def __call__(self, value): """ Validate that the input contains a valid Re-Captcha value. """ try: check_captcha = client.submit( recaptcha_response=value, private_key=self.private_key, remoteip=self.get_remote_ip(), ) except six.moves.urllib.error.HTTPError: # Catch timeouts, etc raise ValidationError(self.error_messages["captcha_error"], code="captcha_error") if not check_captcha.is_valid: LOGGER.error("ReCAPTCHA validation failed due to: %s", check_captcha.error_codes) raise ValidationError(self.error_messages["captcha_invalid"], code="captcha_invalid") if self.required_score: # If a score was expected but non was returned, default to a 0, # which is the lowest score that it can return. This is to do our # best to assure a failure here, we can not assume that a form # that needed the threshold should be valid if we didn't get a # value back. score = float(check_captcha.extra_data.get("score", 0)) if self.required_score > score: LOGGER.error( "ReCAPTCHA validation failed due to its score of %s" " being lower than the required amount.", score) raise ValidationError(self.error_messages["captcha_invalid"], code="captcha_invalid")
def clean(self, values): super(ReCaptchaField, self).clean(values[1]) recaptcha_challenge_value = smart_unicode(values[0]) recaptcha_response_value = smart_unicode(values[1]) if os.environ.get('RECAPTCHA_TESTING', None) == 'True' and \ recaptcha_response_value == 'PASSED': return values[0] try: check_captcha = client.submit( recaptcha_challenge_value, recaptcha_response_value, private_key=self.private_key, remoteip=self.get_remote_ip(), use_ssl=self.use_ssl) except socket.error: # Catch timeouts, etc raise ValidationError( self.error_messages['captcha_error'] ) if not check_captcha.is_valid: raise ValidationError( self.error_messages['captcha_invalid'] ) return values[0]
def validate(self, value): super(ReCaptchaField, self).validate(value) try: check_captcha = client.submit( recaptcha_response=value, private_key=self.private_key, remoteip=self.get_remote_ip(), ) except HTTPError: # Catch timeouts, etc raise ValidationError( self.error_messages["captcha_error"], code="captcha_error" ) if not check_captcha.is_valid: logger.error( "ReCAPTCHA validation failed due to: %s" % check_captcha.error_codes ) raise ValidationError( self.error_messages["captcha_invalid"], code="captcha_invalid" )
def clean(self, values): super(ReCaptchaField, self).clean(values[1]) recaptcha_challenge_value = smart_unicode(values[0]) recaptcha_response_value = smart_unicode(values[1]) check_captcha = client.submit(recaptcha_challenge_value, \ recaptcha_response_value, private_key=self.private_key, \ remoteip=self.get_remote_ip(), use_ssl=self.use_ssl) if not check_captcha.is_valid: raise forms.util.ValidationError(self.error_messages[\ 'captcha_invalid']) return values[0]
def clean(self, values): super(ReCaptchaField, self).clean(values[1]) recaptcha_challenge_value = smart_unicode(values[0]) recaptcha_response_value = smart_unicode(values[1]) if getattr(settings, 'RECAPTCHA_BYPASS', False) and recaptcha_response_value == 'PASSED': return values[0] check_captcha = client.submit(recaptcha_challenge_value, \ recaptcha_response_value, private_key=self.private_key, \ remoteip=self.get_remote_ip(), use_ssl=self.use_ssl) if not check_captcha.is_valid: raise forms.util.ValidationError( self.error_messages['captcha_invalid'] ) return values[0]
def to_internal_value(self, data): result = super(CaptchaField, self).to_internal_value(data) try: captcha = client.submit(recaptcha_response=result, private_key=settings.RECAPTCHA_PRIVATE_KEY, remoteip=get_client_ip( self.context['request'])) except HTTPError: # Catch timeouts, etc raise serializers.ValidationError( self.error_messages["captcha_error"], code="captcha_error") if not captcha.is_valid or not validate_host( captcha.extra_data['hostname'], settings.ALLOWED_HOSTS): raise serializers.ValidationError('Captcha value is not valid') return result
def clean(self, values): super(ReCaptchaField, self).clean(values[1]) recaptcha_challenge_value = values[0] recaptcha_response_value = values[1] if os.environ.get('RECAPTCHA_TESTING', None) == 'True' and \ recaptcha_response_value == 'PASSED': return values[0] check_captcha = client.submit(recaptcha_challenge_value, \ recaptcha_response_value, private_key=self.private_key, \ remoteip=self.get_remote_ip(), use_ssl=self.use_ssl) if not check_captcha.is_valid: raise forms.util.ValidationError( self.error_messages['captcha_invalid'] ) return values[0]
def test_client_success(self, mocked_response): read_mock = MagicMock() read_mock.read.return_value = b'{"success": true, "challenge_ts":' \ b'"2019-01-11T13:57:23Z", "hostname": "testkey.google.com"}' mocked_response.return_value = read_mock uuid_hex = uuid.uuid4().hex response = client.submit( uuid_hex, "somekey", "0.0.0.0", ) # Quick way to test method call without needing to worry about Python 2 # dicts not being ordered by default. self.assertIn("secret=somekey", mocked_response.call_args.__str__()) self.assertIn("response=%s" % uuid_hex, mocked_response.call_args.__str__()) self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__()) self.assertTrue(response.is_valid)
def test_client_success(self, mocked_response): read_mock = MagicMock() read_mock.read.return_value = b'{"success": true, "challenge_ts":' \ b'"2019-01-11T13:57:23Z", "hostname": "testkey.google.com"}' mocked_response.return_value = read_mock uuid_hex = uuid.uuid4().hex response = client.submit( uuid_hex, "somekey", "0.0.0.0", ) # Quick way to test method call without needing to worry about Python 2 # dicts not being ordered by default. self.assertIn("secret=somekey", mocked_response.call_args.__str__()) self.assertIn( "response=%s" % uuid_hex, mocked_response.call_args.__str__() ) self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__()) self.assertTrue(response.is_valid)
def validate(self, value): super(ReCaptchaField, self).validate(value) try: check_captcha = client.submit( recaptcha_response=value, private_key=self.private_key, remoteip=self.get_remote_ip(), ) except HTTPError: # Catch timeouts, etc raise ValidationError(self.error_messages["captcha_error"], code="captcha_error") if not check_captcha.is_valid: logger.error("ReCAPTCHA validation failed due to: %s" % check_captcha.error_codes) raise ValidationError(self.error_messages["captcha_invalid"], code="captcha_invalid") required_score = self.widget.attrs.get("required_score") if required_score: # Our score values need to be floats, as that is the expected # response from the Google endpoint. Rather than ensure that on # the widget, we do it on the field to better support user # subclassing of the widgets. required_score = float(required_score) # If a score was expected but non was returned, default to a 0, # which is the lowest score that it can return. This is to do our # best to assure a failure here, we can not assume that a form # that needed the threshold should be valid if we didn't get a # value back. score = float(check_captcha.extra_data.get("score", 0)) if required_score > score: logger.error( "ReCAPTCHA validation failed due to its score of %s" " being lower than the required amount." % score) raise ValidationError(self.error_messages["captcha_invalid"], code="captcha_invalid")
def test_client_failure(self, mocked_response): read_mock = MagicMock() read_mock.read.return_value = b'{"success": false, "error-codes":' \ b'["invalid-input-response", "invalid-input-secret"]}' mocked_response.return_value = read_mock uuid_hex = uuid.uuid4().hex response = client.submit( uuid_hex, "somekey", "0.0.0.0", ) # Quick way to test method call without needing to worry about Python 2 # dicts not being ordered by default. self.assertIn("secret=somekey", mocked_response.call_args.__str__()) self.assertIn("response=%s" % uuid_hex, mocked_response.call_args.__str__()) self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__()) self.assertFalse(response.is_valid) self.assertEqual(response.error_codes.sort(), ["invalid-input-response", "invalid-input-secret"].sort())
def validate_recaptcha_response(self, recaptcha_response): request = self.context['request'] ip = get_client_ip(request) try: check_captcha = client.submit( recaptcha_response=recaptcha_response, private_key=config. BRUTE_FORCE_PROTECTION_RECAPTCHA_PRIVATE_KEY, remoteip=ip, ) except _compat.HTTPError: # Catch timeouts, etc raise ValidationError( _("Error verifying reCAPTCHA, please try again."), code="captcha_error") if not check_captcha.is_valid: logger.error("ReCAPTCHA validation failed due to: %s" % check_captcha.error_codes) raise ValidationError( _("Error verifying reCAPTCHA, please try again."), code="captcha_invalid") return ''
def test_client_failure(self, mocked_response): read_mock = MagicMock() read_mock.read.return_value = b'{"success": false, "error-codes":' \ b'["invalid-input-response", "invalid-input-secret"]}' mocked_response.return_value = read_mock uuid_hex = uuid.uuid4().hex response = client.submit( uuid_hex, "somekey", "0.0.0.0", ) # Quick way to test method call without needing to worry about Python 2 # dicts not being ordered by default. self.assertIn("secret=somekey", mocked_response.call_args.__str__()) self.assertIn( "response=%s" % uuid_hex, mocked_response.call_args.__str__() ) self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__()) self.assertFalse(response.is_valid) self.assertEqual( response.error_codes.sort(), ["invalid-input-response", "invalid-input-secret"].sort() )