fix: captcha preview panic when clientId or clientSecret is empty (#824)

* fix: captcha preview panic when clientId or clientSecret is empty

* return original errors from captcha

captcha/hcaptcha.go

@@ -16,9 +16,11 @@ package captcha
 
 import (
 	"encoding/json"
+	"errors"
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 )
 
 const HCaptchaVerifyUrl = "https://hcaptcha.com/siteverify"
@@ -48,7 +50,8 @@ func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool
 	}
 
 	type captchaResponse struct {
-		Success bool `json:"success"`
+		Success    bool     `json:"success"`
+		ErrorCodes []string `json:"error-codes"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
@@ -56,5 +59,9 @@ func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool
 		return false, err
 	}
 
+	if len(captchaResp.ErrorCodes) > 0 {
+		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
+	}
+
 	return captchaResp.Success, nil
 }

captcha/recaptcha.go

@@ -16,9 +16,11 @@ package captcha
 
 import (
 	"encoding/json"
+	"errors"
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 )
 
 const ReCaptchaVerifyUrl = "https://recaptcha.net/recaptcha/api/siteverify"
@@ -48,7 +50,8 @@ func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (boo
 	}
 
 	type captchaResponse struct {
-		Success bool `json:"success"`
+		Success    bool     `json:"success"`
+		ErrorCodes []string `json:"error-codes"`
 	}
 	captchaResp := &captchaResponse{}
 	err = json.Unmarshal(body, captchaResp)
@@ -56,5 +59,9 @@ func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (boo
 		return false, err
 	}
 
+	if len(captchaResp.ErrorCodes) > 0 {
+		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
+	}
+
 	return captchaResp.Success, nil
 }

controllers/service.go

@@ -30,6 +30,7 @@ type EmailForm struct {
 	Content   string   `json:"content"`
 	Sender    string   `json:"sender"`
 	Receivers []string `json:"receivers"`
+	Provider  string   `json:"provider"`
 }
 
 type SmsForm struct {
@@ -48,11 +49,6 @@ type SmsForm struct {
 // @Success 200 {object}  Response object
 // @router /api/send-email [post]
 func (c *ApiController) SendEmail() {
-	provider, _, ok := c.GetProviderFromContext("Email")
-	if !ok {
-		return
-	}
-
 	var emailForm EmailForm
 
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
@@ -61,6 +57,29 @@ func (c *ApiController) SendEmail() {
 		return
 	}
 
+	var provider *object.Provider
+	if emailForm.Provider != "" {
+		// called by frontend's TestEmailWidget, provider name is set by frontend
+		provider = object.GetProvider(fmt.Sprintf("admin/%s", emailForm.Provider))
+	} else {
+		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
+		var ok bool
+		provider, _, ok = c.GetProviderFromContext("Email")
+		if !ok {
+			return
+		}
+	}
+
+	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
+	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
+		err := object.DailSmtpServer(provider)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		c.ResponseOk()
+	}
+
 	if util.IsStrsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
 		c.ResponseError(fmt.Sprintf("Empty parameters for emailForm: %v", emailForm))
 		return

controllers/verification.go

@@ -63,10 +63,10 @@ func (c *ApiController) SendVerificationCode() {
 		}
 		isHuman, err := captchaProvider.VerifyCaptcha(checkKey, checkId)
 		if err != nil {
-			c.ResponseError("Failed to verify captcha: %v", err)
+			c.ResponseError(err.Error())
 			return
 		}
-	
+
 		if !isHuman {
 			c.ResponseError("Turing test failed.")
 			return
@@ -209,7 +209,7 @@ func (c *ApiController) VerifyCaptcha() {
 
 	isValid, err := provider.VerifyCaptcha(captchaToken, clientSecret)
 	if err != nil {
-		c.ResponseError("Failed to verify captcha: %v", err)
+		c.ResponseError(err.Error())
 		return
 	}
 

main.go

@@ -51,6 +51,7 @@ func main() {
 	// https://studygolang.com/articles/2303
 	beego.InsertFilter("*", beego.BeforeRouter, routers.StaticFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AutoSigninFilter)
+	beego.InsertFilter("*", beego.BeforeRouter, routers.CorsFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AuthzFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
 

object/application.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"net/url"
 	"strings"
 
 	"github.com/casdoor/casdoor/util"
@@ -319,3 +320,39 @@ func CheckRedirectUriValid(application *Application, redirectUri string) bool {
 	}
 	return validUri
 }
+
+func IsAllowOrigin(origin string) bool {
+	allowOrigin := false
+	originUrl, err := url.Parse(origin)
+	if err != nil {
+		return false
+	}
+
+	rows, err := adapter.Engine.Cols("redirect_uris").Rows(&Application{})
+	if err != nil {
+		panic(err)
+	}
+
+	application := Application{}
+	for rows.Next() {
+		err := rows.Scan(&application)
+		if err != nil {
+			panic(err)
+		}
+		for _, tmpRedirectUri := range application.RedirectUris {
+			u1, err := url.Parse(tmpRedirectUri)
+			if err != nil {
+				continue
+			}
+			if u1.Scheme == originUrl.Scheme && u1.Host == originUrl.Host {
+				allowOrigin = true
+				break
+			}
+		}
+		if allowOrigin {
+			break
+		}
+	}
+
+	return allowOrigin
+}

object/email.go

@@ -29,3 +29,16 @@ func SendEmail(provider *Provider, title string, content string, dest string, se
 
 	return dialer.DialAndSend(message)
 }
+
+// DailSmtpServer Dail Smtp server
+func DailSmtpServer(provider *Provider) error {
+	dialer := gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
+
+	sender, err := dialer.Dial()
+	if err != nil {
+		return err
+	}
+	defer sender.Close()
+
+	return nil
+}

object/product_test.go

@@ -32,10 +32,10 @@ func TestProduct(t *testing.T) {
 	cert := getCert(product.Owner, "cert-pay-alipay")
 	pProvider := pp.GetPaymentProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, cert.PublicKey, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey)
 
-	paymentId := util.GenerateTimeId()
+	paymentName := util.GenerateTimeId()
 	returnUrl := ""
 	notifyUrl := ""
-	payUrl, err := pProvider.Pay(product.DisplayName, product.Name, provider.Name, paymentId, product.Price, returnUrl, notifyUrl)
+	payUrl, err := pProvider.Pay(provider.Name, product.Name, "alice", paymentName, product.DisplayName, product.Price, returnUrl, notifyUrl)
 	if err != nil {
 		panic(err)
 	}

routers/cors_filter.go

@@ -0,0 +1,31 @@
+package routers
+
+import (
+	"net/http"
+
+	"github.com/astaxie/beego/context"
+	"github.com/casdoor/casdoor/object"
+)
+
+const (
+	headerOrigin       = "Origin"
+	headerAllowOrigin  = "Access-Control-Allow-Origin"
+	headerAllowMethods = "Access-Control-Allow-Methods"
+	headerAllowHeaders = "Access-Control-Allow-Headers"
+)
+
+func CorsFilter(ctx *context.Context) {
+	if ctx.Input.Method() == "OPTIONS" {
+		origin := ctx.Input.Header(headerOrigin)
+
+		if object.IsAllowOrigin(origin) {
+			ctx.Output.Header(headerAllowOrigin, origin)
+			ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS")
+			ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")
+			ctx.ResponseWriter.WriteHeader(http.StatusOK)
+		} else {
+			ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
+		}
+		return
+	}
+}

web/src/ProviderEditPage.js

@@ -19,6 +19,7 @@ import * as ProviderBackend from "./backend/ProviderBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import { authConfig } from "./auth/Auth";
+import * as ProviderEditTestEmail from "./TestEmailWidget";
 import copy from 'copy-to-clipboard';
 import { CaptchaPreview } from "./common/CaptchaPreview";
 
@@ -33,6 +34,7 @@ class ProviderEditPage extends React.Component {
       providerName: props.match.params.providerName,
       provider: null,
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
+      testEmail: this.props.account["email"] !== undefined ? this.props.account["email"] : "",
     };
   }
 
@@ -257,7 +259,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
               {
-                this.state.provider.type !== "WeCom"  ? null : (    
+                this.state.provider.type !== "WeCom"  ? null : (
                   <Row style={{marginTop: '20px'}} >
                     <Col style={{marginTop: '5px'}} span={2}>
                       {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
@@ -514,6 +516,27 @@ class ProviderEditPage extends React.Component {
                   }} />
                 </Col>
               </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Test Email"), i18next.t("provider:Test Email - Tooltip"))} :
+                </Col>
+                <Col span={4} >
+                  <Input value={this.state.testEmail}
+                         placeHolder = {i18next.t("user:Input your email")}
+                         onChange={e => {
+                    this.setState({testEmail: e.target.value})
+                  }} />
+                </Col>
+                <Button style={{marginLeft: '10px', marginBottom: "5px"}} type="primary"
+                        onClick={() => ProviderEditTestEmail.connectSmtpServer(this.state.provider)} >
+                  {i18next.t("provider:Test Connection")}
+                </Button>
+                <Button style={{marginLeft: '10px', marginBottom: "5px"}} type="primary"
+                        disabled={!Setting.isValidEmail(this.state.testEmail)}
+                        onClick={() => ProviderEditTestEmail.sendTestEmail(this.state.provider, this.state.testEmail)} >
+                  {i18next.t("provider:Send Test Email")}
+                </Button>
+              </Row>
             </React.Fragment>
           ) : this.state.provider.category === "SMS" ? (
             <React.Fragment>

web/src/TestEmailWidget.js

@@ -0,0 +1,59 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "./Setting";
+
+export function sendTestEmail(provider, email) {
+  testEmailProvider(provider, email)
+    .then((res) => {
+      if (res.msg === "") {
+        Setting.showMessage("success", `Successfully send email`);
+      } else {
+        Setting.showMessage("error", res.msg);
+      }
+    })
+    .catch(error => {
+      Setting.showMessage("error", `Failed to connect to server: ${error}`);
+    });
+}
+
+export function connectSmtpServer(provider) {
+  testEmailProvider(provider)
+    .then((res) => {
+      if (res.msg === "") {
+        Setting.showMessage("success", `Successfully connecting smtp server`);
+      } else {
+        Setting.showMessage("error", res.msg);
+      }
+    })
+    .catch(error => {
+      Setting.showMessage("error", `Failed to connect to server: ${error}`);
+    });
+}
+
+function testEmailProvider(provider, email = "") {
+  let emailForm = {
+    title: provider.title,
+    content: provider.content,
+    sender: provider.displayName,
+    receivers: email === "" ? ["TestSmtpServer"] : [email],
+    provider: provider.name,
+  }
+
+  return fetch(`${Setting.ServerUrl}/api/send-email`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(emailForm)
+  }).then(res => res.json());
+}

web/src/auth/SignupPage.js

@@ -98,7 +98,10 @@ class SignupPage extends React.Component {
         this.setState({
           application: application,
         });
-        this.getTermsofuseContent(application.termsOfUse);
+
+        if (application !== null && application !== undefined) {
+            this.getTermsofuseContent(application.termsOfUse);
+        }
       });
   }
 

web/src/common/CaptchaPreview.js

@@ -117,7 +117,7 @@ export const CaptchaPreview = ({ provider, providerName, clientSecret, captchaTy
 
   return (
     <React.Fragment>
-      <Button style={{ fontSize: 14 }} type={"primary"} onClick={clickPreview}>
+      <Button style={{ fontSize: 14 }} type={"primary"} onClick={clickPreview} disabled={captchaType !== "Default" && (!clientId || !clientSecret)}>
         {i18next.t("general:Preview")}
       </Button>
       <Modal

web/src/locales/de/data.json

@@ -407,7 +407,7 @@
     "Domain": "Domäne",
     "Domain - Tooltip": "Storage endpoint custom domain",
     "Edit Provider": "Anbieter bearbeiten",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "E-Mail-Titel",
     "Email Title - Tooltip": "Unique string-style identifier",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "SecretAccessKey - Tooltip",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "Schild Name",
     "Sign Name - Tooltip": "Unique string-style identifier",
     "Sign request": "Signaturanfrage",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Nutzungsbedingungen",
     "Terms of Use - Tooltip": "Nutzungsbedingungen - Tooltip",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Typ",

web/src/locales/en/data.json

@@ -407,9 +407,9 @@
     "Domain": "Domain",
     "Domain - Tooltip": "Domain - Tooltip",
     "Edit Provider": "Edit Provider",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Email Content - Tooltip",
-    "Email Title": "Email Title",
+    "Email Title": "Email title",
     "Email Title - Tooltip": "Email Title - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "SecretAccessKey - Tooltip",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "Sign Name",
     "Sign Name - Tooltip": "Sign Name - Tooltip",
     "Sign request": "Sign request",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Template Code - Tooltip",
     "Terms of Use": "Terms of Use",
     "Terms of Use - Tooltip": "Terms of Use - Tooltip",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type",

web/src/locales/fr/data.json

@@ -407,7 +407,7 @@
     "Domain": "Domaine",
     "Domain - Tooltip": "Storage endpoint custom domain",
     "Edit Provider": "Modifier le fournisseur",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "Titre de l'e-mail",
     "Email Title - Tooltip": "Unique string-style identifier",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "SecretAccessKey - Infobulle",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "Nom du panneau",
     "Sign Name - Tooltip": "Unique string-style identifier",
     "Sign request": "Demande de signature",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Conditions d'utilisation",
     "Terms of Use - Tooltip": "Conditions d'utilisation - Info-bulle",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type de texte",

web/src/locales/ja/data.json

@@ -407,7 +407,7 @@
     "Domain": "ドメイン",
     "Domain - Tooltip": "Storage endpoint custom domain",
     "Edit Provider": "プロバイダーを編集",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "メールタイトル",
     "Email Title - Tooltip": "Unique string-style identifier",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "シークレットアクセスキー - ツールチップ",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "署名名",
     "Sign Name - Tooltip": "Unique string-style identifier",
     "Sign request": "サインリクエスト",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "利用規約",
     "Terms of Use - Tooltip": "利用規約 - ツールチップ",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "タイプ",

web/src/locales/ko/data.json

@@ -407,9 +407,9 @@
     "Domain": "Domain",
     "Domain - Tooltip": "Storage endpoint custom domain",
     "Edit Provider": "Edit Provider",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Unique string-style identifier",
-    "Email Title": "Email Title",
+    "Email Title": "Email title",
     "Email Title - Tooltip": "Unique string-style identifier",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "SecretAccessKey - Tooltip",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "Sign Name",
     "Sign Name - Tooltip": "Unique string-style identifier",
     "Sign request": "Sign request",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Terms of Use",
     "Terms of Use - Tooltip": "Terms of Use - Tooltip",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type",

web/src/locales/ru/data.json

@@ -407,7 +407,7 @@
     "Domain": "Домен",
     "Domain - Tooltip": "Storage endpoint custom domain",
     "Edit Provider": "Изменить провайдера",
-    "Email Content": "Email Content",
+    "Email Content": "Email content",
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "Заголовок письма",
     "Email Title - Tooltip": "Unique string-style identifier",
@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "Secret key - Tooltip",
     "SecretAccessKey - Tooltip": "SecretAccessKey - Подсказка",
+    "Send Test Email": "Send Test Email",
     "Sign Name": "Имя подписи",
     "Sign Name - Tooltip": "Unique string-style identifier",
     "Sign request": "Запрос на подпись",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "Unique string-style identifier",
     "Terms of Use": "Условия использования",
     "Terms of Use - Tooltip": "Условия использования - Tooltip",
+    "Test Connection": "Test Smtp Connection",
+    "Test Email": "Test email config",
+    "Test Email - Tooltip": "Email Address",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Тип",

web/src/locales/zh/data.json

@@ -448,6 +448,7 @@
     "Secret key": "Secret key",
     "Secret key - Tooltip": "用于服务端调用验证码提供商API进行验证",
     "SecretAccessKey - Tooltip": "访问密钥-工具提示",
+    "Send Test Email": "发送测试邮件",
     "Sign Name": "签名名称",
     "Sign Name - Tooltip": "签名名称",
     "Sign request": "签名请求",
@@ -466,6 +467,9 @@
     "Template Code - Tooltip": "模板代码",
     "Terms of Use": "使用条款",
     "Terms of Use - Tooltip": "使用条款 - 工具提示",
+    "Test Connection": "测试Smtp连接",
+    "Test Email": "测试Email配置",
+    "Test Email - Tooltip": "邮箱地址",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - 工具提示",
     "Type": "类型",