def __call__(self, value):
"""
Validate that the input contains a valid Re-Captcha value.
"""
try:
check_captcha = client.submit(
recaptcha_response=value,
private_key=self.private_key,
remoteip=self.get_remote_ip(),
)
except six.moves.urllib.error.HTTPError: # Catch timeouts, etc
raise ValidationError(self.error_messages["captcha_error"],
code="captcha_error")
if not check_captcha.is_valid:
LOGGER.error("ReCAPTCHA validation failed due to: %s",
check_captcha.error_codes)
raise ValidationError(self.error_messages["captcha_invalid"],
code="captcha_invalid")
if self.required_score:
# If a score was expected but non was returned, default to a 0,
# which is the lowest score that it can return. This is to do our
# best to assure a failure here, we can not assume that a form
# that needed the threshold should be valid if we didn't get a
# value back.
score = float(check_captcha.extra_data.get("score", 0))
if self.required_score > score:
LOGGER.error(
"ReCAPTCHA validation failed due to its score of %s"
" being lower than the required amount.", score)
raise ValidationError(self.error_messages["captcha_invalid"],
code="captcha_invalid")
def clean(self, values):
super(ReCaptchaField, self).clean(values[1])
recaptcha_challenge_value = smart_unicode(values[0])
recaptcha_response_value = smart_unicode(values[1])
if os.environ.get('RECAPTCHA_TESTING', None) == 'True' and \
recaptcha_response_value == 'PASSED':
return values[0]
try:
check_captcha = client.submit(
recaptcha_challenge_value,
recaptcha_response_value, private_key=self.private_key,
remoteip=self.get_remote_ip(), use_ssl=self.use_ssl)
except socket.error: # Catch timeouts, etc
raise ValidationError(
self.error_messages['captcha_error']
)
if not check_captcha.is_valid:
raise ValidationError(
self.error_messages['captcha_invalid']
)
return values[0]
def validate(self, value):
super(ReCaptchaField, self).validate(value)
try:
check_captcha = client.submit(
recaptcha_response=value,
private_key=self.private_key,
remoteip=self.get_remote_ip(),
)
except HTTPError: # Catch timeouts, etc
raise ValidationError(
self.error_messages["captcha_error"],
code="captcha_error"
)
if not check_captcha.is_valid:
logger.error(
"ReCAPTCHA validation failed due to: %s" %
check_captcha.error_codes
)
raise ValidationError(
self.error_messages["captcha_invalid"],
code="captcha_invalid"
)
def clean(self, values):
super(ReCaptchaField, self).clean(values[1])
recaptcha_challenge_value = smart_unicode(values[0])
recaptcha_response_value = smart_unicode(values[1])
check_captcha = client.submit(recaptcha_challenge_value, \
recaptcha_response_value, private_key=self.private_key, \
remoteip=self.get_remote_ip(), use_ssl=self.use_ssl)
if not check_captcha.is_valid:
raise forms.util.ValidationError(self.error_messages[\
'captcha_invalid'])
return values[0]
def clean(self, values):
super(ReCaptchaField, self).clean(values[1])
recaptcha_challenge_value = smart_unicode(values[0])
recaptcha_response_value = smart_unicode(values[1])
if getattr(settings, 'RECAPTCHA_BYPASS', False) and recaptcha_response_value == 'PASSED':
return values[0]
check_captcha = client.submit(recaptcha_challenge_value, \
recaptcha_response_value, private_key=self.private_key, \
remoteip=self.get_remote_ip(), use_ssl=self.use_ssl)
if not check_captcha.is_valid:
raise forms.util.ValidationError(
self.error_messages['captcha_invalid']
)
return values[0]
def to_internal_value(self, data):
result = super(CaptchaField, self).to_internal_value(data)
try:
captcha = client.submit(recaptcha_response=result,
private_key=settings.RECAPTCHA_PRIVATE_KEY,
remoteip=get_client_ip(
self.context['request']))
except HTTPError: # Catch timeouts, etc
raise serializers.ValidationError(
self.error_messages["captcha_error"], code="captcha_error")
if not captcha.is_valid or not validate_host(
captcha.extra_data['hostname'], settings.ALLOWED_HOSTS):
raise serializers.ValidationError('Captcha value is not valid')
return result
def clean(self, values):
super(ReCaptchaField, self).clean(values[1])
recaptcha_challenge_value = values[0]
recaptcha_response_value = values[1]
if os.environ.get('RECAPTCHA_TESTING', None) == 'True' and \
recaptcha_response_value == 'PASSED':
return values[0]
check_captcha = client.submit(recaptcha_challenge_value, \
recaptcha_response_value, private_key=self.private_key, \
remoteip=self.get_remote_ip(), use_ssl=self.use_ssl)
if not check_captcha.is_valid:
raise forms.util.ValidationError(
self.error_messages['captcha_invalid']
)
return values[0]
def test_client_success(self, mocked_response):
read_mock = MagicMock()
read_mock.read.return_value = b'{"success": true, "challenge_ts":' \
b'"2019-01-11T13:57:23Z", "hostname": "testkey.google.com"}'
mocked_response.return_value = read_mock
uuid_hex = uuid.uuid4().hex
response = client.submit(
uuid_hex,
"somekey",
"0.0.0.0",
)
# Quick way to test method call without needing to worry about Python 2
# dicts not being ordered by default.
self.assertIn("secret=somekey", mocked_response.call_args.__str__())
self.assertIn("response=%s" % uuid_hex,
mocked_response.call_args.__str__())
self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__())
self.assertTrue(response.is_valid)
def test_client_success(self, mocked_response):
read_mock = MagicMock()
read_mock.read.return_value = b'{"success": true, "challenge_ts":' \
b'"2019-01-11T13:57:23Z", "hostname": "testkey.google.com"}'
mocked_response.return_value = read_mock
uuid_hex = uuid.uuid4().hex
response = client.submit(
uuid_hex,
"somekey",
"0.0.0.0",
)
# Quick way to test method call without needing to worry about Python 2
# dicts not being ordered by default.
self.assertIn("secret=somekey", mocked_response.call_args.__str__())
self.assertIn(
"response=%s" % uuid_hex, mocked_response.call_args.__str__()
)
self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__())
self.assertTrue(response.is_valid)
def validate(self, value):
super(ReCaptchaField, self).validate(value)
try:
check_captcha = client.submit(
recaptcha_response=value,
private_key=self.private_key,
remoteip=self.get_remote_ip(),
)
except HTTPError: # Catch timeouts, etc
raise ValidationError(self.error_messages["captcha_error"],
code="captcha_error")
if not check_captcha.is_valid:
logger.error("ReCAPTCHA validation failed due to: %s" %
check_captcha.error_codes)
raise ValidationError(self.error_messages["captcha_invalid"],
code="captcha_invalid")
required_score = self.widget.attrs.get("required_score")
if required_score:
# Our score values need to be floats, as that is the expected
# response from the Google endpoint. Rather than ensure that on
# the widget, we do it on the field to better support user
# subclassing of the widgets.
required_score = float(required_score)
# If a score was expected but non was returned, default to a 0,
# which is the lowest score that it can return. This is to do our
# best to assure a failure here, we can not assume that a form
# that needed the threshold should be valid if we didn't get a
# value back.
score = float(check_captcha.extra_data.get("score", 0))
if required_score > score:
logger.error(
"ReCAPTCHA validation failed due to its score of %s"
" being lower than the required amount." % score)
raise ValidationError(self.error_messages["captcha_invalid"],
code="captcha_invalid")
def test_client_failure(self, mocked_response):
read_mock = MagicMock()
read_mock.read.return_value = b'{"success": false, "error-codes":' \
b'["invalid-input-response", "invalid-input-secret"]}'
mocked_response.return_value = read_mock
uuid_hex = uuid.uuid4().hex
response = client.submit(
uuid_hex,
"somekey",
"0.0.0.0",
)
# Quick way to test method call without needing to worry about Python 2
# dicts not being ordered by default.
self.assertIn("secret=somekey", mocked_response.call_args.__str__())
self.assertIn("response=%s" % uuid_hex,
mocked_response.call_args.__str__())
self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__())
self.assertFalse(response.is_valid)
self.assertEqual(response.error_codes.sort(),
["invalid-input-response",
"invalid-input-secret"].sort())
def validate_recaptcha_response(self, recaptcha_response):
request = self.context['request']
ip = get_client_ip(request)
try:
check_captcha = client.submit(
recaptcha_response=recaptcha_response,
private_key=config.
BRUTE_FORCE_PROTECTION_RECAPTCHA_PRIVATE_KEY,
remoteip=ip,
)
except _compat.HTTPError: # Catch timeouts, etc
raise ValidationError(
_("Error verifying reCAPTCHA, please try again."),
code="captcha_error")
if not check_captcha.is_valid:
logger.error("ReCAPTCHA validation failed due to: %s" %
check_captcha.error_codes)
raise ValidationError(
_("Error verifying reCAPTCHA, please try again."),
code="captcha_invalid")
return ''
def test_client_failure(self, mocked_response):
read_mock = MagicMock()
read_mock.read.return_value = b'{"success": false, "error-codes":' \
b'["invalid-input-response", "invalid-input-secret"]}'
mocked_response.return_value = read_mock
uuid_hex = uuid.uuid4().hex
response = client.submit(
uuid_hex,
"somekey",
"0.0.0.0",
)
# Quick way to test method call without needing to worry about Python 2
# dicts not being ordered by default.
self.assertIn("secret=somekey", mocked_response.call_args.__str__())
self.assertIn(
"response=%s" % uuid_hex, mocked_response.call_args.__str__()
)
self.assertIn("remoteip=0.0.0.0", mocked_response.call_args.__str__())
self.assertFalse(response.is_valid)
self.assertEqual(
response.error_codes.sort(),
["invalid-input-response", "invalid-input-secret"].sort()
)
