#464 re-enable captcha check

src/main/java/alfio/controller/EventController.java

@@ -24,6 +24,7 @@
 import alfio.controller.support.SessionUtil;
 import alfio.manager.EventManager;
 import alfio.manager.EventStatisticsManager;
+import alfio.manager.RecaptchaService;
 import alfio.manager.TicketReservationManager;
 import alfio.manager.i18n.I18nManager;
 import alfio.manager.system.ConfigurationManager;
@@ -60,6 +61,8 @@
 import java.util.stream.Collectors;
 
 import static alfio.controller.support.SessionUtil.addToFlash;
+import static alfio.model.system.Configuration.getSystemConfiguration;
+import static alfio.model.system.ConfigurationKeys.RECAPTCHA_API_KEY;
 import static alfio.util.OptionalWrapper.optionally;
 
 @Controller
@@ -82,6 +85,7 @@ public class EventController {
     private final AdditionalServiceRepository additionalServiceRepository;
     private final AdditionalServiceTextRepository additionalServiceTextRepository;
     private final TicketRepository ticketRepository;
+    private final RecaptchaService recaptchaService;
 
 
     @RequestMapping(value = "/", method = RequestMethod.HEAD)
@@ -245,6 +249,11 @@ public String showEvent(@PathVariable("eventName") String eventName,
                 .addAttribute("validityStart", event.getBegin())
                 .addAttribute("validityEnd", event.getEnd());
 
+            if(configurationManager.isRecaptchaForTicketSelectionEnabled(event)) {
+                model.addAttribute("captchaForTicketSelectionEnabled", true)
+                    .addAttribute("recaptchaApiKey", configurationManager.getStringConfigValue(getSystemConfiguration(RECAPTCHA_API_KEY), null));
+            }
+
             model.asMap().putIfAbsent("hasErrors", false);//
             return "/event/show-event";
         }).orElse(REDIRECT + "/");
@@ -361,6 +370,11 @@ public String reserveTicket(@PathVariable("eventName") String eventName,
     }
 
     private String validateAndReserve(String eventName, ReservationForm reservation, BindingResult bindingResult, ServletWebRequest request, RedirectAttributes redirectAttributes, Locale locale, Event event) {
+
+        if(isCaptchaInvalid(request.getRequest(), event)) {
+            bindingResult.reject(ErrorsCode.STEP_2_CAPTCHA_VALIDATION_FAILED);
+        }
+
         final String redirectToEvent = "redirect:/event/" + eventName + "/";
         return reservation.validate(bindingResult, ticketReservationManager, additionalServiceRepository, eventManager, event)
             .map(selected -> {
@@ -423,4 +437,11 @@ private boolean isEventHasValidPaymentConfigurations(Event event, ConfigurationM
         }
     }
 
+
+
+    private boolean isCaptchaInvalid(HttpServletRequest request, Event event) {
+        return configurationManager.isRecaptchaForTicketSelectionEnabled(event)
+            && !recaptchaService.checkRecaptcha(request);
+    }
+
 }

src/main/java/alfio/controller/ReservationController.java

@@ -132,31 +132,17 @@ public String showBookingPage(@PathVariable("eventName") String eventName,
                     }
 
                     OrderSummary orderSummary = ticketReservationManager.orderSummaryForReservationId(reservationId, event, locale);
-                    List<PaymentProxy> activePaymentMethods = paymentManager.getPaymentMethods(event.getOrganizationId())
-                        .stream()
-                        .filter(p -> TicketReservationManager.isValidPaymentMethod(p, event, configurationManager))
-                        .map(PaymentManager.PaymentMethod::getPaymentProxy)
-                        .collect(toList());
-
-                    if(orderSummary.getFree() || activePaymentMethods.stream().anyMatch(p -> p == PaymentProxy.OFFLINE || p == PaymentProxy.ON_SITE)) {
-                        boolean captchaForOfflinePaymentEnabled = configurationManager.isRecaptchaForOfflinePaymentEnabled(event);
-                        model.addAttribute("captchaRequestedForOffline", captchaForOfflinePaymentEnabled)
-                            .addAttribute("recaptchaApiKey", configurationManager.getStringConfigValue(getSystemConfiguration(RECAPTCHA_API_KEY), null))
-                            .addAttribute("captchaRequestedFreeOfCharge", orderSummary.getFree() && captchaForOfflinePaymentEnabled);
-                    }
 
                     boolean invoiceAllowed = configurationManager.hasAllConfigurationsForInvoice(event) || vatChecker.isVatCheckingEnabledFor(event.getOrganizationId());
                     boolean onlyInvoice = invoiceAllowed && configurationManager.getBooleanConfigValue(partialConfig.apply(ConfigurationKeys.GENERATE_ONLY_INVOICE), false);
 
 
                     ContactAndTicketsForm contactAndTicketsForm = ContactAndTicketsForm.fromExistingReservation(reservation, additionalInfo);
-                    model.addAttribute("multiplePaymentMethods" , activePaymentMethods.size() > 1 )
-                        .addAttribute("orderSummary", orderSummary)
+                    model.addAttribute("orderSummary", orderSummary)
                         .addAttribute("reservationId", reservationId)
                         .addAttribute("reservation", reservation)
                         .addAttribute("pageTitle", "reservation-page.header.title")
                         .addAttribute("event", event)
-                        .addAttribute("activePaymentMethods", activePaymentMethods)
                         .addAttribute("expressCheckoutEnabled", isExpressCheckoutEnabled(event, orderSummary))
                         .addAttribute("useFirstAndLastName", event.mustUseFirstAndLastName())
                         .addAttribute("countries", TicketHelper.getLocalizedCountries(locale))
@@ -382,6 +368,13 @@ public String showOverview(@PathVariable("eventName") String eventName, @PathVar
                         model.addAttribute("stripe_p_key", paymentManager.getStripePublicKey(event));
                     }
 
+                    if(orderSummary.getFree() || activePaymentMethods.stream().anyMatch(p -> p == PaymentProxy.OFFLINE || p == PaymentProxy.ON_SITE)) {
+                        boolean captchaForOfflinePaymentEnabled = configurationManager.isRecaptchaForOfflinePaymentEnabled(event);
+                        model.addAttribute("captchaRequestedForOffline", captchaForOfflinePaymentEnabled)
+                            .addAttribute("recaptchaApiKey", configurationManager.getStringConfigValue(getSystemConfiguration(RECAPTCHA_API_KEY), null))
+                            .addAttribute("captchaRequestedFreeOfCharge", orderSummary.getFree() && captchaForOfflinePaymentEnabled);
+                    }
+
                     model.addAttribute("multiplePaymentMethods" , activePaymentMethods.size() > 1 )
                         .addAttribute("activePaymentMethods", activePaymentMethods);
 

src/main/java/alfio/manager/system/ConfigurationManager.java

@@ -449,4 +449,9 @@ public boolean isRecaptchaForOfflinePaymentEnabled(Event event) {
         return getBooleanConfigValue(Configuration.from(event.getOrganizationId(), event.getId(), ENABLE_CAPTCHA_FOR_OFFLINE_PAYMENTS), false)
             && getStringConfigValue(Configuration.getSystemConfiguration(ENABLE_CAPTCHA_FOR_OFFLINE_PAYMENTS), null) != null;
     }
+
+    public boolean isRecaptchaForTicketSelectionEnabled(Event event) {
+        return getBooleanConfigValue(Configuration.from(event.getOrganizationId(), event.getId(), ENABLE_CAPTCHA_FOR_TICKET_SELECTION), false)
+            && getStringConfigValue(Configuration.getSystemConfiguration(RECAPTCHA_API_KEY), null) != null;
+    }
 }

src/main/java/alfio/model/system/ConfigurationKeys.java

@@ -42,6 +42,7 @@ public enum ConfigurationKeys {
     RECAPTCHA_API_KEY("Recaptcha api key", false, SettingCategory.GENERAL, ComponentType.TEXT, false, EnumSet.of(SYSTEM), true),
     RECAPTCHA_SECRET("Recaptcha secret", false, SettingCategory.GENERAL, ComponentType.TEXT, false, EnumSet.of(SYSTEM), true),
     ENABLE_CAPTCHA_FOR_OFFLINE_PAYMENTS("Enable captcha for offline payments / free of charge tickets (default false)", false, SettingCategory.GENERAL, ComponentType.BOOLEAN, false, EnumSet.of(SYSTEM), true),
+    ENABLE_CAPTCHA_FOR_TICKET_SELECTION("Enable captcha for ticket selection (default false)", false, SettingCategory.GENERAL, ComponentType.BOOLEAN, false, EnumSet.of(SYSTEM), true),
     ENABLE_CAPTCHA_FOR_LOGIN("Enable captcha for login (default true)", false, SettingCategory.GENERAL, ComponentType.BOOLEAN, false, EnumSet.of(SYSTEM), true),
 
     DISPLAY_STATS_IN_EVENT_DETAIL("Display stats (sold tickets, gross income, pending reservations) in event detail (default true)", false, SettingCategory.GENERAL, ComponentType.BOOLEAN, false, EnumSet.of(SYSTEM, ORGANIZATION, EVENT), true),

src/main/webapp/WEB-INF/templates/event/overview.ms

@@ -216,4 +216,7 @@
     {{/orderSummary.free}}
     <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}">
 </form>
+{{#captchaRequestedForOffline}}
+<script src="https://www.google.com/recaptcha/api.js?onload=recaptchaLoadCallback&render=explicit" async defer></script>
+{{/captchaRequestedForOffline}}
 {{>/event/page-bottom}}

src/main/webapp/WEB-INF/templates/event/reservation-page.ms

@@ -391,8 +391,4 @@
     <div class="clearfix"></div>
 
 </form>
-{{#captchaRequestedForOffline}}
-<script src="https://www.google.com/recaptcha/api.js?onload=recaptchaLoadCallback&render=explicit" async defer></script>
-{{/captchaRequestedForOffline}}
-
 {{>/event/page-bottom}}

src/main/webapp/WEB-INF/templates/event/show-event.ms

@@ -214,6 +214,9 @@
     </div>
 </div>
 {{/hasAccessPromotions}}
+{{#captchaForTicketSelectionEnabled}}
+    <div class="show-event g-recaptcha" data-sitekey="{{recaptchaApiKey}}"></div>
+{{/captchaForTicketSelectionEnabled}}
 {{/validPaymentMethodAvailable}}
     <hr/>
 
@@ -235,4 +238,9 @@
 {{/displayWaitingQueueForm}}
 <script src="{{request.contextPath}}/resources/bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
 <script src="{{request.contextPath}}/resources/js/event/bootstrap-handler.js"></script>
+
+{{#captchaForTicketSelectionEnabled}}
+<script src="https://www.google.com/recaptcha/api.js" async defer></script>
+{{/captchaForTicketSelectionEnabled}}
+
 {{>/event/page-bottom}}

src/main/webapp/resources/css/application.css

@@ -203,6 +203,13 @@ html[lang=it] .alfio-lang a[lang=it] {
     font-weight:normal;
 }
 
+.show-event.g-recaptcha {
+    text-align:center;
+}
+.show-event.g-recaptcha > div {
+    display:inline-block;
+}
+
 /* based on https://material-ui.com/demos/steppers/ */
 .wizard2 {
     display: flex;