Skip to main content

Django recaptcha form field/widget app.

Project description

Django reCAPTCHA

Django reCAPTCHA form field/widget integration app.

https://travis-ci.org/praekelt/django-recaptcha.svg?branch=develop

Django reCAPTCHA uses a modified version of the Python reCAPTCHA client which is included in the package as client.py.

Requirements

Tested with:

  • Python: 2.7, 3.5

  • Django: 1.8, 1.9, 1.10, 1.11

Installation

  1. Sign up for reCAPTCHA.

  2. Install with pip install django-recaptcha.

  3. Add 'captcha' to your INSTALLED_APPS setting.

  4. Add the keys reCAPTCHA have given you to your Django production settings (leave development settings blank to use the default test keys) as RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY. For example:

    RECAPTCHA_PUBLIC_KEY = 'MyRecaptchaKey123'
    RECAPTCHA_PRIVATE_KEY = 'MyRecaptchaPrivateKey456'

    These can also be specificied per field by passing the public_key or private_key parameters to ReCaptchaField - see field usage below.

  5. If you would like to use the new No Captcha reCaptcha add the setting NOCAPTCHA = True. For example:

    NOCAPTCHA = True
  6. If you require a proxy, add a RECAPTCHA_PROXY setting, for example:

    RECAPTCHA_PROXY = 'http://127.0.0.1:8000'

Usage

Field

The quickest way to add reCAPTCHA to a form is to use the included ReCaptchaField field class. A ReCaptcha widget will be rendered with the field validating itself without any further action required. For example:

from django import forms
from captcha.fields import ReCaptchaField

class FormWithCaptcha(forms.Form):
    captcha = ReCaptchaField()

To allow for runtime specification of keys you can optionally pass the private_key or public_key parameters to the constructor. For example:

captcha = ReCaptchaField(
    public_key='76wtgdfsjhsydt7r5FFGFhgsdfytd656sad75fgh',
    private_key='98dfg6df7g56df6gdfgdfg65JHJH656565GFGFGs',
)

If specified these parameters will be used instead of your reCAPTCHA project settings.

The reCAPTCHA widget supports several Javascript options variables that customize the behaviour of the widget, such as theme and lang. You can forward these options to the widget by passing an attr parameter to the field, containing a dictionary of options. For example:

captcha = ReCaptchaField(attrs={
  'theme' : 'clean',
})

The client takes the key/value pairs and writes out the RecaptchaOptions value in JavaScript.

Local Development and Functional Testing

Google provides test keys which are set as the default for RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY. These cannot be used in production since they always validate to true and a warning will be shown on the reCAPTCHA.

Unit Testing

Django reCAPTCHA introduces an environment variable RECAPTCHA_TESTING which helps facilitate tests. The environment variable should be set to "True", and cleared, using the setUp() and tearDown() methods in your test classes.

Setting RECAPTCHA_TESTING to True causes Django reCAPTCHA to accept "PASSED" as the recaptcha_response_field value. Note that if you are using the new No Captcha reCaptcha (ie. with NOCAPTCHA = True in your settings) the response field is called g-recaptcha-response.

Example:

import os
os.environ['RECAPTCHA_TESTING'] = 'True'

form_params = {'recaptcha_response_field': 'PASSED'} # use 'g-recaptcha-response' param name if using NOCAPTCHA
form = RegistrationForm(form_params) # assuming only one ReCaptchaField
form.is_valid() # True

os.environ['RECAPTCHA_TESTING'] = 'False'
form.is_valid() # False

Passing any other values will cause Django reCAPTCHA to continue normal processing and return a form error.

Check tests.py for a full example.

AJAX

To make reCAPTCHA work in ajax-loaded forms:

  1. Import recaptcha_ajax.js on your page (not in the loaded template):

    <script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
  2. Add to your Django settings:

    CAPTCHA_AJAX = True

Disabling SSL

This library used to not use SSL by default, but now it does. You can disable this if required, but you should think long and hard about it before you do so!

You can disable it by setting RECAPTCHA_USE_SSL = False in your Django settings, or by passing use_ssl=False to the constructor of ReCaptchaField.

Credits

Inspired Marco Fucci’s blogpost titled Integrating reCAPTCHA with Django

client.py taken from recaptcha-client licenced MIT/X11 by Mike Crawford.

reCAPTCHA copyright 2012 Google.

Authors

Praekelt Consulting

  • Shaun Sephton

  • Peter Pistorius

  • Hedley Roos

bTaylor Design

Other

Changelog

Pending

  1. New release notes go here

1.3.1 (2017-06-27)

  1. Fixed widget attributes regression for Django < 1.10.

1.3.0 (2017-04-10)

  1. Support Django 1.11 in addition to 1.8, 1.9, and 1.10.

1.2.1 (2017-01-23)

  1. Made reCAPTCHA test keys the default keys for easy use in development. The captcha doesn’t require any interaction, has a warning label that it’s for testing purposes only, and always validates.

1.2.0 (2016-12-19)

  1. Pass options as HTML data attributes instead of the RecaptchaOptions JavaScript object in the default template. Custom templates using RecaptchaOptions should migrate to using HTML data attributes.

1.1.0 (2016-10-28)

  1. Dropped support for old Django versions. Only the upstream supported versions are now supported, currently 1.8, 1.9, and 1.10.

  2. Made recaptcha checking use SSL by default. This can be disabled by setting RECAPTCHA_USE_SSL = False in your Django settings or passing use_ssl=False to the constructor of ReCaptchaField.

  3. Made ReCaptchaField respect required=False

1.0.6 (2016-10-05)

  1. Confirmed tests pass on Django 1.10. Older versions should still work.

  2. Fixed a bug where the widget was always rendered in the first used language due to attrs being a mutable default argument.

1.0.5 (2016-01-04)

  1. Chinese translation (kz26).

  2. Syntax fix (zvin).

  3. Get tests to pass on Django 1.9.

1.0.4 (2015-04-16)

  1. Fixed Python 3 support

  2. Added Polish translations

  3. Update docs

1.0.3 (2015-01-13)

  1. Added nocaptcha recaptcha support

1.0.2 (2014-09-16)

  1. Fixed Russian translations

  2. Added Spanish translations

1.0.1 (2014-09-11)

  1. Added Django 1.7 suport

  2. Added Russian translations

  3. Added multi dependancy support

  4. Cleanup

1.0 (2014-04-23)

  1. Added Python 3 support

  2. Added French, Dutch and Brazilian Portuguese translations

0.0.9 (2014-02-14)

  1. Bugfix: release master and not develop. This should fix the confusion due to master having been the default branch on Github.

0.0.8 (2014-02-13)

  1. Bugfix: remove reference to options.html.

0.0.7 (2014-02-12)

  1. Make it possible to load the widget via ajax.

0.0.6 (2013-01-31)

  1. Added an extra parameter lang to bypass Google’s language bug. See http://code.google.com/p/recaptcha/issues/detail?id=133#c3

  2. widget.html no longer includes options.html. Options are added directly to widget.html

0.0.5 (2013-01-17)

  1. Removed django-registration dependency

  2. Changed testing mechanism to environmental variable RECAPTCHA_TESTING

0.0.4

  1. Handle missing REMOTE_ADDR request meta key. Thanks Joe Jasinski.

  2. Added checks for settings.DEBUG to facilitate tests. Thanks Victor Neo.

  3. Fix for correct iframe URL in case of no javascript. Thanks gerdemb.

0.0.3 (2011-09-20)

  1. Don’t force registration version thanks kshileev.

  2. Render widget using template, thanks denz.

0.0.2 (2011-08-10)

  1. Use remote IP when validating.

  2. Added SSL support, thanks Brooks Travis.

  3. Added support for Javascript reCAPTCHA widget options, thanks Brandon Taylor.

  4. Allow for key and ssl specification at runtime, thanks Evgeny Fadeev.

0.0.1 (2010-06-17)

  1. Initial release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-recaptcha-1.3.1.tar.gz (12.7 kB view hashes)

Uploaded Source

Built Distribution

django_recaptcha-1.3.1-py2.7.egg (19.1 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page