Including captcha in a django form
You can use django-simple-captcha.
- Install it
pip install django-simple-captcha
- Add captcha to the
INSTALLED_APPS
in your settings.py - Run
python manage.py migrate
- Add an entry to your urls.py:
urlpatterns += [
path(r'captcha/', include('captcha.urls')),
]
in forms.py:
from django import forms
from captcha.fields import CaptchaField
class YourForm(forms.Form):
captcha = CaptchaField()
in template:
<form action="/your-name/" method="post">
{% csrf_token %}
{{ form.captcha }}
<input type="submit" value="Submit">
</form>
You can also use a mixin
Have your views inherit from a mixin that validates a recaptcha, c.greys solution is probably easier tbh but you may want to do other things with the request outside the template.
import requests
from django.http.response import HttpResponseForbidden
from ipware import get_client_ip
from .settings import RECAPTCHA_KEY, RECAPTCHA_SECRET
class GoogleRecaptchaMixin:
def post(self, request, *args, **kwargs):
g_recaptcha_response = request.POST.get('g-recaptcha-response', None)
client_ip, is_routable = get_client_ip(request)
response = requests.post(
"https://www.google.com/recaptcha/api/siteverify",
data={
"secret": RECAPTCHA_SECRET,
"response": g_recaptcha_response,
"remoteip": client_ip
}
)
response_dict = response.json()
if response_dict.get("success", None):
return super().post(request, *args, **kwargs)
else:
return HttpResponseForbidden(*args, **kwargs)
In the same directory as the code above you would have a settings file with your key and secret or you could directly import from django.conf
#settings.py
from django.conf import settings
RECAPTCHA_SECRET = getattr(settings, "RECAPTCHA_SECRET", '')
RECAPTCHA_KEY = getattr(settings, "RECAPTCHA_KEY", '')
In your template you would have something like:
<form id="form-00" method="post" action="/process">{% csrf_token %}
<button class="g-recaptcha"
data-sitekey="your recaptcha key"
data-callback="formSubmit">Recaptcha this</button>
</form>
<script type="text/javascript" src='https://www.google.com/recaptcha/api.js'></script>
<script type="text/javascript">
function formSubmit(token) {
document.getElementById("form-00").submit();
}
</script>