LYNX-941: [AC-2.4.9] [CE] Implement ReCaptcha for missing GraphQl mutations

Author: deepak-soni1

ReCaptchaContact/Model/WebapiConfigProvider.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaContact\Model;
+
+use Magento\ContactGraphQl\Model\Resolver\ContactUs;
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+use Magento\ReCaptchaUi\Model\ValidationConfigResolverInterface;
+use Magento\ReCaptchaValidationApi\Api\Data\ValidationConfigInterface;
+use Magento\ReCaptchaWebapiApi\Api\Data\EndpointInterface;
+use Magento\ReCaptchaWebapiApi\Api\WebapiValidationConfigProviderInterface;
+
+class WebapiConfigProvider implements WebapiValidationConfigProviderInterface
+{
+    private const CAPTCHA_ID = 'contact';
+
+    /**
+     * WebapiConfigProvider constructor
+     *
+     * @param IsCaptchaEnabledInterface $isEnabled
+     * @param ValidationConfigResolverInterface $configResolver
+     */
+    public function __construct(
+        private readonly IsCaptchaEnabledInterface $isEnabled,
+        private readonly ValidationConfigResolverInterface $configResolver
+    ) {
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getConfigFor(EndpointInterface $endpoint): ?ValidationConfigInterface
+    {
+        if ($endpoint->getServiceMethod() === 'resolve'
+            && $endpoint->getServiceClass() === ContactUs::class
+            && $this->isEnabled->isCaptchaEnabledFor(self::CAPTCHA_ID)
+        ) {
+            return $this->configResolver->get(self::CAPTCHA_ID);
+        }
+
+        return null;
+    }
+}

ReCaptchaContact/Test/Api/GraphQl/Contact/ContactUsTest.php

@@ -0,0 +1,50 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaContact\Test\Api\GraphQl\Contact;
+
+use Magento\TestFramework\Fixture\Config as ConfigFixture;
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+
+/**
+ * GraphQl test for contact us functionality with ReCaptcha enabled.
+ */
+class ContactUsTest extends GraphQlAbstract
+{
+    #[
+        ConfigFixture('recaptcha_frontend/type_invisible/public_key', 'test_public_key'),
+        ConfigFixture('recaptcha_frontend/type_invisible/private_key', 'test_private_key'),
+        ConfigFixture('recaptcha_frontend/type_for/contact', 'invisible')
+    ]
+    public function testContactUsReCaptchaValidationFailed(): void
+    {
+        $this->expectExceptionMessage('ReCaptcha validation failed, please try again');
+        $this->graphQlMutation($this->getContactUsMutation());
+    }
+
+    /**
+     * Get contact us graphql mutation query
+     *
+     * @return string
+     */
+    private function getContactUsMutation(): string
+    {
+        return <<<MUTATION
+            mutation {
+                contactUs(input: {
+                    comment:"Test Contact Us",
+                    email:"test@adobe.com",
+                    name:"John Doe",
+                    telephone:"1111111111"
+                })
+                {
+                    status
+                }
+            }
+        MUTATION;
+    }
+}

ReCaptchaContact/composer.json

@@ -4,7 +4,10 @@
     "require": {
         "php": "~8.2.0||~8.3.0||~8.4.0",
         "magento/framework": "*",
-        "magento/module-re-captcha-ui": "*"
+        "magento/module-contact-graph-ql": "*",
+        "magento/module-re-captcha-ui": "*",
+        "magento/module-re-captcha-validation-api": "*",
+        "magento/module-re-captcha-webapi-api": "*"
     },
     "type": "magento2-module",
     "license": "OSL-3.0",

ReCaptchaContact/etc/di.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\ReCaptchaWebapiApi\Model\CompositeWebapiValidationConfigProvider">
+        <arguments>
+            <argument name="providers" xsi:type="array">
+                <item name="recaptcha_on_contact_form" xsi:type="object">Magento\ReCaptchaContact\Model\WebapiConfigProvider</item>
+            </argument>
+        </arguments>
+    </type>
+</config>

ReCaptchaCustomer/Model/WebapiConfigProvider.php

@@ -8,6 +8,11 @@
 
 namespace Magento\ReCaptchaCustomer\Model;
 
+use Magento\CustomerGraphQl\Model\Resolver\ChangePassword;
+use Magento\CustomerGraphQl\Model\Resolver\RequestPasswordResetEmail;
+use Magento\CustomerGraphQl\Model\Resolver\ResetPassword;
+use Magento\CustomerGraphQl\Model\Resolver\UpdateCustomer;
+use Magento\Framework\Exception\InputException;
 use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
 use Magento\ReCaptchaUi\Model\ValidationConfigResolverInterface;
 use Magento\ReCaptchaValidationApi\Api\Data\ValidationConfigInterface;
@@ -21,7 +26,7 @@ class WebapiConfigProvider implements WebapiValidationConfigProviderInterface
 {
     private const RESET_PASSWORD_CAPTCHA_ID = 'customer_forgot_password';
 
-    private const CHANGE_PASSWORD_CAPTCHA_ID = 'customer_edit';
+    private const CUSTOMER_EDIT_CAPTCHA_ID = 'customer_edit';
 
     private const LOGIN_CAPTCHA_ID = 'customer_login';
 
@@ -53,27 +58,49 @@ public function __construct(IsCaptchaEnabledInterface $isEnabled, ValidationConf
      * @param string $serviceMethod
      * @param string $serviceClass
      * @return ValidationConfigInterface|null
+     * @throws InputException
      */
     private function validateChangePasswordCaptcha($serviceMethod, $serviceClass): ?ValidationConfigInterface
     {
-        //phpcs:disable Magento2.PHP.LiteralNamespaces
-        if ($serviceMethod === 'resetPassword' || $serviceMethod === 'initiatePasswordReset'
-            || $serviceClass === 'Magento\CustomerGraphQl\Model\Resolver\ResetPassword'
-            || $serviceClass === 'Magento\CustomerGraphQl\Model\Resolver\RequestPasswordResetEmail'
-        ) {
-            return $this->isEnabled->isCaptchaEnabledFor(self::RESET_PASSWORD_CAPTCHA_ID) ?
-                $this->configResolver->get(self::RESET_PASSWORD_CAPTCHA_ID) : null;
-        } elseif ($serviceMethod === 'changePasswordById'
-            || $serviceClass === 'Magento\CustomerGraphQl\Model\Resolver\ChangePassword'
-        ) {
-            return $this->isEnabled->isCaptchaEnabledFor(self::CHANGE_PASSWORD_CAPTCHA_ID) ?
-                $this->configResolver->get(self::CHANGE_PASSWORD_CAPTCHA_ID) : null;
+        if ($this->isResetPasswordCase($serviceMethod, $serviceClass)) {
+            $captchaId = self::RESET_PASSWORD_CAPTCHA_ID;
+        } elseif ($this->isChangePasswordCase($serviceMethod, $serviceClass)) {
+            $captchaId = self::CUSTOMER_EDIT_CAPTCHA_ID;
+        }
+
+        if (isset($captchaId) && $this->isEnabled->isCaptchaEnabledFor($captchaId)) {
+            return $this->configResolver->get($captchaId);
         }
-        //phpcs:enable Magento2.PHP.LiteralNamespaces
 
         return null;
     }
 
+    /**
+     * Check if the request is related to reset password
+     *
+     * @param string $serviceMethod
+     * @param string $serviceClass
+     * @return bool
+     */
+    private function isResetPasswordCase(string $serviceMethod, string $serviceClass): bool
+    {
+        return in_array($serviceMethod, ['resetPassword', 'initiatePasswordReset'], true)
+            || in_array($serviceClass, [ResetPassword::class, RequestPasswordResetEmail::class], true);
+    }
+
+    /**
+     * Check if the request is related to change password
+     *
+     * @param string $serviceMethod
+     * @param string $serviceClass
+     * @return bool
+     */
+    private function isChangePasswordCase(string $serviceMethod, string $serviceClass): bool
+    {
+        return $serviceMethod === 'changePasswordById'
+            || in_array($serviceClass, [ChangePassword::class, UpdateCustomer::class], true);
+    }
+
     /**
      * Validates ifLoginCaptchaEnabled using captcha_id
      *

ReCaptchaCustomer/Test/Api/GraphQl/Customer/UpdateCustomerTest.php

@@ -0,0 +1,131 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\ReCaptchaCustomer\Test\Api\GraphQl\Customer;
+
+use Magento\Customer\Api\Data\CustomerInterface;
+use Magento\Customer\Test\Fixture\Customer;
+use Magento\Framework\Exception\AuthenticationException;
+use Magento\Integration\Api\CustomerTokenServiceInterface;
+use Magento\TestFramework\Fixture\Config as ConfigFixture;
+use Magento\TestFramework\Fixture\DataFixture;
+use Magento\TestFramework\Fixture\DataFixtureStorageManager;
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\TestFramework\TestCase\GraphQlAbstract;
+
+/**
+ * GraphQl test for update customer functionality with ReCaptcha enabled.
+ */
+class UpdateCustomerTest extends GraphQlAbstract
+{
+    /**
+     * @var CustomerTokenServiceInterface
+     */
+    private $customerTokenService;
+
+    /**
+     * @var CustomerInterface
+     */
+    private $customer;
+
+    protected function setUp(): void
+    {
+        $this->customerTokenService = Bootstrap::getObjectManager()->get(CustomerTokenServiceInterface::class);
+        $this->customer = DataFixtureStorageManager::getStorage()->get('customer');
+    }
+
+    #[
+        DataFixture(Customer::class, as: 'customer'),
+        ConfigFixture('recaptcha_frontend/type_invisible/public_key', 'test_public_key'),
+        ConfigFixture('recaptcha_frontend/type_invisible/private_key', 'test_private_key'),
+        ConfigFixture('recaptcha_frontend/type_for/customer_edit', 'invisible')
+    ]
+    public function testUpdateCustomerV2ReCaptchaValidationFailed(): void
+    {
+        $this->expectExceptionMessage('ReCaptcha validation failed, please try again');
+        $this->graphQlMutation(
+            $this->getUpdateCustomerV2Mutation(),
+            [],
+            '',
+            $this->getCustomerAuthHeaders($this->customer->getEmail())
+        );
+    }
+
+    #[
+        DataFixture(Customer::class, as: 'customer'),
+        ConfigFixture('recaptcha_frontend/type_invisible/public_key', 'test_public_key'),
+        ConfigFixture('recaptcha_frontend/type_invisible/private_key', 'test_private_key'),
+        ConfigFixture('recaptcha_frontend/type_for/customer_edit', 'invisible')
+    ]
+    public function testUpdateCustomerReCaptchaValidationFailed(): void
+    {
+        $this->expectExceptionMessage('ReCaptcha validation failed, please try again');
+        $this->graphQlMutation(
+            $this->getUpdateCustomerMutation(),
+            [],
+            '',
+            $this->getCustomerAuthHeaders($this->customer->getEmail())
+        );
+    }
+
+    /**
+     * Get update customer graphql mutation
+     *
+     * @return string
+     */
+    private function getUpdateCustomerMutation(): string
+    {
+        return <<<MUTATION
+            mutation {
+                updateCustomer(
+                    input: {
+                        firstname: "Test User"
+                    }
+                ) {
+                    customer {
+                        firstname
+                    }
+                }
+            }
+        MUTATION;
+    }
+
+    /**
+     * Get update customer V2 graphql mutation
+     *
+     * @return string
+     */
+    private function getUpdateCustomerV2Mutation(): string
+    {
+        return <<<MUTATION
+            mutation {
+                updateCustomerV2(
+                    input: {
+                        firstname: "Test User"
+                    }
+                ) {
+                    customer {
+                        firstname
+                    }
+                }
+            }
+        MUTATION;
+    }
+
+    /**
+     * Get customer auth headers
+     *
+     * @param string $email
+     * @return array
+     * @throws AuthenticationException
+     */
+    private function getCustomerAuthHeaders(string $email): array
+    {
+        $customerToken = $this->customerTokenService->createCustomerAccessToken($email, 'password');
+        return ['Authorization' => 'Bearer ' . $customerToken];
+    }
+}