Make sure to validate recapta when doing a facet search. (#4858)

tulibraries · Jan 13, 2025 · efffefa · efffefa
1 parent 840a92e
commit efffefa
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/app/controllers/primo_central_controller.rb b/app/controllers/primo_central_controller.rb
@@ -21,9 +21,9 @@ def recaptcha
     return if request.referer.present? && URI.parse(request.referer).host == request.host
 
     # skip if nothing to query.
-    return if params["q"].blank?
+    return if params["q"].blank? && params["f"].blank?
 
-    if !verify_recaptcha(action: @recaptcha_action)
+    if !verify_recaptcha(action: @recaptcha_action, minimum_score: 0.9)
       raise Recaptcha::VerifyError.new("recaptcha verification failed for #{@recaptcha_action}")
     end
   end

diff --git a/spec/controllers/primo_central_controller_spec.rb b/spec/controllers/primo_central_controller_spec.rb
@@ -52,11 +52,20 @@
     end
   end
 
-  describe "recaptcha" do
-    context "with recaptche enabled" do
+  describe "recaptcha enabled" do
+    before do
+      stub_const("ENV", ENV.to_h.merge("RECAPTCHA_SITE_KEY" => "foo"))
+      allow(controller).to receive(:verify_recaptcha).and_return(false)
+    end
+
+    context "with regular query" do
+      it "should not allow article searches" do
+        expect { get :index, params: { q: "foo " } }.to raise_error(Recaptcha::VerifyError)
+      end
+    end
+
+    context "with facet query" do
       it "should not allow article searches" do
-        stub_const("ENV", ENV.to_h.merge("RECAPTCHA_SITE_KEY" => "foo"))
-        allow(controller).to receive(:verify_recaptcha).and_return(false)
         expect { get :index, params: { q: "foo " } }.to raise_error(Recaptcha::VerifyError)
       end
     end