Create the initial (working) code base

Author: Gregor Pollak

Config/Comment.php

@@ -0,0 +1,46 @@
+<?php declare(strict_types=1);
+/**
+ *  RocketWeb
+ *
+ *  NOTICE OF LICENSE
+ *
+ *  This source file is subject to the Open Software License (OSL 3.0)
+ *  that is bundled with this package in the file LICENSE.txt.
+ *  It is also available through the world-wide-web at this URL:
+ *  http://opensource.org/licenses/osl-3.0.php
+ *
+ * @category  RocketWeb
+ * @copyright Copyright (c) 2020 RocketWeb (http://rocketweb.com)
+ * @license   http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ * @author    Rocket Web Inc.
+ */
+namespace RocketWeb\CaptchaBypass\Config;
+
+use Magento\Config\Model\Config\CommentInterface;
+
+/**
+ * Simple class that takes care of showing additional code section of the comment with simple instructions
+ * on how to include it inside of Cypress Test
+ */
+class Comment implements CommentInterface
+{
+    /**
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function getCommentText($elementValue): string
+    {
+        $html = '<p>This secret key gets used to match the Automated Test Sessions and disables ReCaptcha.</p>';
+        $html .= '<p>To activate the Bypass, add the following to the Cypress Test:</p>
+        <div style="background-color:lightgrey;">
+        <code><pre>
+
+        let secretKey = \'-the-value-from-above-\'
+        let date = new Date(). getTime()
+        let hash = CryptoJS.MD5(secretKey + \'-\' + date)
+        cy.setCookie(\'' . Provider::COOKIE_KEY . '\', hash);
+        </pre></code>
+                </div>';
+
+        return $html;
+    }
+}

Config/Provider.php

@@ -0,0 +1,44 @@
+<?php declare(strict_types=1);
+/**
+ *  RocketWeb
+ *
+ *  NOTICE OF LICENSE
+ *
+ *  This source file is subject to the Open Software License (OSL 3.0)
+ *  that is bundled with this package in the file LICENSE.txt.
+ *  It is also available through the world-wide-web at this URL:
+ *  http://opensource.org/licenses/osl-3.0.php
+ *
+ * @category  RocketWeb
+ * @copyright Copyright (c) 2020 RocketWeb (http://rocketweb.com)
+ * @license   http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ * @author    Rocket Web Inc.
+ */
+namespace RocketWeb\CaptchaBypass\Config;
+
+/**
+ * Standard configuration provider class.
+ */
+class Provider
+{
+    private const XML_BYPASS_SECRET_KEY = 'recaptcha_frontend/bypass/secret_key';
+    private \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig;
+
+    public const COOKIE_KEY = '__rbp';
+
+    public function __construct(
+        \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
+    ) {
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    public function getSecretKey(): ?string
+    {
+        $secretKey = $this->scopeConfig->getValue(self::XML_BYPASS_SECRET_KEY);
+        if (!$secretKey) {
+            return null;
+        }
+
+        return $secretKey;
+    }
+}

Plugin/IsCaptchaEnabledPlugin.php

@@ -0,0 +1,89 @@
+<?php declare(strict_types=1);
+/**
+ *  RocketWeb
+ *
+ *  NOTICE OF LICENSE
+ *
+ *  This source file is subject to the Open Software License (OSL 3.0)
+ *  that is bundled with this package in the file LICENSE.txt.
+ *  It is also available through the world-wide-web at this URL:
+ *  http://opensource.org/licenses/osl-3.0.php
+ *
+ * @category  RocketWeb
+ * @copyright Copyright (c) 2020 RocketWeb (http://rocketweb.com)
+ * @license   http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ * @author    Rocket Web Inc.
+ */
+namespace RocketWeb\CaptchaBypass\Plugin;
+
+use Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface;
+use RocketWeb\CaptchaBypass\Config\Provider;
+
+/**
+ * The after-plugin in which we fetch the cookie value from the browser, and we compare it to what it should be
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
+ */
+class IsCaptchaEnabledPlugin
+{
+    private \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader;
+    private \RocketWeb\CaptchaBypass\Config\Provider $configProvider;
+    private \Psr\Log\LoggerInterface $logger;
+
+    public function __construct(
+        \Magento\Framework\Stdlib\Cookie\CookieReaderInterface $cookieReader,
+        \RocketWeb\CaptchaBypass\Config\Provider $configProvider,
+        \Psr\Log\LoggerInterface $logger
+    ) {
+        $this->cookieReader = $cookieReader;
+        $this->configProvider = $configProvider;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterIsCaptchaEnabledFor(IsCaptchaEnabledInterface $subject, $result)
+    {
+        if ($result === false) {
+            // If Captcha is disabled, then no point of checking if bypass is needed
+            return false;
+        }
+
+        $cookieData = (string)$this->cookieReader->getCookie(Provider::COOKIE_KEY);
+        if (!$cookieData) {
+            // cookie with data not set, skipping bypass
+            return $result;
+        }
+
+        $secretKey = $this->configProvider->getSecretKey();
+        if (!$secretKey) {
+            // Bypass Secret Key empty/not-set, skipping bypass
+            return $result;
+        }
+
+        /**
+         * Define 1h window in which we look for hash values to compensate for any miss-configurations of system clocks
+         */
+        $timestamp = time();
+        $start = $timestamp - 1800;
+        $end = $timestamp + 1800;
+
+        for ($i = $start; $i <= $end; $i++) {
+            // since we are not using md5() for security reasons, it's safe to ignore it
+            // @phpcs:ignore
+            $hash = md5($secretKey . '-' . $i);
+            if ($hash === $cookieData) {
+                // We found a match for the hash, we are disabling captcha
+                return false;
+            }
+        }
+        // Log the missmatch. With cookie set, something had to go wrong?
+        $this->logger->info(
+            'RecaptchaBypass mismatch. Cookie data: ' . $cookieData . ' | start: ' . $start
+            . ' | end: ' . $end . ' | key: ' . $secretKey
+        );
+
+        return $result;
+    }
+}

README.md

@@ -1,2 +1,4 @@
-# magento-captcha-bypass
+# RocketWeb Captcha Bypass
 The extension disables Google reCAPTCHA by providing a simple hashed value thru a cookie
+
+More details to come soon!

composer.json

@@ -0,0 +1,31 @@
+{
+    "name": "rocketweb/magento-captcha-bypass",
+    "description": "The extension disables Google reCAPTCHA by providing a simple hashed value thru a cookie",
+    "require": {
+        "ext-simplexml": "*",
+        "ext-dom": "*",
+        "php": "^7.4.0",
+        "magento/magento-composer-installer": "*"
+    },
+    "type": "magento2-module",
+    "version": "1.0.0",
+    "license": [
+        "OSL-3.0",
+        "AFL-3.0"
+    ],
+    "autoload": {
+        "files": [
+            "registration.php"
+        ],
+        "psr-4": {
+            "RocketWeb\\CaptchaBypass\\": ""
+        }
+    },
+    "extra": {
+        "map": [
+            [
+                "RocketWeb/CaptchaBypass"
+            ]
+        ]
+    }
+}

etc/adminhtml/system.xml

@@ -0,0 +1,15 @@
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
+    <system>
+        <section id="recaptcha_frontend">
+            <group id="bypass" translate="label" type="text" sortOrder="1000" showInDefault="1" showInWebsite="1"
+                   showInStore="0">
+                <label>Bypass Storefront ReCaptcha</label>
+                <field id="secret_key" translate="label" sortOrder="100" type="text" showInDefault="1"
+                       showInWebsite="1" showInStore="0">
+                    <comment><model>RocketWeb\CaptchaBypass\Config\Comment</model></comment>
+                </field>
+            </group>
+        </section>
+    </system>
+</config>

etc/frontend/di.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\ReCaptchaUi\Model\IsCaptchaEnabledInterface">
+        <plugin sortOrder="50" name="RocketWeb_CaptchaBypass_Plugin"
+                type="RocketWeb\CaptchaBypass\Plugin\IsCaptchaEnabledPlugin"/>
+    </type>
+</config>

etc/module.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
+    <module name="RocketWeb_CaptchaBypass" setup_version="1.0.0">
+        <sequence>
+            <module name="Magento_ReCaptchaUi"/>
+            <module name="Magento_ReCaptchaAdminUi"/>
+        </sequence>
+    </module>
+</config>

registration.php

@@ -0,0 +1,7 @@
+<?php declare(strict_types=1);
+
+\Magento\Framework\Component\ComponentRegistrar::register(
+    \Magento\Framework\Component\ComponentRegistrar::MODULE,
+    'RocketWeb_CaptchaBypass',
+    __DIR__
+);