Merge pull request #2704 from alphagov/pp-13110/migrate-recaptcha-v1

PP-13110 migrate recaptcha enterprise to v1
alphagov · Sep 18, 2024 · 85f3f17 · 85f3f17
2 parents 6023cb3 + c1a98fd
commit 85f3f17
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 16 deletions.
diff --git a/app/utils/captcha.js b/app/utils/captcha.js
@@ -12,7 +12,7 @@ const captchaEnterpriseUrl = formatEnterpriseUrl(GOOGLE_RECAPTCHA_ENTERPRISE_PRO
 const captchaBasicUrl = 'https://www.recaptcha.net/recaptcha/api/siteverify'
 
 function formatEnterpriseUrl (projectId) {
-  return urlJoin('https://recaptchaenterprise.googleapis.com/v1beta1/projects', String(projectId), 'assessments')
+  return urlJoin('https://recaptchaenterprise.googleapis.com/v1/projects', String(projectId), 'assessments')
 }
 
 async function verifyCAPTCHAEnterpriseVersion (token) {
@@ -40,21 +40,23 @@ async function verifyCAPTCHAEnterpriseVersion (token) {
     }
   )
 
+  // https://cloud.google.com/recaptcha/docs/reference/rest/v1/projects.assessments
   if (response.status === HTTP_SUCCESS_CODE) {
-    const body = response.data
-    // https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
-    if (!body.score || body.score < 0.9) {
+    const body = response.data || {}
+    const riskAnalysis = body.riskAnalysis || {}
+    const score = riskAnalysis.score
+    const reasons = riskAnalysis.reasons || []
+
+    if (typeof score !== 'number' || score < 0.9) {
       logger.info('Failed reCAPTCHA response', {
-        tokenProperties: body.tokenProperties,
-        score: body.score,
-        reasons: body.reasons
+        tokenProperties: body.tokenProperties || {},
+        score: score || 'N/A',
+        reasons
       })
       return false
     }
-
     return true
   }
-
   throw new Error(`Unknown reCAPTCHA response ${response.statusCode}`)
 }
 

diff --git a/app/utils/captcha.test.js b/app/utils/captcha.test.js
@@ -40,7 +40,7 @@ describe('CAPTCHA verification utility', () => {
     })
 
     it('returns the captcha enterprise URL given a valid project ID', () => {
-      expect(captcha.formatEnterpriseUrl('102030')).to.equal('https://recaptchaenterprise.googleapis.com/v1beta1/projects/102030/assessments')
+      expect(captcha.formatEnterpriseUrl('102030')).to.equal('https://recaptchaenterprise.googleapis.com/v1/projects/102030/assessments')
     })
   })
 
@@ -51,9 +51,8 @@ describe('CAPTCHA verification utility', () => {
 
     it('rejects non-success HTTP responses', async () => {
       process.env.GOOGLE_RECAPTCHA_USE_ENTERPRISE_VERSION = 'true'
-
       nock('https://recaptchaenterprise.googleapis.com')
-        .post('/v1beta1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef')
+        .post('/v1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef')
         .reply(403)
 
       try {
@@ -69,14 +68,14 @@ describe('CAPTCHA verification utility', () => {
       const token = 'a-valid-session-token'
 
       nock('https://recaptchaenterprise.googleapis.com')
-        .post('/v1beta1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef', (body) => {
+        .post('/v1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef', (body) => {
           if (body.event.token === token) {
             return true
           } else {
             return false
           }
         })
-        .reply(200, { success: true, score: 1 })
+        .reply(200, { riskAnalysis: { success: true, score: 1 } })
 
       const validResponseWithExpectedBody = await captcha.verifyCAPTCHAToken(token)
       expect(validResponseWithExpectedBody).to.equal(true)
@@ -88,14 +87,14 @@ describe('CAPTCHA verification utility', () => {
       const token = 'a-valid-session-token'
 
       nock('https://recaptchaenterprise.googleapis.com')
-        .post('/v1beta1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef', (body) => {
+        .post('/v1/projects/102030/assessments?key=8Pf-i72rjkwfmjwfi72rfkjwefmjwef', (body) => {
           if (body.event.token === token) {
             return true
           } else {
             return false
           }
         })
-        .reply(200, { success: true, score: 0.8 })
+        .reply(200, { riskAnalysis: { success: true, score: 0.8 } })
 
       const validResponseWithExpectedBody = await captcha.verifyCAPTCHAToken(token)
       expect(validResponseWithExpectedBody).to.equal(false)