@automattic/newspack-blocks 1.54.0 → 1.55.0

package/includes/class-newspack-blocks.php

@@ -13,7 +13,9 @@ class Newspack_Blocks {
 	/**
 	 * Script handle for the streamlined donate block script.
 	 */
-	const DONATE_STREAMLINED_SCRIPT_HANDLE = 'newspack-blocks-donate-streamlined';
+	const DONATE_STREAMLINED_SCRIPT_HANDLE     = 'newspack-blocks-donate-streamlined';
+	const DONATE_STREAMLINED_CAPTCHA_HANDLE    = 'newspack-blocks-recaptcha';
+	const DONATE_STREAMLINED_CAPTCHA_THRESHOLD = 0.5;
 
 	/**
 	 * Regex pattern we can use to search for and remove custom SQL statements.
@@ -75,7 +77,7 @@ class Newspack_Blocks {
 	 * @param string $handle The script handle.
 	 */
 	public static function mark_view_script_as_amp_plus_allowed( $tag, $handle ) {
-		if ( self::DONATE_STREAMLINED_SCRIPT_HANDLE === $handle ) {
+		if ( self::DONATE_STREAMLINED_SCRIPT_HANDLE === $handle || self::DONATE_STREAMLINED_CAPTCHA_HANDLE === $handle ) {
 			return str_replace( '<script', '<script data-amp-plus-allowed', $tag );
 		}
 		return $tag;

package/newspack-blocks.php

@@ -7,7 +7,7 @@
  * Author URI:      https://newspack.blog/
  * Text Domain:     newspack-blocks
  * Domain Path:     /languages
- * Version:         1.54.0
+ * Version:         1.55.0
  *
  * @package         Newspack_Blocks
  */
@@ -15,7 +15,7 @@
 define( 'NEWSPACK_BLOCKS__PLUGIN_FILE', __FILE__ );
 define( 'NEWSPACK_BLOCKS__BLOCKS_DIRECTORY', 'dist/' );
 define( 'NEWSPACK_BLOCKS__PLUGIN_DIR', plugin_dir_path( NEWSPACK_BLOCKS__PLUGIN_FILE ) );
-define( 'NEWSPACK_BLOCKS__VERSION', '1.54.0' );
+define( 'NEWSPACK_BLOCKS__VERSION', '1.55.0' );
 
 require_once NEWSPACK_BLOCKS__PLUGIN_DIR . 'includes/class-newspack-blocks.php';
 require_once NEWSPACK_BLOCKS__PLUGIN_DIR . 'includes/class-newspack-blocks-api.php';

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@automattic/newspack-blocks",
-	"version": "1.54.0",
+	"version": "1.55.0",
 	"author": "Automattic",
 	"devDependencies": {
 		"@rushstack/eslint-patch": "^1.1.4",

package/src/blocks/donate/class-wp-rest-newspack-donate-controller.php

@@ -41,6 +41,10 @@ class WP_REST_Newspack_Donate_Controller extends WP_REST_Controller {
 					'methods'             => WP_REST_Server::EDITABLE,
 					'callback'            => [ $this, 'api_process_donation' ],
 					'args'                => [
+						'captchaToken'      => [
+							'sanitize_callback' => 'sanitize_text_field',
+							'required'          => false,
+						],
 						'tokenData'         => [
 							'type'       => 'object',
 							'properties' => [
@@ -95,6 +99,65 @@ class WP_REST_Newspack_Donate_Controller extends WP_REST_Controller {
 	 * @return WP_REST_Response
 	 */
 	public function api_process_donation( $request ) {
+		// If reCaptcha is available, verify the user action.
+		$use_captcha = \Newspack\Stripe_Connection::can_use_captcha();
+		if ( $use_captcha ) {
+			$captcha_token = $request->get_param( 'captchaToken' );
+			if ( ! $captcha_token ) {
+				return rest_ensure_response(
+					[
+						'error' => __( 'Missing or invalid captcha token.', 'newspack-blocks' ),
+					]
+				);
+			}
+
+			$stripe_settings = \Newspack\Stripe_Connection::get_stripe_data();
+			$captcha_secret  = $stripe_settings['captchaSiteSecret'];
+			$captcha_verify  = wp_safe_remote_post(
+				add_query_arg(
+					[
+						'secret'   => $captcha_secret,
+						'response' => $captcha_token,
+					],
+					'https://www.google.com/recaptcha/api/siteverify'
+				)
+			);
+
+			// If the reCaptcha verification request fails.
+			if ( is_wp_error( $captcha_verify ) ) {
+				return rest_ensure_response(
+					[
+						'error' => wp_strip_all_tags( $captcha_verify->get_error_message() ),
+					]
+				);
+			}
+
+			$captcha_verify = json_decode( $captcha_verify['body'], true );
+
+			// If the reCaptcha verification request succeeds, but with error.
+			if ( ! boolval( $captcha_verify['success'] ) ) {
+				$error = isset( $captcha_verify['error-codes'] ) ? reset( $captcha_verify['error-codes'] ) : __( 'Error validating captcha.', 'newspack-blocks' );
+				return rest_ensure_response(
+					[
+						// Translators: error message for reCaptcha.
+						'error' => sprintf( __( 'reCaptcha error: %s', 'newspack-blocks' ), $error ),
+					]
+				);
+			}
+
+			// If the reCaptcha verification score is below our threshold for valid user input.
+			if (
+				isset( $captcha_verify['score'] ) &&
+				Newspack_Blocks::DONATE_STREAMLINED_CAPTCHA_THRESHOLD > floatval( $captcha_verify['score'] )
+			) {
+				return rest_ensure_response(
+					[
+						'error' => __( 'User action failed captcha challenge.', 'newspack-blocks' ),
+					]
+				);
+			}
+		}
+
 		$payment_metadata = [
 			'referer' => wp_get_referer(),
 		];

package/src/blocks/donate/streamlined/index.js

@@ -28,6 +28,25 @@ export const processStreamlinedElements = ( parentElement = document ) =>
 		const enableForm = () => el.classList.remove( 'stripe-payment--disabled' );
 		enableForm();
 
+		const getCaptchaToken = async reCaptchaKey => {
+			return new Promise( ( res, rej ) => {
+				const { grecaptcha } = window;
+
+				if ( ! grecaptcha?.ready ) {
+					rej( __( 'Error loading the reCaptcha library.', 'newspack-blocks' ) );
+				}
+
+				grecaptcha.ready( async () => {
+					try {
+						const token = await grecaptcha.execute( reCaptchaKey, { action: 'submit' } );
+						return res( token );
+					} catch ( e ) {
+						rej( e );
+					}
+				} );
+			} );
+		};
+
 		// Universal payment handling, for both card and payment request button flows.
 		// In card flow, this will happen after user submits their card data in the HTML form.
 		// In payment request flow, this will happen after the user validates the payment in
@@ -41,8 +60,24 @@ export const processStreamlinedElements = ( parentElement = document ) =>
 			 */
 			requestPayloadOverrides = {}
 		) => {
+			// Add reCaptcha challenge to form submission, if available.
+			const reCaptchaKey = settings?.captchaSiteKey;
+			let reCaptchaToken;
+			if ( reCaptchaKey ) {
+				try {
+					reCaptchaToken = await getCaptchaToken( reCaptchaKey );
+				} catch ( e ) {
+					const errorMessage =
+						e instanceof Error
+							? e.message
+							: __( 'Error processing captcha request.', 'newspack-blocks' );
+					utils.renderMessages( [ errorMessage ], messagesEl );
+					return { error: true };
+				}
+			}
 			const formValues = utils.getFormValues( formElement );
 			const apiRequestPayload = {
+				captchaToken: reCaptchaToken,
 				tokenData: token,
 				amount: utils.getTotalAmount( formElement ),
 				email: formValues.email,

package/src/blocks/donate/streamlined/style.scss

@@ -109,6 +109,7 @@
 				&.type-success {
 					background-color: rgba( colors.$color__success, 0.075 );
 					border-color: colors.$color__success;
+					margin: 1.12rem;
 				}
 			}
 		}

package/src/blocks/donate/streamlined/utils.js

@@ -29,6 +29,10 @@ export const renderMessages = ( messages, el, type = 'error' ) => {
 		messageEl.innerHTML = message;
 		el.appendChild( messageEl );
 	} );
+
+	if ( 'success' === type ) {
+		el.parentElement.replaceWith( el );
+	}
 };
 
 const getCookies = () =>
@@ -53,6 +57,7 @@ export const getSettings = formElement => {
 		feeMultiplier,
 		feeStatic,
 		stripePublishableKey,
+		captchaSiteKey,
 	] = JSON.parse( formElement.getAttribute( 'data-settings' ) );
 	return {
 		currency: currency.toLowerCase(),
@@ -64,6 +69,7 @@ export const getSettings = formElement => {
 		feeMultiplier: parseFloat( feeMultiplier ),
 		feeStatic: parseFloat( feeStatic ),
 		stripePublishableKey,
+		captchaSiteKey,
 	};
 };
 
@@ -162,7 +168,7 @@ export const sendAPIRequest = async ( endpoint, data, method = 'POST' ) =>
 	} );
 
 export const renderSuccessMessageWithEmail = ( emailAddress, messagesEl ) => {
-	const successMessge = sprintf(
+	const successMessage = sprintf(
 		/* Translators: %s is the email address of the current user. */
 		__(
 			'Your payment has been processed. Thank you for your contribution! You will receive a confirmation email at %s.',
@@ -170,5 +176,5 @@ export const renderSuccessMessageWithEmail = ( emailAddress, messagesEl ) => {
 		),
 		emailAddress
 	);
-	renderMessages( [ successMessge ], messagesEl, 'success' );
+	renderMessages( [ successMessage ], messagesEl, 'success' );
 };

package/src/blocks/donate/view.php

@@ -166,11 +166,29 @@ function newspack_blocks_render_block_donate_footer( $attributes ) {
  */
 function newspack_blocks_enqueue_streamlined_donate_block_scripts() {
 	if ( Newspack_Blocks::is_rendering_streamlined_block() ) {
+		$dependencies = [ 'wp-i18n' ];
+
+		if ( \Newspack\Stripe_Connection::can_use_captcha() ) {
+			$stripe_settings  = \Newspack\Stripe_Connection::get_stripe_data();
+			$captcha_site_key = $stripe_settings['captchaSiteKey'];
+
+			// phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion
+			wp_register_script(
+				Newspack_Blocks::DONATE_STREAMLINED_CAPTCHA_HANDLE,
+				esc_url( 'https://www.google.com/recaptcha/api.js?render=' . $captcha_site_key ),
+				null,
+				null,
+				true
+			);
+
+			$dependencies[] = Newspack_Blocks::DONATE_STREAMLINED_CAPTCHA_HANDLE;
+		}
+
 		$script_data = Newspack_Blocks::script_enqueue_helper( NEWSPACK_BLOCKS__BLOCKS_DIRECTORY . '/donateStreamlined.js' );
 		wp_enqueue_script(
 			Newspack_Blocks::DONATE_STREAMLINED_SCRIPT_HANDLE,
 			$script_data['script_path'],
-			[ 'wp-i18n' ],
+			$dependencies,
 			$script_data['version'],
 			true
 		);
@@ -207,6 +225,8 @@ function newspack_blocks_render_block_donate( $attributes ) {
 		return '';
 	}
 
+	$configuration['defaultFrequency'] = $attributes['defaultFrequency'];
+
 	/* If block has additional CSS class(es)  */
 	if ( isset( $attributes['className'] ) ) {
 		$classname = $attributes['className'];
@@ -297,6 +317,7 @@ function newspack_blocks_render_block_donate( $attributes ) {
 			$stripe_data['fee_multiplier'],
 			$stripe_data['fee_static'],
 			$stripe_data['usedPublishableKey'],
+			\Newspack\Stripe_Connection::can_use_captcha() ? $stripe_data['captchaSiteKey'] : null,
 		];
 	} else {
 		$configuration_for_frontend = [];

package/vendor/autoload.php

@@ -4,4 +4,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInit49fbd6ec7deee2cfafc0623f87888fe4::getLoader();
+return ComposerAutoloaderInit8c97be8c03efff8fe0dfa7e225c9c83a::getLoader();

package/vendor/composer/autoload_real.php

@@ -2,7 +2,7 @@
 
 // autoload_real.php @generated by Composer
 
-class ComposerAutoloaderInit49fbd6ec7deee2cfafc0623f87888fe4
+class ComposerAutoloaderInit8c97be8c03efff8fe0dfa7e225c9c83a
 {
     private static $loader;
 
@@ -22,15 +22,15 @@ class ComposerAutoloaderInit49fbd6ec7deee2cfafc0623f87888fe4
             return self::$loader;
         }
 
-        spl_autoload_register(array('ComposerAutoloaderInit49fbd6ec7deee2cfafc0623f87888fe4', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit8c97be8c03efff8fe0dfa7e225c9c83a', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
-        spl_autoload_unregister(array('ComposerAutoloaderInit49fbd6ec7deee2cfafc0623f87888fe4', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit8c97be8c03efff8fe0dfa7e225c9c83a', 'loadClassLoader'));
 
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
         if ($useStaticLoader) {
             require __DIR__ . '/autoload_static.php';
 
-            call_user_func(\Composer\Autoload\ComposerStaticInit49fbd6ec7deee2cfafc0623f87888fe4::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInit8c97be8c03efff8fe0dfa7e225c9c83a::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';
             foreach ($map as $namespace => $path) {

package/vendor/composer/autoload_static.php

@@ -4,7 +4,7 @@
 
 namespace Composer\Autoload;
 
-class ComposerStaticInit49fbd6ec7deee2cfafc0623f87888fe4
+class ComposerStaticInit8c97be8c03efff8fe0dfa7e225c9c83a
 {
     public static $classMap = array (
         'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
@@ -13,7 +13,7 @@ class ComposerStaticInit49fbd6ec7deee2cfafc0623f87888fe4
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
-            $loader->classMap = ComposerStaticInit49fbd6ec7deee2cfafc0623f87888fe4::$classMap;
+            $loader->classMap = ComposerStaticInit8c97be8c03efff8fe0dfa7e225c9c83a::$classMap;
 
         }, null, ClassLoader::class);
     }

package/vendor/composer/installed.php

@@ -5,7 +5,7 @@
         'type' => 'wordpress-plugin',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
-        'reference' => 'd0c5ef37143589ab35d9926bda95d6de2e196b63',
+        'reference' => '9daa964f1c2b26cdbc348c17f5ba4ce9171dec05',
         'name' => 'automattic/newspack-blocks',
         'dev' => false,
     ),
@@ -16,7 +16,7 @@
             'type' => 'wordpress-plugin',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
-            'reference' => 'd0c5ef37143589ab35d9926bda95d6de2e196b63',
+            'reference' => '9daa964f1c2b26cdbc348c17f5ba4ce9171dec05',
             'dev_requirement' => false,
         ),
     ),