Skip to content

feat: Add friendlycaptcha#18

Closed
dhuf wants to merge 1 commit into
masterfrom
feature/add-friendlycaptcha
Closed

feat: Add friendlycaptcha#18
dhuf wants to merge 1 commit into
masterfrom
feature/add-friendlycaptcha

Conversation

@dhuf

@dhuf dhuf commented May 4, 2026

Copy link
Copy Markdown
Member

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds FriendlyCaptcha support to the newsletter registration form by rendering the captcha widget in the frontend and verifying the captcha solution server-side before creating a new frontend user.

Changes:

  • Render FriendlyCaptcha widget and load its scripts on the registration form when configured.
  • Add server-side captcha verification in FrontendUserController::createAction() with a localized flash error message on failure.
  • Introduce TypoScript settings for captcha sitekey/secretkey and add new localization keys for the error message (EN/DE).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
Resources/Private/Templates/FrontendUser/New.html Adds FriendlyCaptcha widget + external script assets, conditional rendering based on settings.
Classes/Controller/FrontendUserController.php Adds captcha verification gate in createAction() and implements verifyCaptcha() HTTP call to FriendlyCaptcha.
Configuration/TypoScript/setup.typoscript Adds settings.captcha.sitekey/secretkey configuration placeholders.
Resources/Private/Language/locallang.xlf Adds English translation for captcha verification error.
Resources/Private/Language/de.locallang.xlf Adds German translation for captcha verification error.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +17 to +40
<f:asset.script identifier="friendly-challenge-widget-module"
src="https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.8/widget.module.min.js"
type="module"
integrity="sha384-qT4bq9FARVVEQZ+u0J/IEGVVCM/d/aU6p2anikjcUPeSd9n5QP8xJ5wxyf3kvrUU"
crossorigin="anonymous"
async="true"
defer="true"
useNonce="true"
/>
<f:asset.script identifier="friendly-challenge-widget"
src="https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.8/widget.min.js"
nomodule="true"
integrity="sha384-tBCxcMwFwX1Y+iL38Da2IZLdhA3HPO3ztLc4sD5ZYK4CgH4mTb0fRPwOw/4GEb12"
crossorigin="anonymous"
async="true"
defer="true"
useNonce="true"
/>
<div class="form-group">
<div class="frc-captcha"
data-puzzle-endpoint="https://eu-api.friendlycaptcha.eu/api/v1/puzzle"
data-sitekey="{settings.captcha.sitekey}">
</div>
</div>
Comment on lines 8 to 10
</p>
<f:render partial="FormErrors" arguments="{object:Panel}" />
<f:render partial="FormErrors" arguments="{object:Panel}" />
<div class="form-group">

public function createAction(FrontendUser $newFrontendUser): ResponseInterface
{
if ($this->settings['captcha']['sitekey'] !== '' && $this->settings['captcha']['secretkey'] !== '') {
Comment thread Classes/Controller/FrontendUserController.php Outdated
Comment on lines +321 to +325
$requestFactory = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Http\RequestFactory::class);
$response = $requestFactory->request(
'https://eu-api.friendlycaptcha.eu/api/v1/siteverify',
'POST',
[
Comment on lines +317 to +337
return false;
}

try {
$requestFactory = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Http\RequestFactory::class);
$response = $requestFactory->request(
'https://eu-api.friendlycaptcha.eu/api/v1/siteverify',
'POST',
[
'headers' => ['Content-Type' => 'application/json; charset=UTF-8'],
'body' => json_encode([
'solution' => $solution,
'secret' => $secretkey,
'sitekey' => $sitekey,
]),
]
);
$data = json_decode((string)$response->getBody(), true);
return ($data['success'] ?? false) === true;
} catch (\Throwable $e) {
return false;
@dhuf dhuf force-pushed the feature/add-friendlycaptcha branch from 08156c2 to 634493b Compare May 4, 2026 13:14
@dhuf dhuf requested a review from Copilot May 4, 2026 13:15

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

<f:form.textfield id="email" class="form-control" property="email" required="required" />
</div>
<div class="form-group">
<f:if condition="{settings.captcha.sitekey} !== '' && {settings.captcha.secretkey} !== ''">
/>
<div class="form-group">
<div class="frc-captcha"
data-puzzle-endpoint="https://eu-api.friendlycaptcha.eu/api/v1/puzzle"
Comment on lines +47 to +58
if ($this->settings['captcha']['sitekey'] !== '' && $this->settings['captcha']['secretkey'] !== '') {
$captchaSiteKey = $this->settings['captcha']['sitekey'] ?? '';
$captchaSecretKey = $this->settings['captcha']['secretkey'] ?? '';
if ($captchaSiteKey !== '' && $captchaSecretKey !== '') {
if ($this->verifyCaptcha() === false) {
$this->addFlashMessage(
LocalizationUtility::translate('error.captcha', 'newsletterregistration'),
'',
ContextualFeedbackSeverity::ERROR
);
return new ForwardResponse('new');
}
Comment on lines +327 to +333
$requestFactory = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Http\RequestFactory::class);
$response = $requestFactory->request(
'https://eu-api.friendlycaptcha.eu/api/v1/siteverify',
'POST',
[
'headers' => ['Content-Type' => 'application/json; charset=UTF-8'],
'body' => json_encode([
settings {
captcha {
sitekey =
secretkey =
@dhuf dhuf force-pushed the feature/add-friendlycaptcha branch from 634493b to 17d40b6 Compare May 4, 2026 14:04
@dhuf dhuf closed this May 4, 2026
@dhuf dhuf deleted the feature/add-friendlycaptcha branch May 4, 2026 14:06
@dhuf dhuf restored the feature/add-friendlycaptcha branch May 4, 2026 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants