Update hCaptcha API error codes.

hCaptcha · Nov 25, 2024 · 1c3bced · 1c3bced
1 parent 3657f20
commit 1c3bced
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 27 deletions.
diff --git a/.tests/php/integration/Mailchimp/FormTest.php b/.tests/php/integration/Mailchimp/FormTest.php
@@ -61,51 +61,63 @@ public function test_add_hcap_error_messages(): void {
 		];
 
 		$hcap_errors = [
-			'missing-input-secret'             => [
+			'missing-input-secret'     => [
 				'type' => 'error',
 				'text' => 'Your secret key is missing.',
 			],
-			'invalid-input-secret'             => [
+			'invalid-input-secret'     => [
 				'type' => 'error',
 				'text' => 'Your secret key is invalid or malformed.',
 			],
-			'missing-input-response'           => [
+			'missing-input-response'   => [
 				'type' => 'error',
 				'text' => 'The response parameter (verification token) is missing.',
 			],
-			'invalid-input-response'           => [
+			'invalid-input-response'   => [
 				'type' => 'error',
 				'text' => 'The response parameter (verification token) is invalid or malformed.',
 			],
-			'bad-request'                      => [
+			'expired-input-response'   => [
+				'type' => 'error',
+				'text' => 'The response parameter (verification token) is expired. (120s default)',
+			],
+			'already-seen-response'    => [
+				'type' => 'error',
+				'text' => 'The response parameter (verification token) was already verified once.',
+			],
+			'bad-request'              => [
 				'type' => 'error',
 				'text' => 'The request is invalid or malformed.',
 			],
-			'invalid-or-already-seen-response' => [
+			'missing-remoteip'         => [
+				'type' => 'error',
+				'text' => 'The remoteip parameter is missing.',
+			],
+			'invalid-remoteip'         => [
 				'type' => 'error',
-				'text' => 'The response parameter has already been checked, or has another issue.',
+				'text' => 'The remoteip parameter is not a valid IP address or blinded value.',
 			],
-			'not-using-dummy-passcode'         => [
+			'not-using-dummy-passcode' => [
 				'type' => 'error',
 				'text' => 'You have used a testing sitekey but have not used its matching secret.',
 			],
-			'sitekey-secret-mismatch'          => [
+			'sitekey-secret-mismatch'  => [
 				'type' => 'error',
 				'text' => 'The sitekey is not registered with the provided secret.',
 			],
-			'empty'                            => [
+			'empty'                    => [
 				'type' => 'error',
 				'text' => 'Please complete the hCaptcha.',
 			],
-			'fail'                             => [
+			'fail'                     => [
 				'type' => 'error',
 				'text' => 'The hCaptcha is invalid.',
 			],
-			'bad-nonce'                        => [
+			'bad-nonce'                => [
 				'type' => 'error',
 				'text' => 'Bad hCaptcha nonce!',
 			],
-			'bad-signature'                    => [
+			'bad-signature'            => [
 				'type' => 'error',
 				'text' => 'Bad hCaptcha signature!',
 			],

diff --git a/readme.txt b/readme.txt
@@ -604,6 +604,7 @@ Instructions for popular native integrations are below:
 * Added Extra theme integration.
 * Added theme argument to the [hcaptcha] shortcode.
 * Added 'theme' badge to themes on the Integrations page.
+* Updated hCaptcha API error codes.
 * Fixed deactivating of all themes by Ctrl+Click on the Integrations page.
 * Fixed theme name display upon activation.
 * Fixed display of the hCaptcha shortcode with individual parameters.

diff --git a/src/php/includes/request.php b/src/php/includes/request.php
@@ -72,19 +72,22 @@ function hcap_get_error_messages(): array {
 		'hcap_error_messages',
 		[
 			// API messages.
-			'missing-input-secret'             => __( 'Your secret key is missing.', 'hcaptcha-for-forms-and-more' ),
-			'invalid-input-secret'             => __( 'Your secret key is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
-			'missing-input-response'           => __( 'The response parameter (verification token) is missing.', 'hcaptcha-for-forms-and-more' ),
-			'invalid-input-response'           => __( 'The response parameter (verification token) is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
-			'bad-request'                      => __( 'The request is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
-			'invalid-or-already-seen-response' => __( 'The response parameter has already been checked, or has another issue.', 'hcaptcha-for-forms-and-more' ),
-			'not-using-dummy-passcode'         => __( 'You have used a testing sitekey but have not used its matching secret.', 'hcaptcha-for-forms-and-more' ),
-			'sitekey-secret-mismatch'          => __( 'The sitekey is not registered with the provided secret.', 'hcaptcha-for-forms-and-more' ),
+			'missing-input-secret'     => __( 'Your secret key is missing.', 'hcaptcha-for-forms-and-more' ),
+			'invalid-input-secret'     => __( 'Your secret key is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
+			'missing-input-response'   => __( 'The response parameter (verification token) is missing.', 'hcaptcha-for-forms-and-more' ),
+			'invalid-input-response'   => __( 'The response parameter (verification token) is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
+			'expired-input-response'   => __( 'The response parameter (verification token) is expired. (120s default)', 'hcaptcha-for-forms-and-more' ),
+			'already-seen-response'    => __( 'The response parameter (verification token) was already verified once.', 'hcaptcha-for-forms-and-more' ),
+			'bad-request'              => __( 'The request is invalid or malformed.', 'hcaptcha-for-forms-and-more' ),
+			'missing-remoteip'         => __( 'The remoteip parameter is missing.', 'hcaptcha-for-forms-and-more' ),
+			'invalid-remoteip'         => __( 'The remoteip parameter is not a valid IP address or blinded value.', 'hcaptcha-for-forms-and-more' ),
+			'not-using-dummy-passcode' => __( 'You have used a testing sitekey but have not used its matching secret.', 'hcaptcha-for-forms-and-more' ),
+			'sitekey-secret-mismatch'  => __( 'The sitekey is not registered with the provided secret.', 'hcaptcha-for-forms-and-more' ),
 			// Plugin messages.
-			'empty'                            => __( 'Please complete the hCaptcha.', 'hcaptcha-for-forms-and-more' ),
-			'fail'                             => __( 'The hCaptcha is invalid.', 'hcaptcha-for-forms-and-more' ),
-			'bad-nonce'                        => __( 'Bad hCaptcha nonce!', 'hcaptcha-for-forms-and-more' ),
-			'bad-signature'                    => __( 'Bad hCaptcha signature!', 'hcaptcha-for-forms-and-more' ),
+			'empty'                    => __( 'Please complete the hCaptcha.', 'hcaptcha-for-forms-and-more' ),
+			'fail'                     => __( 'The hCaptcha is invalid.', 'hcaptcha-for-forms-and-more' ),
+			'bad-nonce'                => __( 'Bad hCaptcha nonce!', 'hcaptcha-for-forms-and-more' ),
+			'bad-signature'            => __( 'Bad hCaptcha signature!', 'hcaptcha-for-forms-and-more' ),
 		]
 	);
 }
@@ -247,8 +250,10 @@ function hcaptcha_request_verify( $hcaptcha_response ): ?string {
 
 		// Verification request is not verified.
 		if ( ! isset( $body['success'] ) || true !== (bool) $body['success'] ) {
-			$result      = isset( $body['error-codes'] ) ? hcap_get_error_message( $body['error-codes'] ) : $fail_message;
-			$error_codes = $body['error-codes'] ?? [ 'fail' ];
+			$error_codes        = $body['error-codes'] ?? [];
+			$hcap_error_message = hcap_get_error_message( $error_codes );
+			$result             = $hcap_error_message ?: $fail_message;
+			$error_codes        = $hcap_error_message ? $error_codes : [ 'fail' ];
 
 			/** This filter is documented above. */
 			return apply_filters( 'hcap_verify_request', $result, $error_codes );