Remove redundant SSL config and add timeout option (#604)

Add a 60 second timeout on all request methods
Remove redundant SSL configuration for verifying peers (on by default now)

Author: rowan-m

src/ReCaptcha/RequestMethod/CurlPost.php

@@ -85,6 +85,7 @@ public function submit(RequestParameters $params): string
             CURLOPT_HEADER => false,
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_SSL_VERIFYPEER => true,
+            CURLOPT_TIMEOUT => 60,
         ];
         curl_setopt_array($handle, $options);
 

src/ReCaptcha/RequestMethod/Post.php

@@ -75,8 +75,7 @@ public function submit(RequestParameters $params): string
                 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
                 'method' => 'POST',
                 'content' => $params->toQueryString(),
-                // Force the peer to validate (not needed in 5.6.0+, but still works)
-                'verify_peer' => true,
+                'timeout' => 60,
             ],
         ];
         $context = stream_context_create($options);

src/ReCaptcha/RequestMethod/SocketPost.php

@@ -83,6 +83,10 @@ public function submit(RequestParameters $params): string
             return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
         }
 
+        if (false === stream_set_timeout($handle, 60)) {
+            return '{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}';
+        }
+
         $content = $params->toQueryString();
 
         $request = 'POST '.$urlParsed['path']." HTTP/1.0\r\n";

tests/ReCaptcha/RequestMethod/PostTest.php

@@ -73,14 +73,6 @@ public function testHTTPContextOptions(): void
         $this->assertEquals(1, $this->runcount, 'The assertion was ran');
     }
 
-    public function testSSLContextOptions(): void
-    {
-        $req = new Post();
-        self::$assert = [$this, 'sslContextOptionsCallback'];
-        $req->submit($this->parameters);
-        $this->assertEquals(1, $this->runcount, 'The assertion was ran');
-    }
-
     public function testOverrideVerifyUrl(): void
     {
         $req = new Post('https://over.ride/some/path');
@@ -138,26 +130,9 @@ public function httpContextOptionsCallback(array $args): void
         /** @var string $header */
         $header = $httpOptions['header'];
         $this->assertStringContainsStringIgnoringCase('Content-type: application/x-www-form-urlencoded', $header);
-    }
-
-    /**
-     * @param array<int, mixed> $args
-     */
-    public function sslContextOptionsCallback(array $args): void
-    {
-        ++$this->runcount;
-        $this->assertCommonOptions($args);
-
-        /** @var resource $context */
-        $context = $args[2];
-        $options = stream_context_get_options($context);
-        $this->assertArrayHasKey('http', $options);
-
-        /** @var array<string, mixed> $httpOptions */
-        $httpOptions = $options['http'];
 
-        $this->assertArrayHasKey('verify_peer', $httpOptions);
-        $this->assertTrue($httpOptions['verify_peer']);
+        $this->assertArrayHasKey('timeout', $httpOptions);
+        $this->assertEquals(60, $httpOptions['timeout']);
     }
 
     /**

tests/ReCaptcha/RequestMethod/SocketPostTest.php

@@ -58,6 +58,7 @@ class SocketPostGlobalState
     public static array $fgetsResponses = [];
     public static int $feofCount = 0;
     public static bool $fcloseCalled = false;
+    public static bool $streamSetTimeoutSuccess = true;
 }
 
 /**
@@ -100,6 +101,14 @@ function feof(\stdClass $handle): bool
     return empty(SocketPostGlobalState::$fgetsResponses);
 }
 
+/**
+ * Mock stream_set_timeout in the ReCaptcha\RequestMethod namespace.
+ */
+function stream_set_timeout(\stdClass $handle, int $seconds, int $microseconds = 0): bool
+{
+    return SocketPostGlobalState::$streamSetTimeoutSuccess;
+}
+
 /**
  * Mock fclose in the ReCaptcha\RequestMethod namespace.
  */
@@ -126,6 +135,7 @@ protected function setUp(): void
         SocketPostGlobalState::$fwriteData = '';
         SocketPostGlobalState::$fgetsResponses = [];
         SocketPostGlobalState::$fcloseCalled = false;
+        SocketPostGlobalState::$streamSetTimeoutSuccess = true;
     }
 
     public function testSubmit(): void
@@ -147,6 +157,15 @@ public function testSubmit(): void
         $this->assertTrue(SocketPostGlobalState::$fcloseCalled);
     }
 
+    public function testStreamTimeoutFailureReturnsError(): void
+    {
+        SocketPostGlobalState::$streamSetTimeoutSuccess = false;
+        $sp = new SocketPost();
+        $response = $sp->submit(new RequestParameters('secret', 'response'));
+
+        $this->assertEquals('{"success": false, "error-codes": ["'.ReCaptcha::E_CONNECTION_FAILED.'"]}', $response);
+    }
+
     public function testUrlFailureReturnsError(): void
     {
         $sp = new SocketPost('invalid_url');