f631fc920687.20179984'
+        ]
+    ]
 ];

tests/Unit/Captcha/Captcha/HoneyPot/Service/HoneyPotCaptchaServiceTest.php

@@ -67,6 +67,7 @@ public function testValidationThrowsException(): void
             logger: $logger
         );
 
+        $this->expectException(CaptchaValidateException::class);
         $sut->validate($request);
     }
 

translations/de/oesecuritymodule_lang.php

@@ -23,6 +23,7 @@
     'ERROR_EXPIRED_CAPTCHA'                    => 'CAPTCHA ist abgelaufen.',
     'ERROR_INVALID_CAPTCHA'                    => 'CAPTCHA Texteingabe ist nicht korrekt.',
     'ERROR_EMPTY_CAPTCHA'                      => 'CAPTCHA Eingabefeld bitte mit dem Bildtext füllen.',
+    'FORM_VALIDATION_FAILED'                   => 'Unexpected error occurred. Please refresh and try again.',
 
     'PASSWORD_REQUIREMENTS'              => 'Passwort-Anforderungen',
     'PASSWORD_MIN_LENGTH'                => 'Mindestens %d Zeichen.',