diff --git a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/Utils/RecoveryUtil.java b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/Utils/RecoveryUtil.java index 9aef837e70..e2db0c6caa 100644 --- a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/Utils/RecoveryUtil.java +++ b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/Utils/RecoveryUtil.java @@ -403,7 +403,10 @@ private static Properties validateCaptchaConfigs(Properties properties) { * @param reCaptchaResponse ReCaptcha response token * @param properties ReCaptcha properties * @return httpResponse + * + * @deprecated Please create a new method with apache httpclient 5.x version */ + @Deprecated public static HttpResponse makeCaptchaVerificationHttpRequest(ReCaptchaResponseTokenDTO reCaptchaResponse, Properties properties) { diff --git a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java index fd96ce7afa..e055e1f18e 100644 --- a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java +++ b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/CaptchaApiServiceImpl.java @@ -18,12 +18,15 @@ package org.wso2.carbon.identity.recovery.endpoint.impl; import com.google.gson.JsonObject; -import com.google.gson.JsonParser; -import org.apache.commons.io.IOUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.wso2.carbon.http.client.ClientUtils; +import org.wso2.carbon.http.client.HttpClientConstants; +import org.wso2.carbon.http.client.exception.HttpClientException; +import org.wso2.carbon.http.client.handler.JsonResponseHandler; +import org.wso2.carbon.http.client.request.HttpPostRequest; import org.wso2.carbon.identity.captcha.util.CaptchaConstants; import org.wso2.carbon.identity.recovery.endpoint.CaptchaApiService; import org.wso2.carbon.identity.recovery.endpoint.Constants; @@ -33,7 +36,8 @@ import org.wso2.carbon.identity.recovery.endpoint.dto.ReCaptchaVerificationResponseDTO; import java.io.IOException; -import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; import java.util.Properties; import javax.ws.rs.core.Response; @@ -85,17 +89,11 @@ public Response verifyCaptcha(ReCaptchaResponseTokenDTO reCaptchaResponse, Strin RecoveryUtil.handleBadRequest("ReCaptcha is disabled", Constants.INVALID); } - HttpResponse response = RecoveryUtil.makeCaptchaVerificationHttpRequest(reCaptchaResponse, properties); - HttpEntity entity = response.getEntity(); + HttpPost httpPost = makeCaptchaVerificationHttpRequest(reCaptchaResponse, properties); ReCaptchaVerificationResponseDTO reCaptchaVerificationResponseDTO = new ReCaptchaVerificationResponseDTO(); - if (entity == null) { - RecoveryUtil.handleBadRequest("ReCaptcha verification response is not received.", - Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT); - } - try (InputStream in = entity.getContent()) { - JsonObject verificationResponse = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject(); - + try (CloseableHttpClient client = ClientUtils.createClient()) { + JsonObject verificationResponse = client.execute(httpPost, new JsonResponseHandler()); if (CaptchaConstants.RE_CAPTCHA_TYPE_ENTERPRISE.equals(reCaptchaType)) { // For Recaptcha Enterprise. JsonObject tokenProperties = verificationResponse.get(CaptchaConstants.CAPTCHA_TOKEN_PROPERTIES) @@ -107,12 +105,30 @@ public Response verifyCaptcha(ReCaptchaResponseTokenDTO reCaptchaResponse, Strin reCaptchaVerificationResponseDTO.setSuccess(verificationResponse.get( CaptchaConstants.CAPTCHA_SUCCESS).getAsBoolean()); } - } catch (IOException e) { + } catch (HttpClientException e) { + if (HttpClientConstants.Error.RESPONSE_ENTITY_EMPTY.getCode().equals(e.getErrorCode())) { + RecoveryUtil.handleBadRequest("ReCaptcha verification response is not received.", + Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT); + } log.error("Unable to read the verification response.", e); RecoveryUtil.handleBadRequest("Unable to read the verification response.", Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT); + } catch (IOException e) { + RecoveryUtil.handleBadRequest(String.format("Unable to get the verification response : %s", e.getMessage()), + Constants.STATUS_INTERNAL_SERVER_ERROR_MESSAGE_DEFAULT); } return Response.ok(reCaptchaVerificationResponseDTO).build(); } + + private HttpPost makeCaptchaVerificationHttpRequest(ReCaptchaResponseTokenDTO reCaptchaResponse, + Properties properties) { + + String reCaptchaSecretKey = properties.getProperty(CaptchaConstants.RE_CAPTCHA_SECRET_KEY); + String reCaptchaVerifyUrl = properties.getProperty(CaptchaConstants.RE_CAPTCHA_VERIFY_URL); + Map params = new HashMap<>(); + params.put("secret", reCaptchaSecretKey); + params.put("response", reCaptchaResponse.getToken()); + return HttpPostRequest.createUrlEncodedRequest(reCaptchaVerifyUrl, params); + } }