ACP2E-1338: Google reCaptcha in Incorrect position

Author: bubasuma

ReCaptchaCheckout/view/frontend/web/js/reCaptchaCheckout.js

@@ -14,7 +14,7 @@ define(
         return Component.extend({
             defaults: {
                 template: 'Magento_ReCaptchaCheckout/reCaptcha',
-                skipPayments: []
+                skipPayments: [] // List of payment methods that do not require this reCaptcha
             },
 
             /**

ReCaptchaPaypal/Block/LayoutProcessor/Checkout/Onepage.php

@@ -50,19 +50,17 @@ public function __construct(
     public function process($jsLayout)
     {
         $key = 'paypal_payflowpro';
+        $skipCheckoutRecaptchaForPayments = [
+            Config::METHOD_EXPRESS => true,
+            Config::METHOD_WPP_PE_EXPRESS => true,
+            Config::METHOD_WPP_PE_BML => true,
+        ];
         if ($this->isCaptchaEnabled->isCaptchaEnabledFor($key)) {
             $jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
             ['payment']['children']['payments-list']['children']['paypal-captcha']['children']
             ['recaptcha']['settings'] = $this->captchaUiConfigResolver->get($key);
             if ($this->isCaptchaEnabled->isCaptchaEnabledFor('place_order')) {
-                $jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
-                ['payment']['children']['payments-list']['children']['before-place-order']['children']
-                ['place-order-recaptcha']['skipPayments'] += [
-                    Config::METHOD_EXPRESS => true,
-                    Config::METHOD_PAYFLOWPRO => true,
-                    Config::METHOD_WPP_PE_EXPRESS => true,
-                    Config::METHOD_WPP_PE_BML => true,
-                ];
+                $skipCheckoutRecaptchaForPayments[Config::METHOD_PAYFLOWPRO] = true;
             }
         } else {
             if (isset($jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
@@ -71,6 +69,11 @@ public function process($jsLayout)
                     ['payment']['children']['payments-list']['children']['paypal-captcha']['children']['recaptcha']);
             }
         }
+        if ($this->isCaptchaEnabled->isCaptchaEnabledFor('place_order')) {
+            $jsLayout['components']['checkout']['children']['steps']['children']['billing-step']['children']
+            ['payment']['children']['payments-list']['children']['before-place-order']['children']
+            ['place-order-recaptcha']['skipPayments'] += $skipCheckoutRecaptchaForPayments;
+        }
 
         return $jsLayout;
     }

ReCaptchaPaypal/Model/ReCaptchaSession.php

@@ -0,0 +1,93 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaPaypal\Model;
+
+use Magento\Framework\Session\SessionManager;
+use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
+
+/**
+ * Saves the date and time the reCaptcha was verified
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
+ */
+class ReCaptchaSession
+{
+    private const PAYPAL_PAYFLOWPRO_RECAPTCHA = 'paypal_payflowpro_recaptcha';
+    private const REPLAY_TIMEOUT = 120;
+
+    /**
+     * @var TimezoneInterface
+     */
+    private TimezoneInterface $timezone;
+
+    /**
+     * @var SessionManager
+     */
+    private SessionManager $transparentSession;
+
+    /**
+     * @var SessionManager
+     */
+    private SessionManager $checkoutSession;
+
+    /**
+     * @param TimezoneInterface $timezone
+     * @param SessionManager $transparentSession
+     * @param SessionManager $checkoutSession
+     */
+    public function __construct(
+        TimezoneInterface $timezone,
+        SessionManager $transparentSession,
+        SessionManager $checkoutSession,
+    ) {
+        $this->timezone = $timezone;
+        $this->transparentSession = $transparentSession;
+        $this->checkoutSession = $checkoutSession;
+    }
+
+    /**
+     * Saves quote_id and datetime the reCaptcha was verified
+     *
+     * @return bool
+     */
+    public function save(): bool
+    {
+        $result = false;
+        if ($this->checkoutSession->getQuote()) {
+            $this->transparentSession->setData(
+                self::PAYPAL_PAYFLOWPRO_RECAPTCHA,
+                [
+                    'quote_id' => $this->checkoutSession->getQuote()->getId(),
+                    'verified_at' => $this->timezone->date()->getTimestamp(),
+                ]
+            );
+            $result = true;
+        }
+        return $result;
+    }
+
+    /**
+     * Checks whether the reCaptcha extended time has not expired
+     *
+     * @param int $quoteId
+     * @return bool
+     */
+    public function isValid(int $quoteId): bool
+    {
+        $result = false;
+        $data = $this->transparentSession->getData(self::PAYPAL_PAYFLOWPRO_RECAPTCHA) ?? [];
+        if (isset($data['quote_id'])
+            && (int) $data['quote_id'] === $quoteId
+            && ($data['verified_at'] + self::REPLAY_TIMEOUT) >= $this->timezone->date()->getTimestamp()
+        ) {
+            $this->transparentSession->unsetData(self::PAYPAL_PAYFLOWPRO_RECAPTCHA);
+            $result = true;
+        }
+        return $result;
+    }
+}

ReCaptchaPaypal/Observer/PayPalObserver.php

@@ -16,6 +16,7 @@
 use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Serialize\SerializerInterface;
+use Magento\ReCaptchaPaypal\Model\ReCaptchaSession;
 use Magento\ReCaptchaUi\Model\CaptchaResponseResolverInterface;
 use Magento\ReCaptchaUi\Model\ErrorMessageConfigInterface;
 use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
@@ -76,6 +77,11 @@ class PayPalObserver implements ObserverInterface
      */
     private $validationErrorMessagesProvider;
 
+    /**
+     * @var ReCaptchaSession
+     */
+    private $reCaptchaSession;
+
     /**
      * @param CaptchaResponseResolverInterface $captchaResponseResolver
      * @param ValidationConfigResolverInterface $validationConfigResolver
@@ -86,6 +92,7 @@ class PayPalObserver implements ObserverInterface
      * @param LoggerInterface $logger
      * @param ErrorMessageConfigInterface|null $errorMessageConfig
      * @param ValidationErrorMessagesProvider|null $validationErrorMessagesProvider
+     * @param ReCaptchaSession|null $reCaptchaSession
      */
     public function __construct(
         CaptchaResponseResolverInterface $captchaResponseResolver,
@@ -96,7 +103,8 @@ public function __construct(
         IsCaptchaEnabledInterface $isCaptchaEnabled,
         LoggerInterface $logger,
         ?ErrorMessageConfigInterface $errorMessageConfig = null,
-        ?ValidationErrorMessagesProvider $validationErrorMessagesProvider = null
+        ?ValidationErrorMessagesProvider $validationErrorMessagesProvider = null,
+        ?ReCaptchaSession $reCaptchaSession = null
     ) {
         $this->captchaResponseResolver = $captchaResponseResolver;
         $this->validationConfigResolver = $validationConfigResolver;
@@ -109,6 +117,8 @@ public function __construct(
             ?? ObjectManager::getInstance()->get(ErrorMessageConfigInterface::class);
         $this->validationErrorMessagesProvider = $validationErrorMessagesProvider
             ?? ObjectManager::getInstance()->get(ValidationErrorMessagesProvider::class);
+        $this->reCaptchaSession = $reCaptchaSession
+            ?? ObjectManager::getInstance()->get(ReCaptchaSession::class);
     }
 
     /**
@@ -148,6 +158,9 @@ public function execute(Observer $observer): void
                     $validationResult->getErrors(),
                     $key
                 );
+            } elseif ($this->isCaptchaEnabled->isCaptchaEnabledFor('place_order')) {
+                // Extend reCaptcha verification to place order
+                $this->reCaptchaSession->save();
             }
         }
     }

ReCaptchaPaypal/Plugin/SkipPlaceOrderRecaptchaValidation.php renamed to ReCaptchaPaypal/Plugin/ReplayPayflowReCaptchaForPlaceOrder.php

@@ -10,11 +10,12 @@
 use Magento\Framework\Webapi\Rest\Request;
 use Magento\Paypal\Model\Config;
 use Magento\ReCaptchaCheckout\Model\WebapiConfigProvider;
+use Magento\ReCaptchaPaypal\Model\ReCaptchaSession;
 use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaValidationApi\Api\Data\ValidationConfigInterface;
 use Magento\ReCaptchaWebapiApi\Api\Data\EndpointInterface;
 
-class SkipPlaceOrderRecaptchaValidation
+class ReplayPayflowReCaptchaForPlaceOrder
 {
     private const PAYPAL_PAYFLOWPRO_CAPTCHA_ID = 'paypal_payflowpro';
 
@@ -28,20 +29,28 @@ class SkipPlaceOrderRecaptchaValidation
      */
     private Request $request;
 
+    /**
+     * @var ReCaptchaSession
+     */
+    private ReCaptchaSession $reCaptchaSession;
+
     /**
      * @param IsCaptchaEnabledInterface $isCaptchaEnabled
      * @param Request $request
+     * @param ReCaptchaSession $reCaptchaSession
      */
     public function __construct(
         IsCaptchaEnabledInterface $isCaptchaEnabled,
-        Request $request
+        Request $request,
+        ReCaptchaSession $reCaptchaSession
     ) {
         $this->isCaptchaEnabled = $isCaptchaEnabled;
         $this->request = $request;
+        $this->reCaptchaSession = $reCaptchaSession;
     }
 
     /**
-     * Skip captcha validation for "place order" button if captcha is enabled for payflowpro
+     * Skip reCaptcha validation for "place order" button if captcha is enabled for payflowpro
      *
      * @param WebapiConfigProvider $subject
      * @param ValidationConfigInterface $result
@@ -58,8 +67,11 @@ public function afterGetConfigFor(
         if ($result && $this->isCaptchaEnabled->isCaptchaEnabledFor(self::PAYPAL_PAYFLOWPRO_CAPTCHA_ID)) {
             $bodyParams = $this->request->getBodyParams();
             $paymentMethod = $bodyParams['paymentMethod'] ?? $bodyParams['payment_method'] ?? [];
+            $cartId = $bodyParams['cartId'] ?? $bodyParams['cart_id'] ?? null;
             if (isset($paymentMethod['method']) && $paymentMethod['method'] === Config::METHOD_PAYFLOWPRO) {
-                return null;
+                if ($cartId && $this->reCaptchaSession->isValid((int) $cartId)) {
+                    return null;
+                }
             }
         }
 

ReCaptchaPaypal/etc/frontend/di.xml

@@ -21,4 +21,10 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\ReCaptchaPaypal\Model\ReCaptchaSession">
+        <arguments>
+            <argument name="transparentSession" xsi:type="object">Magento\Framework\Session\Generic\Proxy</argument>
+            <argument name="checkoutSession" xsi:type="object">Magento\Checkout\Model\Session\Proxy</argument>
+        </arguments>
+    </type>
 </config>

ReCaptchaPaypal/etc/webapi_rest/di.xml

@@ -8,6 +8,6 @@
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
     <type name="Magento\ReCaptchaCheckout\Model\WebapiConfigProvider">
-        <plugin name="skip_place_order_recaptcha_validation" type="Magento\ReCaptchaPaypal\Plugin\SkipPlaceOrderRecaptchaValidation"/>
+        <plugin name="skip_place_order_recaptcha_validation" type="Magento\ReCaptchaPaypal\Plugin\ReplayPayflowReCaptchaForPlaceOrder"/>
     </type>
 </config>