From 4493a18d4acccb43e0a1c4d0a9d9cf855fb550f1 Mon Sep 17 00:00:00 2001
From: Ben Croker <ben@putyourlightson.net>
Date: Fri, 2 Apr 2021 09:43:08 +0200
Subject: [PATCH] Added Validate Users setting

---
 CHANGELOG.md                     |  7 ++++---
 codeception.yml                  |  9 +++++----
 src/config.php                   |  3 +++
 src/models/SettingsModel.php     |  5 +++++
 src/services/SnaptchaService.php | 15 +++++++++++++++
 src/templates/_settings.html     | 10 ++++++++++
 tests/.env                       |  8 ++++----
 tests/README.md                  |  4 ++--
 tests/_bootstrap.php             |  2 +-
 9 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4420e55..3b34bd5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,15 +7,16 @@
 
 ### Added
 - Added a customisable error screen that allows users to resubmit their data if a submission is flagged as spam.
-- Added an “Exclude Controller Actions” setting.
+- Added a “Validate Users” setting that lets you disable validation for logged-in users.
+- Added an “Exclude Controller Actions” setting that lets you disable validation for specific controller actions.
 - Added an “Allow List” of IP addresses that will not be validated.
 - Added unit tests.
 
 ### Changed
 - Changed the minimum requirement of Craft to version 3.2.1.
-- Renamed “Blacklist” to “Deny List”, a list of IP addresses that will always be denied.
+- Renamed “Blacklist” to “Deny List”.
 - The hidden input field now has an `autocomplete` attribute set to `off`.
-- IP addresses are now stored as anonymous hash values.
+- IP addresses are now stored as anonymous hashed values.
 
 ### Removed
 - Removed the “Excluded URI Patterns” setting. Use the new “Exclude Controller Actions” setting instead.
diff --git a/codeception.yml b/codeception.yml
index fc8ee81..e01edf6 100644
--- a/codeception.yml
+++ b/codeception.yml
@@ -12,14 +12,15 @@ modules:
     config:
         \craft\test\Craft:
             configFile: 'tests/_craft/config/test.php'
-            entryUrl: 'http://craft3/index.php'
+            entryUrl: 'http://craft.nitro/index.php'
             entryScript: 'index.php'
             projectConfig: {}
             migrations: []
             plugins:
-                sprig:
+                snaptcha:
                     class: '\putyourlightson\snaptcha\Snaptcha'
                     handle: snaptcha
-#            cleanup: true
+            cleanup: true
             transaction: false
-#            dbSetup: {clean: true, setupCraft: true}
+            dbSetup: {clean: true, setupCraft: true}
+            fullMock: false
diff --git a/src/config.php b/src/config.php
index fab70cb..d1d0bbe 100755
--- a/src/config.php
+++ b/src/config.php
@@ -22,6 +22,9 @@
         // Whether form submissions should be validated. Ensure that all of your forms that submit via POST requests have the necessary tags in place before enabling this.
         //'validationEnabled' => false,
 
+        // Whether form submissions should be validated for logged-in users (recommended if public user registration is enabled).
+        //'validateUsers' => true,
+
         // Whether form submissions should be limited to one time per page refresh (recommended for low to medium traffic sites).
         //'oneTimeKey' => true,
 
diff --git a/src/models/SettingsModel.php b/src/models/SettingsModel.php
index 897f24b..96e562e 100644
--- a/src/models/SettingsModel.php
+++ b/src/models/SettingsModel.php
@@ -14,6 +14,11 @@ class SettingsModel extends Model
      */
     public $validationEnabled = false;
 
+    /**
+     * @var bool
+     */
+    public $validateUsers = true;
+
     /**
      * @var bool
      */
diff --git a/src/services/SnaptchaService.php b/src/services/SnaptchaService.php
index 991f296..8d6f1bc 100644
--- a/src/services/SnaptchaService.php
+++ b/src/services/SnaptchaService.php
@@ -97,6 +97,16 @@ public function isExcludedControllerAction(): bool
         return false;
     }
 
+    /**
+     * Returns whether the user is allowed.
+     *
+     * @return bool
+     */
+    public function isUserAllowed(): bool
+    {
+        return !Snaptcha::$plugin->settings->validateUsers && Craft::$app->getUser()->getIsGuest() === false;
+    }
+
     /**
      * Returns whether the IP address is allowed.
      *
@@ -164,6 +174,11 @@ public function validateField(string $value = null): bool
             return false;
         }
 
+        // Check if user is allowed
+        if ($this->isUserAllowed()) {
+            return true;
+        }
+
         // Check if IP address is allowed
         if ($this->isIpAllowed()) {
             return true;
diff --git a/src/templates/_settings.html b/src/templates/_settings.html
index 9bcaa3b..34cd3f3 100644
--- a/src/templates/_settings.html
+++ b/src/templates/_settings.html
@@ -20,6 +20,16 @@
     errors: settings.getErrors('validationEnabled')
 }) }}
 
+{{ forms.lightswitchField({
+    required: true,
+    label: 'Validate Users'|t('snaptcha'),
+    name: 'validateUsers',
+    instructions: 'Whether form submissions should be validated for logged-in users (recommended if public user registration is enabled).'|t('snaptcha'),
+    warning: (config.validateUsers is defined ? configWarning('validateUsers')),
+    on: settings.validateUsers,
+    errors: settings.getErrors('validateUsers')
+}) }}
+
 {{ forms.lightswitchField({
     required: true,
     label: 'One Time Key'|t('snaptcha'),
diff --git a/tests/.env b/tests/.env
index 3cecacd..410649e 100644
--- a/tests/.env
+++ b/tests/.env
@@ -1,7 +1,7 @@
 # Set in accordance to your environment
-DB_DSN="mysql:host=127.0.0.1;port=3306;dbname=craft-test"
-DB_USER="root"
-DB_PASSWORD="root"
+DB_DSN="mysql:host=mysql-8.0-3307.database.nitro;port=3306;dbname=craft-test"
+DB_USER="nitro"
+DB_PASSWORD="nitro"
 
 # Set this to the `entryUrl` param in the `codeception.yml` file.
-DEFAULT_SITE_URL="http://craft3/index.php"
+DEFAULT_SITE_URL="http://craft/index.php"
diff --git a/tests/README.md b/tests/README.md
index 27484e9..6d64a3d 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -8,10 +8,10 @@ To run static analysis on the plugin, install PHPStan and run the following comm
 
 To test the plugin, install Codeception, update `.env` and run the following command from the root of your project.
 
-    codecept run -c ./vendor/putyourlightson/craft-sherlock
+    ./vendor/bin/codecept run -c ./vendor/putyourlightson/craft-sherlock
 
 Or to run a specific test.
 
-     codecept run -c ./vendor/putyourlightson/craft-sherlock unit variables/SnaptchaVariableTest:getField
+    ./vendor/bin/codecept run -c ./vendor/putyourlightson/craft-sherlock unit variables/SnaptchaVariableTest:getField
 
 > Ensure that the database you specify in `.env` is not one that actually contains any data as it will be cleared when the tests are run. 
diff --git a/tests/_bootstrap.php b/tests/_bootstrap.php
index bf6effc..b639626 100644
--- a/tests/_bootstrap.php
+++ b/tests/_bootstrap.php
@@ -13,7 +13,7 @@
 //define('CRAFT_VENDOR_PATH', dirname(__DIR__) . DIRECTORY_SEPARATOR . 'vendor');
 
 // Use absolute path if the plugin directory is a symlink
-define('CRAFT_VENDOR_PATH', '/Users/ben/Sites/craft3/vendor');
+define('CRAFT_VENDOR_PATH', '/app/vendor');
 
 $devMode = true;