Issue #2974083 by MiroslavBanov, Fabianx, Mixologic: Port to D8: support for...

Issue #2974083 by MiroslavBanov, Fabianx, Mixologic: Port to D8: support for cacheable captcha (recaptcha)

captcha.module

@@ -404,7 +404,9 @@ function _captcha_get_posted_captcha_info(array $element, FormStateInterface $fo
           ->fetchField();
 
         if ($expected_captcha_token !== $posted_captcha_token) {
-          drupal_set_message(t('CAPTCHA session reuse attack detected.'), 'error');
+          if (empty($input['captcha_cacheable'])) {
+            drupal_set_message(t('CAPTCHA session reuse attack detected.'), 'error');
+          }
           // Invalidate the CAPTCHA session.
           $posted_captcha_sid = NULL;
         }

src/Element/Captcha.php

@@ -228,6 +228,19 @@ class Captcha extends FormElement implements ContainerFactoryPluginInterface {
       // Store the solution in the #captcha_info array.
       $element['#captcha_info']['solution'] = $captcha['solution'];
 
+      // Store if this captcha type is cacheable:
+      // A cacheable captcha must not depend on the sid or solution, but be
+      // independent - like for example recaptcha.
+      $element['#captcha_info']['cacheable'] = !empty($captcha['cacheable']);
+
+      if (!empty($element['#captcha_info']['cacheable'])) {
+        // This is only used to avoid the re-use message.
+        $element['captcha_cacheable'] = [
+          '#type' => 'hidden',
+          '#value' => 1,
+        ];
+      }
+
       // Make sure we can use a top level form value
       // $form_state->getValue('captcha_response'),
       // even if the form has #tree=true.