Add a local endpoint

@granik and @sachbearbeiter would you like to review the MR once again? LGTM so far, thank you @jurgenhaas! :)

I have just rebased the MR. Hope we can still move this forward, since it is such an important feature in my view.

Thanks @jurgenhaas! Really great! Didn't have the time to review it yet, but if the community gives it an RTBC, I'd be absolutely willing to merge it and have a deeper look asap.

Could someone please also add some information about this feature to the README.md and provide a snippet for the module page?

I think one of the key questions is: "How secure is this?" Is it only good enough for dev / testing or might it be good enough for smaller production sites?

Thanks a lot, really really nice feature!

Thanks @Anybody for your support on this. I've just updated the readme file, which should be sufficient to address the installation and configuration requirements there.

As for the project page I suggest the following changes/additions:

• In dependencies: the second item (Friendly Captcha Account) is optional, which should be mentioned.
• In Installation: maybe adding a third sub-chapter "Configuration" may be useful here as well, with the content from the readme. I guess, most people rather find the information on the project page, not in the readme.
• New chapter "How it works": this should briefly explain how this works and that the process requires a backend (a.k.a. endpoint) which does the verification/validation.
• Sub chapter in "How it works" with the title "Supported endpoints": a short description for each of them and a note, that the local endpoint only supports captchas.

Now, to whether the local endpoint is even secure. From my POV I'd say yes, I even consider that more private than any of the remote endpoints. The validation is using the exact same code, but all meta data remains under your own domain, nothing gets shared with third parties.

Hi guys,
We acctually tested and implamented this patch on couple our sites, and works perfect.
Really good idea, and on our side is functioning as imagined also on prod sites.

TNX :)

Thank you very much for the feedback and RTBC @jovan1348!

@jurgenhaas I was just thinking if it would have make sense to put this into a submodule instead to encapsulate it? What do you think?

@Anybody don't think that's necessary. The new feature is lightweight and doesn't bring any overhead for installations that don't select the new option.

I'd address the comments from @Grevil in the MR later today, so that it could be ready to go from my POV.

Cool :)
I'm fine with your decision!

All comments from @Grevil have been fixed and the threads in the MR closed.

I made some minor adjustments, otherwise, this LGTM!

Instead of using random strings as dummy values for the "friendlycaptcha_site_key" and "friendlycaptcha_api_key", we are now using the string "ENTER VALID XXX KEY HERE". Both form elements are invisible, once the local endpoint is activated. So the "ENTER VALID XXX KEY HERE" strings are only being displayed, once the user switches to a global endpoint again, making sure he doesn't forget to change these.

Another approach would be to have further endpoint checks in the backend, so we could leave these fields empty entirely, but that would take a bit more time.

Final go from @Anybody concerning the final adjustments.

BTW, I didn't finish my original review, that's why I didn't change the status of this issue, it was still on my radar, but I didn't find the time for a proper review.

Let's wait for @jurgenhaas's feedback on the changes to be discussed finally.

Once everyone is happy, we can set this RTBC.

I'm totally fine with the commits from @Grevil, let me do a final field test, if it still works as expected.

All is working as expected, thanks everyone for your help on this.

Thank you all! 🎉
Let's merge this :) 🚀

Great great great work @jurgenhaas!

@Grevil will you tag a new release?

Great stuff!
Yes, I'd say, this calls for a new minor release!

THANKS A LOT!

Automatically closed - issue fixed for 2 weeks with no activity.

Found some follow-up issues:

• 📌 Move controlling API Endpoint element to the top of the form Active
• 🐛 Error: Call to a member function getStatusCode() on string in friendlycaptcha_captcha_validation() using local endpoint Active
• 🐛 FriendlyCaptcha not selectable as default captcha when using the local endpoint Active

Sadly found another (this time "critical") one: 🐛 Undefined array key 2 in Drupal\friendlycaptcha\SiteVerify->verify() when using local endpoint Active