How is a CAPTCHA checked in the backend authentication scenario?

dmitrii_fediuk · March 4, 2016, 11:42pm

magento/magento2/blob/cf7df72/app/code/Magento/Captcha/etc/events.xml#L9-L11


<event name="controller_action_predispatch_customer_account_loginPost">
    <observer name="captcha" instance="Magento\Captcha\Observer\CheckUserLoginObserver" />
</event>

github.com

magento/magento2/blob/cf7df72/app/code/Magento/Captcha/Observer/CheckUserLoginObserver.php#L162-L182


$loginParams = $controller->getRequest()->getPost('login');
$login = array_key_exists('username', $loginParams) ? $loginParams['username'] : null;
if ($captchaModel->isRequired($login)) {
    $word = $this->captchaStringResolver->resolve($controller->getRequest(), $formId);
    if (!$captchaModel->isCorrect($word)) {
        try {
            $customer = $this->getCustomerRepository()->get($login);
            $this->getAccountManagementHelper()->processCustomerLockoutData($customer->getId());
            $this->getCustomerRepository()->save($customer);
        } catch (NoSuchEntityException $e) {
            //do nothing as customer existance is validated later in authenticate method
        }
        $this->messageManager->addError(__('Incorrect CAPTCHA'));
        $this->_actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
        $this->_session->setUsername($login);
        $beforeUrl = $this->_session->getBeforeAuthUrl();
        $url = $beforeUrl ? $beforeUrl : $this->_customerUrl->getLoginUrl();
        $controller->getResponse()->setRedirect($url);
    }
}
$captchaModel->logAttempt($login);

dmitrii_fediuk · March 5, 2016, 12:04am