Merge pull request #661 from in2code-de/feature/validate-missing-captcha

Related ticket:  https://projekte.in2code.de/issues/56659

Author: tinzog

Classes/Controller/AbstractController.php

@@ -25,6 +25,7 @@
 use TYPO3\CMS\Backend\Utility\BackendUtility as BackendUtilityCore;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Http\ApplicationType;
+use TYPO3\CMS\Core\Http\PropagateResponseException;
 use TYPO3\CMS\Core\Http\RedirectResponse;
 use TYPO3\CMS\Core\Http\UploadedFile;
 use \TYPO3\CMS\Core\Resource\Enum\DuplicationBehavior;
@@ -655,4 +656,25 @@ public function sendCreateUserConfirmationMailFromBackend(User $user): void
             $this->request
         );
     }
+
+    protected function validateMissingCaptcha(string $redirectAction): void
+    {
+        if ($this->isCaptchaEnabled() && $this->request->getAttribute('extbase')->getArgument('captcha') === '') {
+            $this->addFlashMessage(
+                LocalizationUtility::translate('validationErrorCaptcha'),
+                '',
+                ContextualFeedbackSeverity::ERROR
+            );
+            throw new PropagateResponseException($this->redirect($redirectAction), 12398019239);
+        }
+    }
+
+    protected function isCaptchaEnabled(): bool {
+        $extbaseAttribute = $this->request->getAttribute('extbase');
+        $controllerName = strtolower($extbaseAttribute->getControllerName());
+
+        return $extbaseAttribute->hasArgument('captcha') &&
+            $this->config[$controllerName . '.']['validation.']['captcha.']['captcha'] == true &&
+            ExtensionManagementUtility::isLoaded('sr_freecap');
+    }
 }

Classes/Controller/EditController.php

@@ -54,6 +54,8 @@ public function editAction(): ResponseInterface
     #[Validate(['validator' => CaptchaValidator::class, 'param' => 'captcha'])]
     public function updateAction(User $user, ?string $captcha = null)
     {
+        $this->validateMissingCaptcha('edit');
+
         $currentUser = UserUtility::getCurrentUser();
         $userValues = $this->request->getArgument('user') ?? [];
         $token = $this->request->getArgument('token') ?? null;

Classes/Controller/InvitationController.php

@@ -59,6 +59,8 @@ public function newAction(): ResponseInterface
     #[Validate(['validator' => CaptchaValidator::class, 'param' => 'captcha'])]
     public function createAction(User $user, ?string $captcha = null): ResponseInterface
     {
+        $this->validateMissingCaptcha('new');
+
         if ($this->ratelimiterService->isLimited()) {
             $this->addFlashMessage(
                 LocalizationUtility::translate('ratelimiter_too_many_attempts'),

Classes/Controller/NewController.php

@@ -66,6 +66,8 @@ public function newAction(): ResponseInterface
     #[Validate(['validator' => CaptchaValidator::class, 'param' => 'captcha'])]
     public function createAction(User $user, ?string $captcha = null): ResponseInterface
     {
+        $this->validateMissingCaptcha('new');
+
         if ($this->ratelimiterService->isLimited()) {
             $this->addFlashMessage(
                 LocalizationUtility::translate('ratelimiter_too_many_attempts'),

Classes/Domain/Validator/ClientsideValidator.php

@@ -272,6 +272,7 @@ public function validateField(string $pluginName = 'tx_femanager_new'): bool
                         $wordRepository = GeneralUtility::makeInstance(
                             WordRepository::class
                         );
+                        $wordRepository->setRequest($this->request ?? $GLOBALS["TYPO3_REQUEST"]);
                         $wordObject = $wordRepository->getWord();
                         $wordHash = $wordObject->getWordHash();
                         $userVal = md5(strtolower(mb_convert_encoding($this->getValue(), 'ISO-8859-1')));