enabled recaptcha on password recovery

app/Controllers/Auth/PasswordRecoveryController.php

@@ -10,7 +10,7 @@ use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Slim\Exception\HttpNotFoundException;
 
-class PasswordRecoveryController extends Controller
+class PasswordRecoveryController extends AuthController
 {
 
     /**
@@ -23,7 +23,9 @@ class PasswordRecoveryController extends Controller
      */
     public function recover(Request $request, Response $response): Response
     {
-        return view()->render($response, 'auth/recover_mail.twig');
+        return view()->render($response, 'auth/recover_mail.twig', [
+            'recaptcha_site_key' => $this->getSetting('recaptcha_enabled') === 'on' ? $this->getSetting('recaptcha_site_key') : null,
+        ]);
     }
 
 
@@ -39,6 +41,10 @@ class PasswordRecoveryController extends Controller
             return redirect($response, route('home'));
         }
 
+        if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
+            return redirect($response, route('recover'));
+        }
+
         $user = $this->database->query('SELECT `id`, `username` FROM `users` WHERE `email` = ? AND NOT `ldap` LIMIT 1', param($request, 'email'))->fetch();
 
         if (!isset($user->id)) {
@@ -60,6 +66,7 @@ class PasswordRecoveryController extends Controller
             ->message(lang('mail.recover_text', [
                 $user->username,
                 route('recover.password', ['resetToken' => $resetToken]),
+                route('recover.password', ['resetToken' => $resetToken]),
             ]))
             ->send();
 

app/Controllers/Auth/RegisterController.php

@@ -6,11 +6,12 @@ namespace App\Controllers\Auth;
 use App\Controllers\Controller;
 use App\Database\Queries\UserQuery;
 use App\Web\Mail;
+use App\Web\ValidationHelper;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Slim\Exception\HttpNotFoundException;
 
-class RegisterController extends Controller
+class RegisterController extends AuthController
 {
 
     /**
@@ -54,13 +55,8 @@ class RegisterController extends Controller
             throw new HttpNotFoundException($request);
         }
 
-        if ($this->getSetting('recaptcha_enabled') === 'on') {
-            $recaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$this->getSetting('recaptcha_secret_key').'&response='.param($request, 'recaptcha_token')));
-
-            if ($recaptcha->success && $recaptcha->score < 0.5) {
-                $this->session->alert(lang('recaptcha_failed'), 'danger');
-                return redirect($response, route('register.show'));
-            }
+        if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
+            return redirect($response, route('register.show'));
         }
 
         $validator = $this->getUserCreateValidator($request)->alertIf(empty(param($request, 'password')), 'password_required');
@@ -89,6 +85,8 @@ class RegisterController extends Controller
                 param($request, 'username'),
                 $this->config['app_name'],
                 $this->config['base_url'],
+                $this->config['base_url'],
+                route('activate', ['activateToken' => $activateToken]),
                 route('activate', ['activateToken' => $activateToken]),
             ]))
             ->send();

app/Controllers/UserController.php

@@ -289,15 +289,19 @@ class UserController extends Controller
                 param($request, 'username'),
                 $this->config['app_name'],
                 $this->config['base_url'],
+                $this->config['base_url'],
                 param($request, 'username'),
                 param($request, 'password'),
                 route('login.show'),
+                route('login.show'),
             ]);
         } else {
             $message = lang('mail.new_account_text_with_reset', [
                 param($request, 'username'),
                 $this->config['app_name'],
                 $this->config['base_url'],
+                $this->config['base_url'],
+                route('recover.password', ['resetToken' => $resetToken]),
                 route('recover.password', ['resetToken' => $resetToken]),
             ]);
         }

app/Web/Mail.php

@@ -117,10 +117,11 @@ class Mail
 
         $this->addRequiredHeader('X-Mailer: PHP/'.phpversion());
         $this->addRequiredHeader('MIME-Version: 1.0');
-        $this->addRequiredHeader('Content-Type: text/plain; charset=utf-8');
+        $this->addRequiredHeader('Content-Type: text/html; charset=utf-8');
 
         $this->headers .= $this->additionalHeaders;
+        $message = html_entity_decode($this->message);
 
-        return (int) mail($this->to, $this->subject, utf8_encode($this->message), $this->headers);
+        return (int) mail($this->to, $this->subject, "<html><body>$message</body></html>", $this->headers);
     }
 }

app/helpers.php

@@ -115,10 +115,7 @@ if (!function_exists('removeDirectory')) {
      */
     function removeDirectory($path)
     {
-        $files = glob($path.'/*');
-        foreach ($files as $file) {
-            is_dir($file) ? removeDirectory($file) : unlink($file);
-        }
+        cleanDirectory($path, true);
         rmdir($path);
     }
 }
@@ -128,13 +125,14 @@ if (!function_exists('cleanDirectory')) {
      * Removes all directory contents.
      *
      * @param $path
+     * @param  bool  $all
      */
-    function cleanDirectory($path)
+    function cleanDirectory($path, $all = false)
     {
         $directoryIterator = new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS);
         $iteratorIterator = new RecursiveIteratorIterator($directoryIterator, RecursiveIteratorIterator::CHILD_FIRST);
         foreach ($iteratorIterator as $file) {
-            if ($file->getFilename() !== '.gitkeep') {
+            if ($all || $file->getFilename() !== '.gitkeep') {
                 $file->isDir() ? rmdir($file) : unlink($file);
             }
         }

resources/lang/en.lang.php

@@ -122,17 +122,9 @@ return [
     'default_user_quota' => 'Default User Quota',
     'max_user_quota' => 'Max User Quota',
     'invalid_quota' => 'Invalid values as default user quota.',
-    'mail.activate_text' => 'Hi %s!
-thank you for creating your account on %s (%s), click on the following link to activate it:
-
-%s',
+    'mail.activate_text' => 'Hi %s!<br>thank you for creating your account on %s (<a href="%s">%s</a>), click on the following link to activate it:<br><br><a href="%s">%s</a>',
     'mail.activate_account' => '%s - Account Activation',
-    'mail.recover_text' => 'Hi %s,
-a password reset has been requested for your account. To complete the procedure click on the following link:
-
-%s
-
-If it wasn\'t you who requested the password reset, simply ignore this email.',
+    'mail.recover_text' => 'Hi %s,<br>a password reset has been requested for your account. To complete the procedure click on the following link:<br><br><a href="%s">%s</a><br><br>If it wasn\'t you who requested the password reset, simply ignore this email.',
     'mail.recover_password' => '%s - Password Recovery',
     'recover_email_sent' => 'If present, a recovery email was sent to the specified account.',
     'account_activated' => 'Account activated, now you can login!',
@@ -156,18 +148,8 @@ If it wasn\'t you who requested the password reset, simply ignore this email.',
     'recaptcha_secret_key' => 'reCAPTCHA Secret Key',
     'send_notification' => 'Send Mail Notification',
     'mail.new_account' => '%s - New Account Creation',
-    'mail.new_account_text_with_reset' => 'Hi %s!
-a new account was created for you on %s (%s), click on the following link to set a password and activate it:
-
-%s',
-    'mail.new_account_text_with_pw' => 'Hi %s!
-a new account was created for you on %s (%s), with the following credentials:
-
-Username: %s
-Password: %s
-
-Click on the following link to go to the login page:
-%s',
+    'mail.new_account_text_with_reset' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), click on the following link to set a password and activate it:<br><br><a href="%s">%s</a>',
+    'mail.new_account_text_with_pw' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), with the following credentials:<br><br>Username: %s<br>Password: %s<br><br>Click on the following link to go to the login page:<br><a href="%s">%s</a>',
     'user_create_password' => 'If leaved empty, you might want to send a notification to the user email.',
     'ldap_cant_connect' => 'Can\'t connect to the LDAP auth server.',
     'upload_max_file_size' => 'The max file size is currently %s.',

resources/lang/it.lang.php

@@ -122,18 +122,8 @@ return [
     'register' => 'Registrati',
     'default_user_quota' => 'Quota utente predefinita',
     'invalid_quota' => 'Valore non valido per la quota utente predefinita.',
-    'mail.activate_text' => 'Ciao %s!
-grazie per aver creato il tuo account su %s (%s), fai clic sul seguente link per attivarlo:
-
-%s',
     'register_success' => 'L\'account è stato creato, è stata inviata un\'e-mail di conferma.',
     'mail.activate_account' => '%s - Attivazione account',
-    'mail.recover_text' => 'Ciao %s,
-è stata richiesta una reimpostazione della password per il tuo account. Per completare la procedura clicca sul seguente link:
-
-%s
-
-Se non sei stato tu a richiedere la reimpostazione della password, ignora semplicemente questa e-mail.',
     'mail.recover_password' => '%s - Recupero password',
     'recover_email_sent' => 'Se presente, è stata inviata un\'e-mail di recupero all\'account specificato.',
     'account_activated' => 'Account attivato, ora è possibile effettuare il login!',
@@ -160,18 +150,6 @@ Se non sei stato tu a richiedere la reimpostazione della password, ignora sempli
     'upload_max_file_size' => 'La dimensione massima di un file caricabile è %s.',
     'ldap_cant_connect' => 'Impossibile connettersi al server di autenticazione LDAP.',
     'user_create_password' => 'Se lasciato vuoto, si consiglia di inviare una notifica all\'utente via e-mail.',
-    'mail.new_account_text_with_pw' => 'Ciao %s!
-un nuovo account è stato creato per te su %s (%s), con le seguenti credenziali:
-
-Username: %s
-Password: %s
-
-Clicca su questo link per andare alla pagina di login: 
-%s',
-    'mail.new_account_text_with_reset' => 'Ciao %s!
-un nuovo account è stato creato per te su %s (%s), clicca sul seguente link per impostare una password e attivarlo:
-
-%s',
     'mail.new_account' => '%s - Nuovo account creato',
     'send_notification' => 'Invia notifica e-mail',
 ];

resources/templates/auth/recover_mail.twig

@@ -27,6 +27,9 @@
 {% block content %}
     <div class="container-fluid">
         <form class="form-signin" method="post" action="{{ route('recover.mail') }}">
+            {% if recaptcha_site_key is not null %}
+                <input type="hidden" name="recaptcha_token" id="recaptcha_token">
+            {% endif %}
             <div class="row text-center">
                 <div class="col-md-12">
                     <h1 class="h3 mb-3 font-weight-normal">{{ config.app_name }}</h1>
@@ -49,4 +52,9 @@
             </div>
         </form>
     </div>
+{% endblock %}
+{% block js %}
+    {% if recaptcha_site_key is not null %}
+        {% include 'comp/recaptcha.twig' %}
+    {% endif %}
 {% endblock %}