Excluded GraphQL controller action explicitly

codyjames · Jun 26, 2021 · d7a9537 · d7a9537
1 parent e7584e8
commit d7a9537
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 3.0.7 - Unreleased
+### Changed
+- Excluded GraphQL requests that do not use `application/graphql` as their MIME type from being validated ([#17](https://github.com/putyourlightson/craft-snaptcha/issues/17)).
+
 ## 3.0.6 - 2021-06-03
 ### Fixed
 - Fixed a bug in which a migration was not run when updating from v2 to v3 ([#15](https://github.com/putyourlightson/craft-snaptcha/issues/15)).

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "putyourlightson/craft-snaptcha",
     "description": "Automatically validates forms and prevents spam bots from submitting to your site.",
-    "version": "3.0.6",
+    "version": "3.0.7",
     "type": "craft-plugin",
     "homepage": "https://putyourlightson.com/plugins/snaptcha",
     "license": "proprietary",

diff --git a/src/Snaptcha.php b/src/Snaptcha.php
@@ -85,7 +85,7 @@ public function validateField(ActionEvent $event)
             || $request->getIsPreview()
             || $request->getMethod() !== 'POST'
             || $request->getFullPath() == Craft::$app->getConfig()->getGeneral()->getSetPasswordPath()
-            || $this->snaptcha->isExcludedControllerAction()
+            || $this->snaptcha->isExcludedControllerAction($event->action)
         ) {
             return;
         }

diff --git a/src/services/SnaptchaService.php b/src/services/SnaptchaService.php
@@ -13,8 +13,13 @@
 use putyourlightson\snaptcha\models\SnaptchaModel;
 use putyourlightson\snaptcha\records\SnaptchaRecord;
 use putyourlightson\snaptcha\Snaptcha;
+use yii\base\Action;
 use yii\base\Event;
 
+/**
+ *
+ * @property-read array $postedValues
+ */
 class SnaptchaService extends Component
 {
     /**
@@ -37,8 +42,9 @@ class SnaptchaService extends Component
      */
     const EXCLUDE_CONTROLLER_ACTIONS = [
         'commerce/webhooks/process-webhook',
-        'cookie-consent/consent/update',
         'complete-cookie-consent/consent/submit',
+        'cookie-consent/consent/update',
+        'graphql/api',
     ];
 
     /**
@@ -81,15 +87,16 @@ public function getPostedValues(): array
     /**
      * Returns whether the controller action is excluded from validation.
      *
+     * @param Action $action
      * @return bool
      */
-    public function isExcludedControllerAction(): bool
+    public function isExcludedControllerAction(Action $action): bool
     {
         if (!Craft::$app->getRequest()->getIsActionRequest()) {
             return false;
         }
 
-        $controllerAction = implode('/', Craft::$app->getRequest()->getActionSegments());
+        $controllerAction = $action->getUniqueId();
 
         // Fire a before event
         $event = new ValidateFieldEvent(['excludeControllerActions' => self::EXCLUDE_CONTROLLER_ACTIONS]);