Merge pull request #198 from mwllgr/master

Fix stateless Captcha flaws (infinite usages etc.)
mewebstudio · Aug 21, 2020 · 700ce56 · 700ce56
2 parents b156128 + 9e5f8a6
commit 700ce56
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -96,6 +96,7 @@ return [
         'height'    => 36,
         'quality'   => 90,
         'math'      => true, //Enable Math Captcha
+        'expire'    => 60,   //Stateless/API captcha expiration
     ],
     // ...
 ];

diff --git a/config/captcha.php b/config/captcha.php
@@ -8,6 +8,7 @@
         'height' => 36,
         'quality' => 90,
         'math' => false,
+        'expire' => 60,
     ],
     'math' => [
         'length' => 9,

diff --git a/src/Captcha.php b/src/Captcha.php
@@ -25,6 +25,7 @@
 use Intervention\Image\ImageManager;
 use Illuminate\Session\Store as Session;
 use Illuminate\Support\HtmlString;
+use Illuminate\Support\Facades\Cache;
 
 /**
  * Class Captcha
@@ -177,6 +178,11 @@ class Captcha
      */
     protected $fontsDirectory;
 
+    /**
+     * @var string
+     */
+    protected $expire;
+
     /**
      * Constructor
      *
@@ -281,6 +287,10 @@ public function create(string $config = 'default', bool $api = false)
             $this->image->blur($this->blur);
         }
 
+        if ($api) {
+            Cache::put('captcha_record_' . $generator['key'], $generator['value'], $this->expire);
+        }
+
         return $api ? [
             'sensitive' => $generator['sensitive'],
             'key' => $generator['key'],
@@ -472,6 +482,10 @@ public function check(string $value): bool
      */
     public function check_api($value, $key): bool
     {
+        if (!Cache::pull('captcha_record_' . $key)) {
+            return false;
+        }
+
         return $this->hasher->check($value, $key);
     }