New security option: Use invisible reCAPTCHA

Author: muratcakir

changelog.md

@@ -6,6 +6,7 @@
 * #1144 Enable multi server search index
 * Made Topic ACL enabled
 * Implemented paging & filtering for Topic grid
+* New security option: Use invisible reCAPTCHA
 * **BeezUp**:
 	* #1459 Add option to only submit one category name per product
 	* Allow to specify export categories per product

src/Libraries/SmartStore.Data/Migrations/MigrationsConfiguration.cs

@@ -321,6 +321,12 @@ public void MigrateLocaleResources(LocaleResourcesBuilder builder)
             builder.AddOrUpdate("Common.DisplayOrder.Hint",
                 "Specifies display order. 1 represents the top of the list.",
                 "Legt die Anzeige-Priorität fest. 1 steht bspw. für das erste Element in der Liste.");
-        }
+
+			builder.AddOrUpdate("Admin.Configuration.Settings.GeneralCommon.UseInvisibleReCaptcha",
+				"Use invisible reCAPTCHA",
+				"Unsichtbaren reCAPTCHA verwenden",
+				"Does not require the user to click on a checkbox, instead it is invoked directly when the user submits a form. By default only the most suspicious traffic will be prompted to solve a captcha.",
+				"Der Benutzer muss nicht auf ein Kontrollkästchen klicken, sondern die Validierung erfolgt direkt beim Absenden eines Formulars. Nur bei 'verdächtigem' Traffic wird der Benutzer aufgefordert, ein Captcha zu lösen.");
+		}
     }
 }

src/Presentation/SmartStore.Web.Framework/Security/Captcha/CaptchaSettings.cs

@@ -17,5 +17,6 @@ public class CaptchaSettings : ISettings
         public bool ShowOnProductReviewPage { get; set; }
         public string ReCaptchaPublicKey { get; set; }
         public string ReCaptchaPrivateKey { get; set; }
-    }
+		public bool UseInvisibleReCaptcha { get; set; }
+	}
 }

src/Presentation/SmartStore.Web.Framework/Security/Captcha/HtmlCaptchaExtensions.cs

@@ -1,4 +1,5 @@
 using System.Text;
+using System.Web;
 using System.Web.Mvc;
 using SmartStore.Core;
 using SmartStore.Core.Infrastructure;
@@ -8,30 +9,34 @@ namespace SmartStore.Web.Framework.Security
 {
 	public static class HtmlCaptchaExtensions
 	{
-        public static string GenerateCaptcha(this HtmlHelper helper)
+        public static IHtmlString GenerateCaptcha(this HtmlHelper helper)
         {
-			var sb = new StringBuilder();
             var captchaSettings = EngineContext.Current.Resolve<CaptchaSettings>();
 			var workContext = EngineContext.Current.Resolve<IWorkContext>();
 			var widgetUrl = CommonHelper.GetAppSetting<string>("g:RecaptchaWidgetUrl");
-			var elementId = "GoogleRecaptchaWidget";
+			var ident = CommonHelper.GenerateRandomDigitCode(5).ToString();
+			var elementId = "recaptcha" + ident;
+			var siteKey = captchaSettings.ReCaptchaPublicKey;
+			var callbackName = "recaptchaOnload" + ident;
 
-			var url = "{0}?onload=googleRecaptchaOnloadCallback&render=explicit&hl={1}".FormatInvariant(
+			var url = "{0}?onload={1}&render=explicit&hl={2}".FormatInvariant(
 				widgetUrl,
+				callbackName,
 				workContext.WorkingLanguage.UniqueSeoCode.EmptyNull().ToLower()
 			);
 
-			sb.AppendLine("<script type=\"text/javascript\">");
-			sb.AppendLine("var googleRecaptchaOnloadCallback = function() {");
-			sb.AppendLine("  grecaptcha.render('{0}', {{".FormatInvariant(elementId));
-			sb.AppendLine("    'sitekey' : '{0}'".FormatInvariant(captchaSettings.ReCaptchaPublicKey));
-			sb.AppendLine("  });");
-			sb.AppendLine("};");
-			sb.AppendLine("</script>");
-			sb.AppendLine("<div id=\"{0}\"></div>".FormatInvariant(elementId));
-			sb.AppendLine("<script src=\"{0}\" async defer></script>".FormatInvariant(url));
+			var script = new[] 
+			{
+				"<script>",
+				"	var {0} = function() {{".FormatInvariant(callbackName),
+				"		renderGoogleRecaptcha('{0}', '{1}', {2});".FormatInvariant(elementId, siteKey, captchaSettings.UseInvisibleReCaptcha.ToString().ToLower()),
+				"	};",
+				"</script>",
+				"<div id='{0}' class='g-recaptcha'></div>".FormatInvariant(elementId, siteKey),
+				"<script src='{0}' async defer></script>".FormatInvariant(url),
+			}.StrJoin("");
 
-			return sb.ToString();
+			return MvcHtmlString.Create(script);
         }
     }
 }

src/Presentation/SmartStore.Web/Administration/Models/Settings/GeneralCommonSettingsModel.cs

@@ -155,6 +155,9 @@ public partial class CaptchaSettingsModel
 			[SmartResourceDisplayName("Admin.Configuration.Settings.GeneralCommon.reCaptchaPrivateKey")]
 			[AllowHtml]
 			public string ReCaptchaPrivateKey { get; set; }
+
+			[SmartResourceDisplayName("Admin.Configuration.Settings.GeneralCommon.UseInvisibleReCaptcha")]
+			public bool UseInvisibleReCaptcha { get; set; }
 		}
 
 		public partial class PdfSettingsModel

src/Presentation/SmartStore.Web/Administration/Views/Setting/GeneralCommon.cshtml

@@ -296,6 +296,15 @@
 			</td>
 		</tr>
 		<tbody id="pnlCaptchaSettings">
+			<tr>
+				<td class="adminTitle">
+					@Html.SmartLabelFor(model => model.CaptchaSettings.UseInvisibleReCaptcha)
+				</td>
+				<td class="adminData">
+					@Html.SettingEditorFor(model => model.CaptchaSettings.UseInvisibleReCaptcha)
+					@Html.ValidationMessageFor(model => model.CaptchaSettings.UseInvisibleReCaptcha)
+				</td>
+			</tr>
 			<tr>
 				<td class="adminTitle">
 					@Html.SmartLabelFor(model => model.CaptchaSettings.ShowOnLoginPage)

src/Presentation/SmartStore.Web/Global.asax

@@ -1 +1 @@
-<%@ Application Codebehind="Global.asax.cs" Inherits="SmartStore.Web.MvcApplication" Language="C#" %>
+<%@ Application Codebehind="Global.asax.cs" Inherits="SmartStore.Web.MvcApplication" Language="C#" %> 

src/Presentation/SmartStore.Web/Scripts/smartstore.common.js

@@ -282,6 +282,33 @@
 		};
 	}
 
+    window.renderGoogleRecaptcha = function (containerId, sitekey, invisible) {
+        var frm = $('#' + containerId).closest('form');
+
+        if (frm.length === 0)
+            return;
+
+        var holderId = grecaptcha.render(containerId, {
+            sitekey: sitekey,
+            size: invisible ? 'invisible' : undefined,
+            badge: 'bottomleft',
+            callback: function (token) {
+                if (invisible && frm) {
+                    frm[0].submit();
+                }
+            }
+        });
+
+        if (invisible) {
+            frm.on('submit', function (e) {
+                if ($.validator === undefined || frm.valid() == true) {
+                    e.preventDefault();
+                    grecaptcha.execute(holderId);
+                }
+            });
+        }
+    }
+
     // on document ready
 	$(function () {
 		var rtl = SmartStore.globalization.culture.isRTL;