From d7a9537eb8b5b43a3c2644f03c87083650cc2b8a Mon Sep 17 00:00:00 2001
From: Ben Croker <ben@putyourlightson.com>
Date: Sat, 26 Jun 2021 19:49:35 +0200
Subject: [PATCH] Excluded GraphQL controller action explicitly

---
 CHANGELOG.md                     |  4 ++++
 composer.json                    |  2 +-
 src/Snaptcha.php                 |  2 +-
 src/services/SnaptchaService.php | 13 ++++++++++---
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6dafc20..169827f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 3.0.7 - Unreleased
+### Changed
+- Excluded GraphQL requests that do not use `application/graphql` as their MIME type from being validated ([#17](https://github.com/putyourlightson/craft-snaptcha/issues/17)).
+
 ## 3.0.6 - 2021-06-03
 ### Fixed
 - Fixed a bug in which a migration was not run when updating from v2 to v3 ([#15](https://github.com/putyourlightson/craft-snaptcha/issues/15)).
diff --git a/composer.json b/composer.json
index b48ad41..28b5f89 100644
--- a/composer.json
+++ b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "putyourlightson/craft-snaptcha",
     "description": "Automatically validates forms and prevents spam bots from submitting to your site.",
-    "version": "3.0.6",
+    "version": "3.0.7",
     "type": "craft-plugin",
     "homepage": "https://putyourlightson.com/plugins/snaptcha",
     "license": "proprietary",
diff --git a/src/Snaptcha.php b/src/Snaptcha.php
index be3869c..da54805 100644
--- a/src/Snaptcha.php
+++ b/src/Snaptcha.php
@@ -85,7 +85,7 @@ public function validateField(ActionEvent $event)
             || $request->getIsPreview()
             || $request->getMethod() !== 'POST'
             || $request->getFullPath() == Craft::$app->getConfig()->getGeneral()->getSetPasswordPath()
-            || $this->snaptcha->isExcludedControllerAction()
+            || $this->snaptcha->isExcludedControllerAction($event->action)
         ) {
             return;
         }
diff --git a/src/services/SnaptchaService.php b/src/services/SnaptchaService.php
index a7b42e5..ce59660 100644
--- a/src/services/SnaptchaService.php
+++ b/src/services/SnaptchaService.php
@@ -13,8 +13,13 @@
 use putyourlightson\snaptcha\models\SnaptchaModel;
 use putyourlightson\snaptcha\records\SnaptchaRecord;
 use putyourlightson\snaptcha\Snaptcha;
+use yii\base\Action;
 use yii\base\Event;
 
+/**
+ *
+ * @property-read array $postedValues
+ */
 class SnaptchaService extends Component
 {
     /**
@@ -37,8 +42,9 @@ class SnaptchaService extends Component
      */
     const EXCLUDE_CONTROLLER_ACTIONS = [
         'commerce/webhooks/process-webhook',
-        'cookie-consent/consent/update',
         'complete-cookie-consent/consent/submit',
+        'cookie-consent/consent/update',
+        'graphql/api',
     ];
 
     /**
@@ -81,15 +87,16 @@ public function getPostedValues(): array
     /**
      * Returns whether the controller action is excluded from validation.
      *
+     * @param Action $action
      * @return bool
      */
-    public function isExcludedControllerAction(): bool
+    public function isExcludedControllerAction(Action $action): bool
     {
         if (!Craft::$app->getRequest()->getIsActionRequest()) {
             return false;
         }
 
-        $controllerAction = implode('/', Craft::$app->getRequest()->getActionSegments());
+        $controllerAction = $action->getUniqueId();
 
         // Fire a before event
         $event = new ValidateFieldEvent(['excludeControllerActions' => self::EXCLUDE_CONTROLLER_ACTIONS]);