Merge pull request #241 from /issues/234

#234: Auto-fill browser functionality can override API keys for reCAPCTH and block Admin Panel access

Author: lenaorobei

ReCaptchaVersion2Checkbox/etc/adminhtml/system.xml

@@ -1,3 +1,10 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
@@ -6,9 +13,10 @@
                    showInStore="0">
                 <label>reCAPTCHA v2 ("I am not a robot")</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="0"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="0"
@@ -49,9 +57,10 @@
                    showInStore="1">
                 <label>reCAPTCHA v2 ("I am not a robot")</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="1"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="1"

ReCaptchaVersion2Checkbox/etc/config.xml

@@ -10,6 +10,7 @@
     <default>
         <recaptcha_backend>
             <type_recaptcha>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <size>normal</size>
                 <theme>light</theme>
@@ -19,6 +20,7 @@
         </recaptcha_backend>
         <recaptcha_frontend>
             <type_recaptcha>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <size>normal</size>
                 <theme>light</theme>

ReCaptchaVersion2Invisible/etc/adminhtml/system.xml

@@ -1,3 +1,10 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
@@ -6,9 +13,10 @@
                    showInStore="0">
                 <label>reCAPTCHA v2 Invisible</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="0"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="0"
@@ -49,9 +57,10 @@
                    showInStore="1">
                 <label>reCAPTCHA v2 Invisible</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="1"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="1"

ReCaptchaVersion2Invisible/etc/config.xml

@@ -10,6 +10,7 @@
     <default>
         <recaptcha_backend>
             <type_invisible>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <position>inline</position>
                 <theme>light</theme>
@@ -19,6 +20,7 @@
         </recaptcha_backend>
         <recaptcha_frontend>
             <type_invisible>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <position>inline</position>
                 <theme>light</theme>

ReCaptchaVersion3Invisible/etc/adminhtml/system.xml

@@ -1,3 +1,10 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
@@ -6,9 +13,10 @@
                    showInStore="0">
                 <label>reCAPTCHA v3 Invisible</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="0"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="0"
@@ -59,9 +67,10 @@
                    showInStore="1">
                 <label>reCAPTCHA v3 Invisible</label>
 
-                <field id="public_key" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1"
+                <field id="public_key" translate="label" type="obscure" sortOrder="10" showInDefault="1" showInWebsite="1"
                        showInStore="0" canRestore="0">
                     <label>Google API Website Key</label>
+                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                 </field>
 
                 <field id="private_key" translate="label" type="obscure" sortOrder="20" showInDefault="1" showInWebsite="1"

ReCaptchaVersion3Invisible/etc/config.xml

@@ -10,6 +10,7 @@
     <default>
         <recaptcha_backend>
             <type_recaptcha_v3>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <score_threshold>0.5</score_threshold>
                 <position>inline</position>
@@ -20,6 +21,7 @@
         </recaptcha_backend>
         <recaptcha_frontend>
             <type_recaptcha_v3>
+                <public_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <private_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
                 <score_threshold>0.5</score_threshold>
                 <position>inline</position>