feat: recaptcha support for VueForms

Author: jptissot

src/Lib/StatCan.OrchardCore.Security/SecurityExtensions.cs

@@ -40,6 +40,7 @@ public static IApplicationBuilder UseStatCanSecurityHeaders(this IApplicationBui
                     .UnsafeEval() // for vue-js in oc admin
                     .UnsafeInline() // for oc admin
                     .Self()
+                    .From("https://www.google.com/recaptcha/").From("https://www.gstatic.com/recaptcha/") //recaptcha
                     .From("cdn.jsdelivr.net")
                     .From("code.jquery.com")
                     .From("ajax.googleapis.com")
@@ -56,7 +57,9 @@ public static IApplicationBuilder UseStatCanSecurityHeaders(this IApplicationBui
                     .From("*.demdex.net") // adobe analytics
                     .From("cm.everesttech.net") // adobe analytics
                     .From("*.adobe.com"); // adobe analytics
-                builder.AddFrameSource().Self().From("canada.demdex.net"); // adobe analytics
+                builder.AddFrameSource().Self()
+                .From("canada.demdex.net")// adobe analytics
+                .From("https://www.google.com/recaptcha/");
             });
 
             if (!env.IsDevelopment())

src/Modules/StatCan.OrchardCore.Scripting/FormsGlobalMethodsProvider.cs

@@ -6,12 +6,14 @@
 using Newtonsoft.Json.Linq;
 using OrchardCore.Infrastructure.Html;
 using OrchardCore.Scripting;
+using OrchardCore.ReCaptcha.Services;
 
 namespace StatCan.OrchardCore.Scripting
 {
     public class FormsGlobalMethodsProvider : IGlobalMethodProvider
     {
         private readonly GlobalMethod _formAsJsonObject;
+        private readonly GlobalMethod _validateReCaptcha;
 
         public FormsGlobalMethodsProvider()
         {
@@ -37,11 +39,19 @@ public FormsGlobalMethodsProvider()
                 }
                 )
             };
+            _validateReCaptcha = new GlobalMethod
+            {
+                Name = "validateReCaptcha",
+                Method = serviceProvider => (Func<string, bool>)((reCaptchaResponse) => {
+                    var recaptchaService = serviceProvider.GetRequiredService<ReCaptchaService>();
+                    return recaptchaService.VerifyCaptchaResponseAsync(reCaptchaResponse).GetAwaiter().GetResult();
+                })
+            };
         }
 
         public IEnumerable<GlobalMethod> GetMethods()
         {
-            return new[] { _formAsJsonObject };
+            return new[] { _formAsJsonObject, _validateReCaptcha };
         }
     }
 }

src/Modules/StatCan.OrchardCore.Scripting/StatCan.OrchardCore.Scripting.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="OrchardCore.ReCaptcha.Core" Version="$(OrchardCoreVersion)" />
     <PackageReference Include="OrchardCore.Abstractions" Version="$(OrchardCoreVersion)" />
     <PackageReference Include="OrchardCore.Infrastructure.Abstractions" Version="$(OrchardCoreVersion)" />
     <PackageReference Include="OrchardCore.ContentManagement" Version="$(OrchardCoreVersion)" />

src/Modules/StatCan.OrchardCore.VueForms/Assets/vue-forms.js

@@ -62,13 +62,19 @@ function initForm(app) {
         observer.validate().then((valid) => {
           if (valid) {
             const action = vm.$refs.form.getAttribute("action");
-            var token = vm.$refs.form.querySelector('input[name="__RequestVerificationToken"]');;
+            let frmData = {...vm.$data};
+            frmData.__RequestVerificationToken = vm.$refs.form.querySelector('input[name="__RequestVerificationToken"]').value;
+            if(typeof(grecaptcha) == 'object')
+            {
+              frmData.recaptcha = grecaptcha.getResponse();
+            }
+
             vm.form.submitting = true;
 
             $.ajax({
               type: "POST",
               url: action,
-              data: {...vm.$data, __RequestVerificationToken: token.value },
+              data: frmData,
               cache: false,
               dataType: "json",
               success: function (data) {