Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

django-friendly-captcha can't be used in seamless replacement to recaptcha/hcaptcha #6

Open
pbiering opened this issue Apr 1, 2023 · 7 comments
Open

django-friendly-captcha can't be used in seamless replacement to recaptcha/hcaptcha #6

pbiering opened this issue Apr 1, 2023 · 7 comments

Comments

@pbiering
Copy link

pbiering commented Apr 1, 2023

while django-recaptcha and django-hcaptcha can be used out-of the box with a very small extension of related <form_file>.py, e.g.

...
+# CAPTCHA support
+from django.conf import settings
+from captcha.fields import ReCaptchaField
+from hcaptcha.fields import hCaptchaField
...

class Form(forms.Form):
...
+    # CAPTCHA support
+    captcha_service = getattr(settings, 'CAPTCHA_SERVICE', None)
+    if captcha_service == 'recaptcha':
+        captcha = ReCaptchaField()
+    elif captcha_service == 'hcaptcha':
+        hcaptcha = hCaptchaField()
...

This is not working with this django-friendly-captcha as it is required to adjust the templates to inject the required script "assets" as mentioned here: https://pypi.org/project/django-friendly-captcha/

<script type="module" src="https://unpkg.com/[email protected]/widget.module.min.js" async defer></script>
<script nomodule src="https://unpkg.com/[email protected]/widget.min.js" async defer></script>

I would assume other FRC implementations have this hardcoded in templates, so for an easy replace-to-use I would suggest also to implement this in same way as recaptcha/hcaptcha have done this.
@christianwgd
Copy link
Owner

Yes, I understand and had thought about that at the beginning. I decided against, since this would force me to create a new library version every time friendly captcha releases a new version of their js and css assets. As far as I know they don't support something like a "latest" version. Any ideas to deal with that?

@pbiering
Copy link
Author

pbiering commented Apr 1, 2023

I would assume that they serve this particular "version" a long time compatible on server side, because it would be hardcoded in many templates around the world nowadays.

I'm new to "django" so I don't know at all whether template content itself can be adjusted by config file. At least the django form code looks like not supporting injection of any HTML.

@christianwgd
Copy link
Owner

The code changes quite often, as you can see here: https://github.com/FriendlyCaptcha/friendly-challenge/commits/master/docs/changelog.md.

Injection of form assets works like described here: https://docs.djangoproject.com/en/4.1/topics/forms/media/.

@pbiering
Copy link
Author

pbiering commented Apr 1, 2023

The code changes quite often, as you can see here: https://github.com/FriendlyCaptcha/friendly-challenge/commits/master/docs/changelog.md.

Can be but according to https://docs.friendlycaptcha.com/#/installation

sure to always import a specific version (e.g. [email protected]), then you can be sure that the script you import and integrate with your website doesn't change unexpectedly.

an older statically pinned version will continue to work.

Injection of form assets works like described here: https://docs.djangoproject.com/en/4.1/topics/forms/media/.

Thank you for the link, but haven't found any example how I can inject HTML code defined in settings.py inside the Phython form code like e.g.


class Form(forms.Form):
...
+    # CAPTCHA support
+    captcha_service = getattr(settings, 'CAPTCHA_SERVICE', None)
+    if captcha_service == 'recaptcha':
+       # no inject required
+        captcha = ReCaptchaField()
+    elif captcha_service == 'friendly':
+        # get HTML code to inject from settings.py
+        captcha_html_inject = getattr(settings, 'FRC_CAPTCHA_HTML_INJECT', None)
+        QUESTION_HOW_TO_INJECT(captcha_html_inject)
+        captcha = FrcCaptchaField()
+    elif captcha_service == 'hcaptcha':
+       # no inject required
+        hcaptcha = hCaptchaField()
...

@christianwgd
Copy link
Owner

Ok, I think I understand what you're trying to achieve. I will try to refactor the library so that I pin it with some current version of the friendly captcha static assets and make it possible to override this by some settings values. According to that you will be able to use the friendly captcha field the same way like the other ones.
Will need some days for this.

@christianwgd
Copy link
Owner

I worked on it and it went faster than expected. Can you please try, if version 0.1.7 fits your needs?

@pbiering
Copy link
Author

pbiering commented Apr 2, 2023

That was quick, it's working as expected, thank you!

For completness, the optional proxy support should be also added like reCaptcha (RECAPTCHA_PROXY) and hCaptcha (HCAPTCHA_PROXIES) have already built in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pbiering @christianwgd