diff --git a/client/coral-admin/src/actions/auth.js b/client/coral-admin/src/actions/auth.js index dd2eaa7dc..89b56d4dc 100644 --- a/client/coral-admin/src/actions/auth.js +++ b/client/coral-admin/src/actions/auth.js @@ -2,9 +2,13 @@ import * as actions from '../constants/auth'; import coralApi from 'coral-framework/helpers/response'; // Log In. -export const handleLogin = (email, password) => dispatch => { +export const handleLogin = (email, password, recaptchaResponse) => dispatch => { dispatch({type: actions.LOGIN_REQUEST}); - return coralApi('/auth/local', {method: 'POST', body: {email, password}}) + const params = {method: 'POST', body: {email, password}}; + if (recaptchaResponse) { + params.headers = {'X-Recaptcha-Response': recaptchaResponse}; + } + return coralApi('/auth/local', params) .then(({user}) => { if (!user) { return dispatch(checkLoginFailure('not logged in')); @@ -14,7 +18,12 @@ export const handleLogin = (email, password) => dispatch => { dispatch(checkLoginSuccess(user, isAdmin)); }) .catch(error => { - dispatch({type: actions.LOGIN_FAILURE, message: error.translation_key}); + + if (error.translation_key === 'LOGIN_MAXIMUM_EXCEEDED') { + dispatch({type: actions.LOGIN_MAXIMUM_EXCEEDED, message: error.translation_key}); + } else { + dispatch({type: actions.LOGIN_FAILURE, message: error.translation_key}); + } }); }; diff --git a/client/coral-admin/src/components/AdminLogin.js b/client/coral-admin/src/components/AdminLogin.js index 7c7d4b00f..11e840eb7 100644 --- a/client/coral-admin/src/components/AdminLogin.js +++ b/client/coral-admin/src/components/AdminLogin.js @@ -4,6 +4,7 @@ import styles from './NotFound.css'; import {Button, TextField, Alert, Success} from 'coral-ui'; import I18n from 'coral-framework/modules/i18n/i18n'; import translations from '../translations'; +import Recaptcha from 'react-recaptcha'; const lang = new I18n(translations); class AdminLogin extends React.Component { @@ -18,13 +19,22 @@ class AdminLogin extends React.Component { this.props.handleLogin(this.state.email, this.state.password); } + onRecaptchaLoad = () => { + + // do something? + } + + onRecaptchaVerify = (recaptchaResponse) => { + this.props.handleLogin(this.state.email, this.state.password, recaptchaResponse); + } + handleRequestPassword = e => { e.preventDefault(); this.props.requestPasswordReset(this.state.email); } render () { - const {errorMessage} = this.props; + const {errorMessage, loginMaxExceeded} = this.props; const signInForm = (
{errorMessage && {lang.t(`errors.${errorMessage}`)}} @@ -49,6 +59,15 @@ class AdminLogin extends React.Component { this.setState({requestPassword: true}); }}>Request a new one.

+ { + loginMaxExceeded && + + } ); const requestPasswordForm = ( @@ -84,6 +103,7 @@ class AdminLogin extends React.Component { } AdminLogin.propTypes = { + loginMaxExceeded: PropTypes.bool.isRequired, handleLogin: PropTypes.func.isRequired, passwordRequestSuccess: PropTypes.string, loginError: PropTypes.string diff --git a/client/coral-admin/src/constants/auth.js b/client/coral-admin/src/constants/auth.js index 3c47bfc45..93cd61544 100644 --- a/client/coral-admin/src/constants/auth.js +++ b/client/coral-admin/src/constants/auth.js @@ -11,6 +11,7 @@ export const LOGOUT_FAILURE = 'LOGOUT_FAILURE'; export const LOGIN_REQUEST = 'LOGIN_REQUEST'; export const LOGIN_SUCCESS = 'LOGIN_SUCCESS'; export const LOGIN_FAILURE = 'LOGIN_FAILURE'; +export const LOGIN_MAXIMUM_EXCEEDED = 'LOGIN_MAXIMUM_EXCEEDED'; export const FETCH_FORGOT_PASSWORD_REQUEST = 'FETCH_FORGOT_PASSWORD_REQUEST'; export const FETCH_FORGOT_PASSWORD_SUCCESS = 'FETCH_FORGOT_PASSWORD_SUCCESS'; diff --git a/client/coral-admin/src/containers/LayoutContainer.js b/client/coral-admin/src/containers/LayoutContainer.js index d122cd23a..d2493a548 100644 --- a/client/coral-admin/src/containers/LayoutContainer.js +++ b/client/coral-admin/src/containers/LayoutContainer.js @@ -16,12 +16,14 @@ class LayoutContainer extends Component { loggedIn, loadingUser, loginError, + loginMaxExceeded, passwordRequestSuccess } = this.props.auth; const {handleLogout} = this.props; if (loadingUser) { return ; } if (!isAdmin) { return ({ const mapDispatchToProps = dispatch => ({ checkLogin: () => dispatch(checkLogin()), - handleLogin: (username, password) => dispatch(handleLogin(username, password)), + handleLogin: (username, password, recaptchaResponse) => dispatch(handleLogin(username, password, recaptchaResponse)), requestPasswordReset: email => dispatch(requestPasswordReset(email)), handleLogout: () => dispatch(logout()) }); diff --git a/client/coral-admin/src/reducers/auth.js b/client/coral-admin/src/reducers/auth.js index b52efdb85..a7054ddfa 100644 --- a/client/coral-admin/src/reducers/auth.js +++ b/client/coral-admin/src/reducers/auth.js @@ -6,6 +6,7 @@ const initialState = Map({ user: null, isAdmin: false, loginError: null, + loginMaxExceeded: false, passwordRequestSuccess: null }); @@ -29,12 +30,18 @@ export default function auth (state = initialState, action) { return initialState; case actions.LOGIN_REQUEST: return state.set('loginError', null); + case actions.LOGIN_SUCCESS: + return state.set('loginMaxExceeded', false).set('loginError', null); case actions.LOGIN_FAILURE: return state.set('loginError', action.message); case actions.FETCH_FORGOT_PASSWORD_REQUEST: return state.set('passwordRequestSuccess', null); case actions.FETCH_FORGOT_PASSWORD_SUCCESS: return state.set('passwordRequestSuccess', 'If you have a registered account, a password reset link was sent to that email.'); + case actions.LOGIN_MAXIMUM_EXCEEDED: + return state + .set('loginMaxExceeded', true) + .set('loginError', action.message); default : return state; } diff --git a/client/coral-admin/src/translations.json b/client/coral-admin/src/translations.json index 91fa60d43..13538e224 100644 --- a/client/coral-admin/src/translations.json +++ b/client/coral-admin/src/translations.json @@ -1,7 +1,8 @@ { "en": { "errors": { - "NOT_AUTHORIZED": "Your username or password is not recognized by our system." + "NOT_AUTHORIZED": "Your username or password is not recognized by our system.", + "LOGIN_MAXIMUM_EXCEEDED": "You have made too many unsuccessful password attempts. Please wait." }, "community": { "username_and_email": "Username and Email", @@ -145,7 +146,8 @@ }, "es": { "errors": { - "NOT_AUTHORIZED": "Acción no autorizada." + "NOT_AUTHORIZED": "Acción no autorizada.", + "LOGIN_MAXIMUM_EXCEEDED": "Ha realizado demasiados intentos fallidos de contraseña. Por favor espera." }, "community": { "username_and_email": "Usuario y E-mail", diff --git a/errors.js b/errors.js index 6d9abbcfd..6cd8d8da0 100644 --- a/errors.js +++ b/errors.js @@ -148,6 +148,11 @@ const ErrPermissionUpdateUsername = new APIError('You do not have permission to status: 500 }); +const ErrLoginAttemptMaximumExceeded = new APIError('You have made too many incorrect password attempts.', { + translation_key: 'LOGIN_MAXIMUM_EXCEEDED', + status: 429 +}); + module.exports = { ExtendableError, APIError, @@ -168,5 +173,6 @@ module.exports = { ErrNotAuthorized, ErrPermissionUpdateUsername, ErrSettingsInit, - ErrInstallLock + ErrInstallLock, + ErrLoginAttemptMaximumExceeded }; diff --git a/models/user.js b/models/user.js index 2b65bd300..e23acaa56 100644 --- a/models/user.js +++ b/models/user.js @@ -1,4 +1,5 @@ const mongoose = require('../services/mongoose'); +const bcrypt = require('bcrypt'); const uuid = require('uuid'); // USER_ROLES is the array of roles that is permissible as a user role. @@ -146,6 +147,25 @@ UserSchema.method('hasRoles', function(...roles) { }); }); +/** + * This verifies that a password is valid. + */ +UserSchema.method('verifyPassword', function(password) { + return new Promise((resolve, reject) => { + bcrypt.compare(password, this.password, (err, res) => { + if (err) { + return reject(err); + } + + if (!res) { + return resolve(false); + } + + return resolve(true); + }); + }); +}); + /** * All the graph operations that are available for a user. * @type {Array} diff --git a/package.json b/package.json index 72b2e9b19..36899a04b 100644 --- a/package.json +++ b/package.json @@ -62,6 +62,7 @@ "env-rewrite": "^1.0.2", "express": "^4.14.0", "express-session": "^1.14.2", + "form-data": "^2.1.2", "graphql": "^0.8.2", "graphql-errors": "^2.1.0", "graphql-server-express": "^0.5.0", @@ -77,12 +78,14 @@ "mongoose": "^4.6.5", "morgan": "^1.7.0", "natural": "^0.4.0", + "node-fetch": "^1.6.3", "nodemailer": "^2.6.4", "parse-duration": "^0.1.1", "passport": "^0.3.2", "passport-facebook": "^2.1.1", "passport-local": "^1.0.0", "react-apollo": "^0.10.0", + "react-recaptcha": "^2.2.6", "redis": "^2.6.5", "uuid": "^2.0.3" }, @@ -137,7 +140,6 @@ "mocha": "^3.1.2", "mocha-junit-reporter": "^1.12.1", "nightwatch": "^0.9.11", - "node-fetch": "^1.6.3", "nodemon": "^1.11.0", "postcss-loader": "^1.1.0", "postcss-modules": "^0.5.2", diff --git a/services/passport.js b/services/passport.js index 229541521..4ec80bb60 100644 --- a/services/passport.js +++ b/services/passport.js @@ -1,9 +1,12 @@ const passport = require('passport'); const UsersService = require('./users'); const SettingsService = require('./settings'); +const fetch = require('node-fetch'); +const FormData = require('form-data'); const LocalStrategy = require('passport-local').Strategy; const FacebookStrategy = require('passport-facebook').Strategy; const errors = require('../errors'); +const debug = require('debug')('talk:passport'); //============================================================================== // SESSION SERIALIZATION @@ -74,27 +77,233 @@ function ValidateUserLogin(loginProfile, user, done) { // STRATEGIES //============================================================================== +/** + * This looks at the request headers to see if there is a recaptcha response on + * the input request. + */ +const CheckIfRecaptcha = (req) => { + let response = req.get('X-Recaptcha-Response'); + + if (response && response.length > 0) { + return true; + } + + return false; +}; + +/** + * This checks the user to see if the current email profile needs to get checked + * for recaptcha compliance before being allowed to login. + */ +const CheckIfNeedsRecaptcha = (user, email) => { + + // Get the profile representing the local account. + let profile = user.profiles.find((profile) => profile.id === email); + + // This should never get to this point, if it does, don't let this past. + if (!profile) { + throw new Error('ID indicated by loginProfile is not on user object'); + } + + if (profile.metadata && profile.metadata.recaptcha_required) { + return true; + } + + return false; +}; + +/** + * This stores the Recaptcha secret. + */ +const RECAPTCHA_SECRET = process.env.TALK_RECAPTCHA_SECRET; + +/** + * This is true when the recaptcha secret is provided and the Recaptcha feature + * is to be enabled. + */ +const RECAPTCHA_ENABLED = RECAPTCHA_SECRET && RECAPTCHA_SECRET.length > 0; +if (!RECAPTCHA_ENABLED) { + console.log('Recaptcha is not enabled for login/signup abuse prevention, set TALK_RECAPTCHA_SECRET to enable Recaptcha.'); +} + +/** + * This sends the request details down Google to check to see if the response is + * genuine or not. + * @return {Promise} resolves with the success status of the recaptcha + */ +const CheckRecaptcha = async (req) => { + + // Ask Google to verify the recaptcha response: https://developers.google.com/recaptcha/docs/verify + const form = new FormData(); + + form.append('secret', RECAPTCHA_SECRET); + form.append('response', req.get('X-Recaptcha-Response')); + form.append('remoteip', req.ip); + + // Perform the request. + let res = await fetch('https://www.google.com/recaptcha/api/siteverify', { + method: 'POST', + body: form, + headers: form.getHeaders() + }); + + // Parse the JSON response. + let json = await res.json(); + + return json.success; +}; + +/** + * This records a login attempt failure as well as optionally flags an account + * for requiring a recaptcha in the future outside the temporary window. + * @return {Promise} resolves with nothing if rate limit not exeeded, errors if + * there is a rate limit error + */ +const HandleFailedAttempt = async (email, userNeedsRecaptcha) => { + try { + await UsersService.recordLoginAttempt(email); + } catch (err) { + if (err === errors.ErrLoginAttemptMaximumExceeded && !userNeedsRecaptcha && RECAPTCHA_ENABLED) { + + debug(`flagging user email=${email}`); + await UsersService.flagForRecaptchaRequirement(email, true); + } + + throw err; + } +}; + passport.use(new LocalStrategy({ usernameField: 'email', - passwordField: 'password' -}, (email, password, done) => { - UsersService - .findLocalUser(email, password) - .then((user) => { - if (!user) { - return done(null, false, {message: 'Incorrect email/password combination'}); + passwordField: 'password', + passReqToCallback: true +}, async (req, email, password, done) => { + + // We need to check if this request has a recaptcha on it at all, if it does, + // we must verify it first. If verification fails, we fail the request early. + // We can only do this obviously when recaptcha is enabled. + let hasRecaptcha = CheckIfRecaptcha(req); + let recaptchaPassed = false; + if (RECAPTCHA_ENABLED && hasRecaptcha) { + + try { + + // Check to see if this recaptcha passed. + recaptchaPassed = await CheckRecaptcha(req); + } catch (err) { + return done(err); + } + + if (!recaptchaPassed) { + try { + await HandleFailedAttempt(email); + } catch (err) { + return done(err); } - // Define the loginProfile being used to perform an additional - // verificaiton. - let loginProfile = {id: email, provider: 'local'}; + return done(null, false, {message: 'Incorrect recaptcha'}); + } + } - // Validate the user login. - return ValidateUserLogin(loginProfile, user, done); - }) - .catch((err) => { - done(err); - }); + debug(`hasRecaptcha=${hasRecaptcha}, recaptchaPassed=${recaptchaPassed}`); + + // If the request didn't have a recaptcha, check to see if we did need one by + // checking the rate limit against failed attempts on this email + // address/login. + if (!hasRecaptcha) { + try { + await UsersService.checkLoginAttempts(email); + } catch (err) { + if (err === errors.ErrLoginAttemptMaximumExceeded) { + + // This says, we didn't have a recaptcha, yet we needed one.. Reject + // here. + + try { + await HandleFailedAttempt(email); + } catch (err) { + return done(err); + } + + return done(null, false, {message: 'Incorrect recaptcha'}); + } + + // Some other unexpected error occured. + return done(err); + } + } + + // Let's find the user for which this login is connected to. + let user; + try { + user = await UsersService.findLocalUser(email); + } catch (err) { + return done(err); + } + + debug(`user=${user != null}`); + + // If the user doesn't exist, then mark this as a failed attempt at logging in + // this non-existant user and continue. + if (!user) { + try { + await HandleFailedAttempt(email); + } catch (err) { + return done(err); + } + + return done(null, false, {message: 'Incorrect email/password combination'}); + } + + // Let's check if the user indeed needed recaptcha in order to authenticate. + // We can only do this obviously when recaptcha is enabled. + let userNeedsRecaptcha = false; + if (RECAPTCHA_ENABLED && user) { + userNeedsRecaptcha = CheckIfNeedsRecaptcha(user, email); + } + + debug(`userNeedsRecaptcha=${userNeedsRecaptcha}`); + + // Let's check now if their password is correct. + let userPasswordCorrect; + try { + userPasswordCorrect = await user.verifyPassword(password); + } catch (err) { + return done(err); + } + + debug(`userPasswordCorrect=${userPasswordCorrect}`); + + // If their password wasn't correct, mark their attempt as failed and + // continue. + if (!userPasswordCorrect) { + try { + await HandleFailedAttempt(email, userNeedsRecaptcha); + } catch (err) { + return done(err); + } + + return done(null, false, {message: 'Incorrect email/password combination'}); + } + + // If the user needed a recaptcha, yet we have gotten this far, this indicates + // that the password was correct, so let's unflag their account for logins. We + // can only do this obviously when recaptcha is enabled. The account wouldn't + // have been flagged otherwise. + if (RECAPTCHA_ENABLED && userNeedsRecaptcha) { + try { + await UsersService.flagForRecaptchaRequirement(email, false); + } catch (err) { + return done(err); + } + } + + // Define the loginProfile being used to perform an additional + // verificaiton. + let loginProfile = {id: email, provider: 'local'}; + + // Perform final steps to login the user. + return ValidateUserLogin(loginProfile, user, done); })); if (process.env.TALK_FACEBOOK_APP_ID && process.env.TALK_FACEBOOK_APP_SECRET && process.env.TALK_ROOT_URL) { @@ -102,17 +311,18 @@ if (process.env.TALK_FACEBOOK_APP_ID && process.env.TALK_FACEBOOK_APP_SECRET && clientID: process.env.TALK_FACEBOOK_APP_ID, clientSecret: process.env.TALK_FACEBOOK_APP_SECRET, callbackURL: `${process.env.TALK_ROOT_URL}/api/v1/auth/facebook/callback`, - + passReqToCallback: true, profileFields: ['id', 'displayName', 'picture.type(large)'] - }, (accessToken, refreshToken, profile, done) => { - UsersService - .findOrCreateExternalUser(profile) - .then((user) => { - return ValidateUserLogin(profile, user, done); - }) - .catch((err) => { - done(err); - }); + }, async (req, accessToken, refreshToken, profile, done) => { + + let user; + try { + user = await UsersService.findOrCreateExternalUser(profile); + } catch (err) { + return done(err); + } + + return ValidateUserLogin(profile, user, done); })); } else { console.error('Facebook cannot be enabled, missing one of TALK_FACEBOOK_APP_ID, TALK_FACEBOOK_APP_SECRET, TALK_ROOT_URL'); diff --git a/services/users.js b/services/users.js index b58776a75..1810cf2a5 100644 --- a/services/users.js +++ b/services/users.js @@ -3,11 +3,16 @@ const jwt = require('jsonwebtoken'); const Wordlist = require('./wordlist'); const errors = require('../errors'); const uuid = require('uuid'); +const redis = require('./redis'); +const redisClient = redis.createClient(); const UserModel = require('../models/user'); const USER_STATUS = require('../models/user').USER_STATUS; const USER_ROLES = require('../models/user').USER_ROLES; +const RECAPTCHA_WINDOW_SECONDS = 60 * 10; // 10 minutes. +const RECAPTCHA_INCORRECT_TRIGGER = 5; // after 3 incorrect attempts, recaptcha will be required. + const ActionsService = require('./actions'); // In the event that the TALK_SESSION_SECRET is missing but we are testing, then @@ -30,13 +35,9 @@ const SALT_ROUNDS = 10; module.exports = class UsersService { /** - * Finds a user given their email address that we have for them in the system - * and ensures that the retuned user matches the password passed in as well. - * @param {string} email - email to look up the user by - * @param {string} password - password to match against the found user - * @param {Function} done [description] + * Returns a user (if found) for the given email address. */ - static findLocalUser(email, password) { + static findLocalUser(email) { if (!email || typeof email !== 'string') { return Promise.reject('email is required for findLocalUser'); } @@ -48,32 +49,99 @@ module.exports = class UsersService { provider: 'local' } } - }) - .then((user) => { - if (!user) { - return false; - } + }); + } - return new Promise((resolve, reject) => { - bcrypt.compare(password, user.password, (err, res) => { + /** + * This records an unsucesfull login attempt for the given email address. If + * the maximum has been reached, the promise will be rejected with: + * + * errors.ErrLoginAttemptMaximumExceeded + * + * Indicating that the account should be flagged as "login recaptcha required" + * where future login attempts must be made with the recaptcha flag. + */ + static recordLoginAttempt(email) { + const rdskey = `la[${email.toLowerCase().trim()}]`; + + return new Promise((resolve, reject) => { + redisClient + .multi() + .incr(rdskey) + .expire(rdskey, RECAPTCHA_WINDOW_SECONDS) + .exec((err, replies) => { if (err) { return reject(err); } - if (!res) { - return resolve(false); + // if this is new or has no expiry + if (replies[0] === 1 || replies[1] === -1) { + + // then expire it after the timeout + redisClient.expire(rdskey, RECAPTCHA_WINDOW_SECONDS); } - return resolve(user); + if (replies[0] >= RECAPTCHA_INCORRECT_TRIGGER) { + return reject(errors.ErrLoginAttemptMaximumExceeded); + } + + resolve(); }); - }); + }); + } + + /** + * This checks to see if the current login attempts against a user exeeds the + * maximum value allowed, if so, it rejects with: + * + * errors.ErrLoginAttemptMaximumExceeded + */ + static checkLoginAttempts(email) { + const rdskey = `la[${email.toLowerCase().trim()}]`; + + return new Promise((resolve, reject) => { + redisClient + .get(rdskey, (err, reply) => { + if (err) { + return reject(err); + } + + if (!reply) { + return resolve(); + } + + if (reply >= RECAPTCHA_INCORRECT_TRIGGER) { + return reject(errors.ErrLoginAttemptMaximumExceeded); + } + + resolve(); + }); + }); + } + + /** + * Sets or unsets the recaptcha_required flag on a user's local profile. + */ + static flagForRecaptchaRequirement(email, required) { + return UserModel.update({ + profiles: { + $elemMatch: { + id: email.toLowerCase(), + provider: 'local' + } + } + }, { + $set: { + 'profiles.$.metadata.recaptcha_required': required + } }); } /** * Merges two users together by taking all the profiles on a given user and * pushing them into the source user followed by deleting the destination user's - * user account. This will not merge the roles associated with the source user. + * user account. This will + * not merge the roles associated with the source user. * @param {String} dstUserID id of the user to which is the target of the merge * @param {String} srcUserID id of the user to which is the source of the merge * @return {Promise} resolves when the users are merged diff --git a/test/services/users.js b/test/services/users.js index 51ba01403..94aa92432 100644 --- a/test/services/users.js +++ b/test/services/users.js @@ -64,22 +64,14 @@ describe('services.UsersService', () => { describe('#findLocalUser', () => { - it('should find a user when we give the right credentials', () => { + it('should find a user', () => { return UsersService - .findLocalUser(mockUsers[0].profiles[0].id, '1Coral!-') + .findLocalUser(mockUsers[0].profiles[0].id) .then((user) => { expect(user).to.have.property('username', mockUsers[0].username); }); }); - it('should not find the user when we give the wrong credentials', () => { - return UsersService - .findLocalUser(mockUsers[0].profiles[0].id, '1Coral!-') - .then((user) => { - expect(user).to.equal(false); - }); - }); - }); describe('#createLocalUser', () => { diff --git a/views/admin.ejs b/views/admin.ejs index dafd5e3cc..d4d635dcc 100644 --- a/views/admin.ejs +++ b/views/admin.ejs @@ -85,6 +85,7 @@
+ diff --git a/webpack.config.js b/webpack.config.js index 432bb6155..e7652a67d 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -118,6 +118,9 @@ module.exports = { 'process.env': { 'VERSION': `"${require('./package.json').version}"` } + }), + new webpack.EnvironmentPlugin({ + TALK_RECAPTCHA_PUBLIC: JSON.stringify(process.env.TALK_RECAPTCHA_PUBLIC) }) ], resolve: { diff --git a/yarn.lock b/yarn.lock index 32f0a4c2f..b5f96464e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2979,7 +2979,7 @@ form-data@^0.2.0: combined-stream "~0.0.4" mime-types "~2.0.3" -form-data@~2.1.1: +form-data@^2.1.2, form-data@~2.1.1: version "2.1.2" resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.1.2.tgz#89c3534008b97eada4cbb157d58f6f5df025eae4" dependencies: @@ -6452,6 +6452,10 @@ react-onclickoutside@^5.7.1: version "5.8.4" resolved "https://registry.yarnpkg.com/react-onclickoutside/-/react-onclickoutside-5.8.4.tgz#a2c673a8d1b104a550e565574b95419feb12cc3f" +react-recaptcha@^2.2.6: + version "2.2.6" + resolved "https://registry.yarnpkg.com/react-recaptcha/-/react-recaptcha-2.2.6.tgz#bb44c1948a39b37d5a41920c73db833e5d8524f9" + react-redux@^4.4.5: version "4.4.6" resolved "https://registry.yarnpkg.com/react-redux/-/react-redux-4.4.6.tgz#4b9d32985307a11096a2dd61561980044fcc6209"