Skip to main content

Django recaptcha form field/widget app.

Project description

Django reCAPTCHA

Django reCAPTCHA form field/widget integration app.

https://travis-ci.org/praekelt/django-recaptcha.svg?branch=develop https://coveralls.io/repos/github/praekelt/django-recaptcha/badge.svg?branch=develop https://badge.fury.io/py/django-recaptcha.svg https://img.shields.io/pypi/pyversions/django-recaptcha.svg https://img.shields.io/pypi/djversions/django-recaptcha.svg
Note:

django-recaptcha supports Google reCAPTCHA V2 - Checkbox (Default), Google reCAPTCHA V2 - Invisible and Google reCAPTCHA V3 please look at the widgets section for more information.

Django reCAPTCHA uses a modified version of the Python reCAPTCHA client which is included in the package as client.py.

Requirements

Tested with:

  • Python: 2.7, 3.5, 3.6, 3.7, 3.8
  • Django: 1.11, 2.0, 2.1, 2.2, 3.0

Note: * Django 2.2 requires SQLite 3.8.3 * Django 2.2 supports Python 3.5, 3.6, and 3.7. * Django 3.0 supports Python 3.6, 3.7 and 3.8. We highly recommend and only officially support the latest release of each series.

Installation

  1. Sign up for reCAPTCHA.

  2. Install with pip install django-recaptcha.

  3. Add 'captcha' to your INSTALLED_APPS setting.

    INSTALLED_APPS = [
        ...,
        'captcha',
        ...
    ]
    
  4. Add the Google reCAPTCHA keys generated in step 1 to your Django production settings with RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY. Note that omitting these settings will default to a set of test keys refer to Local Development and Functional Testing for more information.

    For example:

    RECAPTCHA_PUBLIC_KEY = 'MyRecaptchaKey123'
    RECAPTCHA_PRIVATE_KEY = 'MyRecaptchaPrivateKey456'
    

    These can also be specified per field by passing the public_key or private_key parameters to ReCaptchaField - see field usage below.

  5. (OPTIONAL) If you require a proxy, add a RECAPTCHA_PROXY setting (dictionary of proxies), for example:

    RECAPTCHA_PROXY = {'http': 'http://127.0.0.1:8000', 'https': 'https://127.0.0.1:8000'}
    
  6. (OPTIONAL) In the event www.google.com is not accessible the RECAPTCHA_DOMAIN setting can be changed to www.recaptcha.net as per the reCAPTCHA FAQ:

    RECAPTCHA_DOMAIN = 'www.recaptcha.net'
    

This will change the Google JavaScript api domain as well as the client side field verification domain.

Usage

Fields

The quickest way to add reCAPTCHA to a form is to use the included ReCaptchaField field class. A ReCaptchaV2Checkbox will be rendered by default. For example:

from django import forms
from captcha.fields import ReCaptchaField

class FormWithCaptcha(forms.Form):
    captcha = ReCaptchaField()

To allow for runtime specification of keys you can optionally pass the private_key or public_key parameters to the constructor. For example:

captcha = ReCaptchaField(
    public_key='76wtgdfsjhsydt7r5FFGFhgsdfytd656sad75fgh',
    private_key='98dfg6df7g56df6gdfgdfg65JHJH656565GFGFGs',
)

If specified, these parameters will be used instead of your reCAPTCHA project settings.

Widgets

There are three widgets that can be used with the ReCaptchaField class:

ReCaptchaV2Checkbox for Google reCAPTCHA V2 - Checkbox

ReCaptchaV2Invisible for Google reCAPTCHA V2 - Invisible

ReCaptchaV3 for Google reCAPTCHA V3

To make use of widgets other than the default Google reCAPTCHA V2 - Checkbox widget, simply replace the ReCaptchaField widget. For example:

from django import forms
from captcha.fields import ReCaptchaField
from captcha.widgets import ReCaptchaV2Invisible

class FormWithCaptcha(forms.Form):
    captcha = ReCaptchaField(widget=ReCaptchaV2Invisible)

The reCAPTCHA widget supports several data attributes that customize the behaviour of the widget, such as data-theme, data-size, etc. You can forward these options to the widget by passing an attrs parameter to the widget, containing a dictionary of options. For example:

captcha = fields.ReCaptchaField(
    widget=widgets.ReCaptchaV2Checkbox(
        attrs={
            'data-theme': 'dark',
            'data-size': 'compact',
        }
    )
)
# The ReCaptchaV2Invisible widget
# ignores the "data-size" attribute in favor of 'data-size="invisible"'

The reCAPTCHA api supports several paramaters. To customise the paramaters that get sent along pass an api_params paramater to the widget, containing a dictionary of options. For example:

captcha = fields.ReCaptchaField(
    widget=widgets.ReCaptchaV2Checkbox(
        api_params={'hl': 'cl', 'onload': 'onLoadFunc'}
    )
)
# The dictionary is urlencoded and appended to the reCAPTCHA api url.

By default, the widgets provided only supports a single form with a single widget on each page.

The language can be set with the ‘h1’ parameter, look at language codes for the language code options. Note that translations need to be added to this package for the errors to be shown correctly. Currently the package has error translations for the following language codes: es, fr, nl, pl, pt_BR, ru, zh_CN, zh_TW

However, the JavaScript used by the widgets can easily be overridden in the templates.

The templates are located in:

captcha/includes/js_v2_checkbox.html for overriding the reCAPTCHA V2 - Checkbox template

captcha/includes/js_v2_invisible.html for overriding the reCAPTCHA V2 - Invisible template

captcha/includes/js_v3.html for overriding the reCAPTCHA V3 template

For more information about overriding templates look at Django’s template override

reCAPTCHA v3 Score

As of version 3, reCAPTCHA also returns a score value. This can be used to determine the likelihood of the page interaction being a bot. See the Google documentation for more details.

To set a project wide score limit use the RECAPTCHA_REQUIRED_SCORE setting.

For example:

RECAPTCHA_REQUIRED_SCORE = 0.85

For per field, runtime, specification the attribute can also be passed to the widget:

captcha = fields.ReCaptchaField(
    widget=ReCaptchaV3(
        attrs={
            'required_score':0.85,
            ...
        }
    )
)

In the event the score does not meet the requirements, the field validation will fail as expected and an error message will be logged.

Local Development and Functional Testing

Google provides test keys which are set as the default for RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY. These cannot be used in production since they always validate to true and a warning will be shown on the reCAPTCHA.

To bypass the security check that prevents the test keys from being used unknowingly add SILENCED_SYSTEM_CHECKS = [..., 'captcha.recaptcha_test_key_error', ...] to your settings, here is an example:

SILENCED_SYSTEM_CHECKS = ['captcha.recaptcha_test_key_error']

Credits

Inspired Marco Fucci’s blogpost titled Integrating reCAPTCHA with Django

client.py taken from recaptcha-client licenced MIT/X11 by Mike Crawford.

reCAPTCHA copyright 2012 Google.

Changelog

2.0.6

  1. Added testing for Django 3 (no code changes needed).

2.0.5

  1. Added settings and kwargs that allow for the validation of reCAPTCHA v3 score values.

2.0.4

  1. Fixed travis tests for django 2.2

2.0.3

  1. Added testing for Django 2.2 (no code changes needed).

2.0.2

  1. Moved field based Google dev key check to an app ready registered security check.

2.0.1

  1. Bugfix: Remove extra div in widget_v3 template

2.0.0

  1. ReCAPTCHA v3 support added.
  2. Remove all mention of the V1 reCAPTCHA endpoint.
  3. Refactor client, fields and widgets code.
  4. Added widgets for each type of reCAPTCHA: V2 Checkbox, V2 Invisible, V3
  5. Remove the need for the widget template to be selected based on certain settings values, each widget has its own template.
  6. Introduced a large number of new unit tests, update tests to make use of tox venvs.
  7. Regenerated po and mo files.

1.5.0 (2019-01-09)

  1. Added testing for Django 2.1 (no code changes needed).
  2. Update the unit tests to no longer make use of reCAPTCHA v1.
  3. Added deprecation warnings for reCAPTCHA v1 support.
  4. Remove the need for RECAPTCHA_TESTING environment variable during unit testing.
  5. Added Invisible reCAPTCHA V2 support.

1.4.0 (2018-02-08)

  1. Dropped support for Django < 1.11.
  2. Added testing for Django 2.0 (no code changes needed).

1.3.1 (2017-06-27)

  1. Fixed widget attributes regression for Django < 1.10.

1.3.0 (2017-04-10)

  1. Support Django 1.11 in addition to 1.8, 1.9, and 1.10.

1.2.1 (2017-01-23)

  1. Made reCAPTCHA test keys the default keys for easy use in development. The captcha doesn’t require any interaction, has a warning label that it’s for testing purposes only, and always validates.

1.2.0 (2016-12-19)

  1. Pass options as HTML data attributes instead of the RecaptchaOptions JavaScript object in the default template. Custom templates using RecaptchaOptions should migrate to using HTML data attributes.

1.1.0 (2016-10-28)

  1. Dropped support for old Django versions. Only the upstream supported versions are now supported, currently 1.8, 1.9, and 1.10.
  2. Made recaptcha checking use SSL by default. This can be disabled by setting RECAPTCHA_USE_SSL = False in your Django settings or passing use_ssl=False to the constructor of ReCaptchaField.
  3. Made ReCaptchaField respect required=False

1.0.6 (2016-10-05)

  1. Confirmed tests pass on Django 1.10. Older versions should still work.
  2. Fixed a bug where the widget was always rendered in the first used language due to attrs being a mutable default argument.

1.0.5 (2016-01-04)

  1. Chinese translation (kz26).
  2. Syntax fix (zvin).
  3. Get tests to pass on Django 1.9.

1.0.4 (2015-04-16)

  1. Fixed Python 3 support
  2. Added Polish translations
  3. Update docs

1.0.3 (2015-01-13)

  1. Added nocaptcha recaptcha support

1.0.2 (2014-09-16)

  1. Fixed Russian translations
  2. Added Spanish translations

1.0.1 (2014-09-11)

  1. Added Django 1.7 suport
  2. Added Russian translations
  3. Added multi dependancy support
  4. Cleanup

1.0 (2014-04-23)

  1. Added Python 3 support
  2. Added French, Dutch and Brazilian Portuguese translations

0.0.9 (2014-02-14)

  1. Bugfix: release master and not develop. This should fix the confusion due to master having been the default branch on Github.

0.0.8 (2014-02-13)

  1. Bugfix: remove reference to options.html.

0.0.7 (2014-02-12)

  1. Make it possible to load the widget via ajax.

0.0.6 (2013-01-31)

  1. Added an extra parameter lang to bypass Google’s language bug. See http://code.google.com/p/recaptcha/issues/detail?id=133#c3
  2. widget.html no longer includes options.html. Options are added directly to widget.html

0.0.5 (2013-01-17)

  1. Removed django-registration dependency
  2. Changed testing mechanism to environmental variable RECAPTCHA_TESTING

0.0.4

  1. Handle missing REMOTE_ADDR request meta key. Thanks Joe Jasinski.
  2. Added checks for settings.DEBUG to facilitate tests. Thanks Victor Neo.
  3. Fix for correct iframe URL in case of no javascript. Thanks gerdemb.

0.0.3 (2011-09-20)

  1. Don’t force registration version thanks kshileev.
  2. Render widget using template, thanks denz.

0.0.2 (2011-08-10)

  1. Use remote IP when validating.
  2. Added SSL support, thanks Brooks Travis.
  3. Added support for Javascript reCAPTCHA widget options, thanks Brandon Taylor.
  4. Allow for key and ssl specification at runtime, thanks Evgeny Fadeev.

0.0.1 (2010-06-17)

  1. Initial release.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-recaptcha, version 2.0.6
Filename, size File type Python version Upload date Hashes
Filename, size django_recaptcha-2.0.6-py2.py3-none-any.whl (22.4 kB) File type Wheel Python version py2.py3 Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page