bitwarden-browser/src/connectors/captcha.ts

import { b64Decode, getQsParam } from './common';

declare var hcaptcha: any;

if (window.location.pathname.includes('mobile')) {
    // tslint:disable-next-line
    require('./captcha-mobile.scss');
} else {
    // tslint:disable-next-line
    require('./captcha.scss');
}

document.addEventListener('DOMContentLoaded', () => {
    init();
});

(window as any).captchaSuccess = captchaSuccess;
(window as any).captchaError = captchaError;

let parentUrl: string = null;
let parentOrigin: string = null;
let callbackUri: string = null;
let sentSuccess = false;

async function init() {
    await start();
    onMessage();
}

async function start() {
    sentSuccess = false;

    const data = getQsParam('data');
    if (!data) {
        error('No data.');
        return;
    }

    parentUrl = getQsParam('parent');
    if (!parentUrl) {
        error('No parent.');
        return;
    } else {
        parentUrl = decodeURIComponent(parentUrl);
        parentOrigin = new URL(parentUrl).origin;
    }

    let decodedData: any;
    try {
        decodedData = JSON.parse(b64Decode(data));
    }
    catch (e) {
        error('Cannot parse data.');
        return;
    }
    callbackUri = decodedData.callbackUri;

    let src = 'https://hcaptcha.com/1/api.js?render=explicit';

    // Set language code
    if (decodedData.locale) {
        src += `&hl=${decodedData.locale ?? 'en'}`;
    }

    // Set captchaRequired subtitle for mobile
    const subtitleEl = document.getElementById('captchaRequired');
    if (decodedData.captchaRequiredText && subtitleEl) {
        subtitleEl.textContent = decodedData.captchaRequiredText;
    }

    const script = document.createElement('script');
    script.src = src;
    script.async = true;
    script.defer = true;
    script.addEventListener('load', e => {
        hcaptcha.render('captcha', {
            sitekey: decodedData.siteKey,
            callback: 'captchaSuccess',
            'error-callback': 'captchaError',
        });
        watchHeight();
    });
    document.head.appendChild(script);
}

function captchaSuccess(response: string) {
    if (callbackUri) {
        document.location.replace(callbackUri + '?token=' + encodeURIComponent(response));
    } else {
        success(response);
    }
}

function captchaError() {
    error('An error occurred with the captcha. Try again.');
}

function onMessage() {
    window.addEventListener('message', event => {
        if (!event.origin || event.origin === '' || event.origin !== parentOrigin) {
            return;
        }

        if (event.data === 'start') {
            start();
        }
    }, false);
}

function error(message: string) {
    parent.postMessage('error|' + message, parentUrl);
}

function success(data: string) {
    if (sentSuccess) {
        return;
    }
    parent.postMessage('success|' + data, parentUrl);
    sentSuccess = true;
}

function info(message: string | object) {
    parent.postMessage('info|' + JSON.stringify(message), parentUrl);
}

async function watchHeight() {
    const imagesDiv = document.body.lastChild as HTMLElement;
    while (true) {
        info({
            height: imagesDiv.style.visibility === 'hidden' ?
                document.documentElement.offsetHeight :
                document.documentElement.scrollHeight,
            width: document.documentElement.scrollWidth,
        });
        await sleep(100);
    }
}

async function sleep(ms: number) {
    await new Promise(r => setTimeout(r, ms));
}
Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`import { b64Decode, getQsParam } from './common';`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00
			`declare var hcaptcha: any;`

Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`if (window.location.pathname.includes('mobile')) {`
			`// tslint:disable-next-line`
			`require('./captcha-mobile.scss');`
			`} else {`
			`// tslint:disable-next-line`
			`require('./captcha.scss');`
			`}`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00
			`document.addEventListener('DOMContentLoaded', () => {`
			`init();`
			`});`

			`(window as any).captchaSuccess = captchaSuccess;`
			`(window as any).captchaError = captchaError;`

			`let parentUrl: string = null;`
			`let parentOrigin: string = null;`
Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`let callbackUri: string = null;`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`let sentSuccess = false;`

Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`async function init() {`
			`await start();`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`onMessage();`
			`}`

Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`async function start() {`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`sentSuccess = false;`

			`const data = getQsParam('data');`
			`if (!data) {`
			`error('No data.');`
			`return;`
			`}`

			`parentUrl = getQsParam('parent');`
			`if (!parentUrl) {`
			`error('No parent.');`
			`return;`
			`} else {`
			`parentUrl = decodeURIComponent(parentUrl);`
			`parentOrigin = new URL(parentUrl).origin;`
			`}`

Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`let decodedData: any;`
			`try {`
			`decodedData = JSON.parse(b64Decode(data));`
			`}`
			`catch (e) {`
			`error('Cannot parse data.');`
			`return;`
			`}`
			`callbackUri = decodedData.callbackUri;`

			`let src = 'https://hcaptcha.com/1/api.js?render=explicit';`

			`// Set language code`
			`if (decodedData.locale) {`
			src += `&hl=${decodedData.locale ?? 'en'}`;
			`}`

			`// Set captchaRequired subtitle for mobile`
			`const subtitleEl = document.getElementById('captchaRequired');`
			`if (decodedData.captchaRequiredText && subtitleEl) {`
			`subtitleEl.textContent = decodedData.captchaRequiredText;`
			`}`

			`const script = document.createElement('script');`
			`script.src = src;`
			`script.async = true;`
			`script.defer = true;`
			`script.addEventListener('load', e => {`
			`hcaptcha.render('captcha', {`
			`sitekey: decodedData.siteKey,`
			`callback: 'captchaSuccess',`
			`'error-callback': 'captchaError',`
			`});`
			`watchHeight();`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`});`
Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`document.head.appendChild(script);`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`}`

			`function captchaSuccess(response: string) {`
Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`if (callbackUri) {`
			`document.location.replace(callbackUri + '?token=' + encodeURIComponent(response));`
Do not call parent if callback given (#1123) 2021-08-13 00:01:18 +02:00			`} else {`
			`success(response);`
Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`}`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`}`

			`function captchaError() {`
			`error('An error occurred with the captcha. Try again.');`
			`}`

			`function onMessage() {`
			`window.addEventListener('message', event => {`
			`if (!event.origin \|\| event.origin === '' \|\| event.origin !== parentOrigin) {`
			`return;`
			`}`

			`if (event.data === 'start') {`
			`start();`
			`}`
			`}, false);`
			`}`

			`function error(message: string) {`
			`parent.postMessage('error\|' + message, parentUrl);`
			`}`

			`function success(data: string) {`
			`if (sentSuccess) {`
			`return;`
			`}`
			`parent.postMessage('success\|' + data, parentUrl);`
			`sentSuccess = true;`
			`}`

Feature/use hcaptcha if bot (#1089) * Add captcha to login page * pull out shared method * Update parse parameter logic * Load captcha * responsive iframe height * correct i18n * site key provided by server * Fix locale parsing * Add optional success callbackUri * Make captcha connector responsive * Handle parameter versions in webauthn * Move variables to top of script * Add captcha to registration * Move captcha above `<hr>` div to be part of input form * Add styled mobile captcha connector * Linter Fixes * Remove duplicate import * Use listener to load captcha * PR review 2021-07-23 21:30:04 +02:00			`function info(message: string \| object) {`
			`parent.postMessage('info\|' + JSON.stringify(message), parentUrl);`
			`}`

			`async function watchHeight() {`
			`const imagesDiv = document.body.lastChild as HTMLElement;`
			`while (true) {`
			`info({`
			`height: imagesDiv.style.visibility === 'hidden' ?`
			`document.documentElement.offsetHeight :`
			`document.documentElement.scrollHeight,`
			`width: document.documentElement.scrollWidth,`
			`});`
			`await sleep(100);`
			`}`
			`}`

			`async function sleep(ms: number) {`
			`await new Promise(r => setTimeout(r, ms));`
add captcha connector (#1042) * add captcha connector * Update src/connectors/captcha.html Co-authored-by: Addison Beck <abeck@bitwarden.com> * Update src/connectors/captcha.scss Co-authored-by: Addison Beck <abeck@bitwarden.com> Co-authored-by: Addison Beck <abeck@bitwarden.com> 2021-06-22 21:35:33 +02:00			`}`