Integrate reCAPTCHA into your Laravel app better than the Big G itself!
License: MIT License
Hi, thanks for the bundle. Also a fan of your medium posts.
If I want to support an API endpoint with more than 1 type of captcha, say v2 checkbox and v2 android, it seems that I need to have 2 different routes so I can apply only a single middleware. Is there another strategy available (short of parsing User-Agent headers) to be able to support multiple types of captchas on a single endpoint? It would be neat to vary on the $input but since that value is in a constant, it is very difficult to support a v2-checkbox-response and v2-android-response field in the different middlewares
Hi,
just a quick question, does your package require allow_url_fopen to be enabled in the server php.ini ?
I coded a simple Laravel Rule to verify a CaptchaV3 token, using the official Google composer package.
The problem is that this package requires allow_url_fopen to be allowed in php.ini.
I really have no idea if this is a valid security concern... but on my VPS host, they actually say that having this option enabled might be a security risk.
So, I was wondering if I should switch to your package.
Thanks
I'm getting a lot of errors in bugsnag about an undefined challenge and I am not sure why. From what I saw all of them seem to be spam but still I don't think I should be getting these..
I have it set like this:
Route::get('contact', [ContactController::class, 'contact'])->name('contact.create');
Route::post('contact', [ContactController::class, 'store'])->name('contact.store')
->middleware(ReCaptcha::score());
// view
<button type="submit" class="xxxxx g-recaptcha"
data-sitekey="{{ captchavel('score') }}"
data-callback='onSubmit'
data-action='submit'
>
{{ __('Send') }}
</button>
The actual error:
TypeError DarkGhostHunter\Captchavel\Captchavel::request(): Argument #1 ($challenge) must be of type string, null given, called in /home/forge/xxxxxxx/vendor/darkghosthunter/captchavel/src/Captchavel.php on line 134
vendor/darkghosthunter/captchavel/src/Captchavel.php:145 DarkGhostHunter\Captchavel\Captchavel::request
vendor/darkghosthunter/captchavel/src/Captchavel.php:134 DarkGhostHunter\Captchavel\Captchavel::getChallenge
vendor/darkghosthunter/captchavel/src/Http/Middleware/VerifyReCaptchaV3.php:101 DarkGhostHunter\Captchavel\Http\Middleware\VerifyReCaptchaV3::response
vendor/darkghosthunter/captchavel/src/Http/Middleware/VerifyReCaptchaV3.php:68 DarkGhostHunter\Captchavel\Http\Middleware\VerifyReCaptchaV3::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
app/Http/Middleware/SetLocaleMiddleware.php:20 App\Http\Middleware\SetLocaleMiddleware::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/inertiajs/inertia-laravel/src/Middleware.php:82 Inertia\Middleware::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php:50 Illuminate\Routing\Middleware\SubstituteBindings::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:78 Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49 Illuminate\View\Middleware\ShareErrorsFromSession::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/spatie/laravel-googletagmanager/src/GoogleTagManagerMiddleware.php:52 Spatie\GoogleTagManager\GoogleTagManagerMiddleware::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:121 Illuminate\Session\Middleware\StartSession::handleStatefulRequest
vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:64 Illuminate\Session\Middleware\StartSession::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php:37 Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:67 Illuminate\Cookie\Middleware\EncryptCookies::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:103 Illuminate\Pipeline\Pipeline::then
vendor/laravel/framework/src/Illuminate/Routing/Router.php:697 Illuminate\Routing\Router::runRouteWithinStack
vendor/laravel/framework/src/Illuminate/Routing/Router.php:672 Illuminate\Routing\Router::runRoute
vendor/laravel/framework/src/Illuminate/Routing/Router.php:636 Illuminate\Routing\Router::dispatchToRoute
vendor/laravel/framework/src/Illuminate/Routing/Router.php:625 Illuminate\Routing\Router::dispatch
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:167 Illuminate\Foundation\Http\Kernel::Illuminate\Foundation\Http\{closure}
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:128 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/nova/src/Http/Middleware/ServeNova.php:24 Laravel\Nova\Http\Middleware\ServeNova::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:21 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php:31 Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:21 Illuminate\Foundation\Http\Middleware\TransformsRequest::handle
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php:40 Illuminate\Foundation\Http\Middleware\TrimStrings::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php:27 Illuminate\Foundation\Http\Middleware\ValidatePostSize::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php:86 Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/fruitcake/laravel-cors/src/HandleCors.php:38 Fruitcake\Cors\HandleCors::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/fideloper/proxy/src/TrustProxies.php:57 Fideloper\Proxy\TrustProxies::handle
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167 Illuminate\Pipeline\Pipeline::Illuminate\Pipeline\{closure}
vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:103 Illuminate\Pipeline\Pipeline::then
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:142 Illuminate\Foundation\Http\Kernel::sendRequestThroughRouter
vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:111 Illuminate\Foundation\Http\Kernel::handle
public/index.php:52 [main]
Any news on when you'll be supporting Laravel 6.x? This package is currently stopping my upgrade to 6.x. Looking at the code, it doesn't look like there anything in particular that would stop you from just changing the dependencies and allow 6.x as well.
The new script fixed the issue with the Invalid Captcha Exception, but now I have noticed that it's clobbering my front-end validation because it's force submitting the form after it receives a valid captcha response.
Maybe this is a matter where I need to fire off the captcha checking manually once my validation passes, but I wanted to bring it to your attention.
I am using https://jqueryvalidation.org/ and when the form is invalid it stops the form from being submitted. Onsubmit, the recaptcha sends the request and then does the form.submit() anyway.
Hi,
I followed the integration steps for your captcha library and I am getting RecaptchaNotResolvedException error.
Frontend side works great, the token is injected into my form. I'm using $request->isRobot() in my controller as you write in the instructions but I still get the exception. I dug little deeper using xdebug and I discovered that DarkGhostHunter\Captchavel\ReCaptcha::setResponse() was called with proper data (I used the CAPTCHAVEL_LOCAL option) when I submit the form. So the middleware works too obviously.
But the $request->isRobot() function is calling a helper method which calls app('recaptcha') behind the scenes and I'm getting DarkGhostHunter\Captchavel\ReCaptcha instance with response set to null. It seems that the Laravel is creating a new instance instead of returning the instance where setResponse() was called in the middleware.
Laravel version: 5.8
Captchavel version: 1.1
Do you have an idea how to fix this?
If a form validation fails, it would be cool to store the reCAPTCHA result for a given number of minutes in the session before asking it again. Adding it as a parameter to the middleware will be breaking change.
We could use it globally in the config file, and disable/enable it programmatically in each middleware.
return [
'remember' => [
'key' => null,
'minutes' => 30,
]
];Route::get('message')->uses(SendMessageController::class)
->middleware(ReCaptcha::invisible()->remember(60));At the middleware, if the remember is active, we will store a key in the session that will expire at a given timestamp. The next request will check if the session contains the key (if this is active) and bypass checking the reCAPTCHA input presence.
For this to work on the frontend, the @unlessrecaptcha method would check if the session contains the reCAPTCHA remember key and is not expired, evaluating the code inside the block if not.
<form>
@unlessrecaptcha
<div class="g-recaptcha"
data-sitekey="_your_site_key_"
data-callback="onSubmit"
data-size="invisible">
</div>
@endunlessrecaptcha
</form>When a user is authenticated, it should be possible to programmatically disable the recaptcha check from the middleware.
An alternative could be to have the a third option on the recaptcha to note on which guards (or guards) the reCAPTCHA should be bypassed.
Route::post('message', function () {
// ...
})->middleware('recaptcha:checkbox,g-recaptcha-response,web');This would only on V2 challenges.
Let me preface this by saying thank you for the easy to use library, your work is very much appreciated. I just ran into a small issue while integrating it into my site: I have a form that causes a file download in the current window instead of navigating to a different page once it's submitted. This is a problem because the _recaptcha field is only created once on page load, so subsequent attempts to send the form will fail with a FailedRecaptchaException due to the duplicate submission of the same token.
I devised the solution below with as few changes from the original script as possible, you'd be welcome to incorporate this change into the package if you feel like it, or use a different solution entirely, I just wanted to bring this issue to your attention. With the following change it simply calls the key fetching sequence each time the form is submitted alongside the initial call on page load. This solved the issue in my case.
<script src="https://www.google.com/recaptcha/api.js?render={{ $key }}&onload=captchavelCallback" defer></script>
<script>
// Start Captchavel Script
window.captchavelCallback = function () {
let site_key = "{{ $key }}";
if (site_key === '') {
console.error("You haven't set your Site Key for reCAPTCHA v3. Get it on https://g.co/recaptcha/admin.");
return;
}
Array.from(document.getElementsByTagName('form'))
.filter((form) => form.dataset.recaptcha === 'true')
.forEach((form) => {
let action = form.action.includes('://') ? (new URL(form.action)).pathname : form.action;
const getKey = () => {
grecaptcha.execute(site_key, {
action: action
.substring(action.indexOf('?'), action.length)
.replace(/[^A-z\/_]/gi, '')
}).then((token) => {
if (token) {
let child = document.createElement('input');
child.setAttribute('type', 'hidden');
child.setAttribute('name', '_recaptcha');
child.setAttribute('value', token);
form.appendChild(child);
}
});
};
getKey();
form.addEventListener('submit', getKey);
});
};
</script>Hello, thanks for this packing but am facing a problem
Class 'DarkGhostHunter\Captchavel\ReCaptcha' not found
Even PhpStorm didn't recognize packing
Why do I get the following error from time to time? Are these bots submitting the form? The form works for me when I submit myself, but every now and then I get "The reCAPTCHA token received is invalid".
Below is part of the response. Let me know if you need the rest of the response from Laravel.
Thank you for your hard work and help.
"class": "DarkGhostHunter\\Captchavel\\Exceptions\\InvalidRecaptchaException",
"message": "The reCAPTCHA token received is invalid",
"code": 0,
Finally I managed to make it working (I hope so) on Auth.
But now the recaptcha's block appears everywhere even on a routes where it is not registered. Is it because of the auto-mode?
My routes look like:
Route::group(['middleware' => 'recaptcha'], function() {
Auth::routes();
});
Route::get('setlocale/{locale}', 'LangController@setLang');
Route::group(['middleware' => 'auth'], function() {
// account
Route::resource('accounts', 'AccountController');
....
}
Why does it appear on every route?
On a separate note. I put the following in the login form as it is suggested in documentation:
<input id="is_robot" type="checkbox" name="is_robot" checked>
and it does not influence anything..
Hi, I wanted to add your recapcha middleware to Auth routes and of cause got the error message above. Does it make sense to have it? It would make much more sense just to ignore GET requests and let people to add middleware like:
Route::group(['middleware' => 'recaptcha'], function() {
Auth::routes();
});
I am pretty new in Laravel and I have no idea how to find a workaround for this case..
Currently, the library uses the default Laravel HTTP Client. The client supports async() request, which return a promise which result can be retrieved later. This is a nice article explaining how. This would avoid blocking the request by waiting the response from reCAPTCHA servers.
In theory, it should be possible to queue the async reques, and resolve it only if the user requires to check the score. Since the user interacts with ReCaptchaResponse directly, the changes underneath would be opaque; nothing would change on the user-land.
After the response is sent, the request would be forcefully cancelled to avoid lingering pending requests (specially under Laravel Octane or similar). This means the middleware should have a terminate() method in which the response is forcefully cancelled.
public function terminate($request, $response)
{
$this->captchavel->cancelPendingRequest();
}When trying to install the package on a fresh Laravel 7.0 install the installation fails with the following message :
- Installation request for laravel/framework (locked at v7.0.7, required as ^7.0) -> satisfiable by laravel/framework[v7.0.7].
- darkghosthunter/captchavel v2.0.0 requires illuminate/view 6.* -> satisfiable by illuminate/view[6.x-dev].
- darkghosthunter/captchavel v2.0.1 requires illuminate/view 6.* -> satisfiable by illuminate/view[6.x-dev].
- Conclusion: don't install illuminate/view 6.x-dev
- Installation request for darkghosthunter/captchavel ^2.0 -> satisfiable by darkghosthunter/captchavel[v2.0.0, v2.0.1].
Will there be support for laravel version 5.7?
Using version ^1.1 for darkghosthunter/captchavel
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for darkghosthunter/captchavel ^1.1 -> satisfiable by darkghosthunter/captchavel[v1.1.0].
- Conclusion: remove laravel/framework v5.7.28
- Conclusion: don't install laravel/framework v5.7.28
- darkghosthunter/captchavel v1.1.0 requires illuminate/view 5.8.* -> satisfiable by laravel/framework[5.8.x-dev], illuminate/view[5.8.x-dev, v5.8.0, v5.8.11, v5.8.12, v5.8.14, v5.8.15, v5.8.17, v5.8.18, v5.8.19, v5.8.2, v5.8.20, v5.8.22, v5.8.24, v5.8.27, v5.8.28, v5.8.29, v5.8.3, v5.8.30, v5.8.4, v5.8.8, v5.8.9].
- Can only install one of: laravel/framework[5.8.x-dev, v5.7.28].
- don't install illuminate/view 5.8.x-dev|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.0|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.11|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.12|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.14|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.15|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.17|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.18|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.19|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.2|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.20|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.22|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.24|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.27|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.28|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.29|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.3|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.30|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.4|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.8|don't install laravel/framework v5.7.28
- don't install illuminate/view v5.8.9|don't install laravel/framework v5.7.28
- Installation request for laravel/framework (locked at v5.7.28, required as 5.7.*) -> satisfiable by laravel/framework[v5.7.28].
Installation failed, reverting ./composer.json to its original content.
HI!, Not sure if this is the right place for this sort of thing but I was wondering how I would get this working with a form submitted using ajax?
I keep receiving the following respose The reCAPTCHA token received is invalid
When I submit the form in the traditional way it sends the correct response, so was just wondering what I need to do to get this working.
Thanks for this package! It's a lot easier to use than some of the others I have found.
I'm trying to disable the the Recaptcha logo that appears at the bottom of every page that doesn't require Captchavel.
Is it possible to only load Captchavel on specific routes?
Thanks!
Eric
Hello,
Love your application, it's a life saver and very easy to use. Recently, I have implemented this in an application and we're getting a lot of InvalidRecaptchaException in our log.
Is this an implementation issue or something that I can address? How would you suggest I catch and recover from this error gracefully, because right now it's just resulting in a 500 error dead end for users.
Here's some cleaned up code, but I'm using the middleware implementation on our login controller.
Login view:
<div class="card-body">
<form method="POST" action="{{ route('login') }}" data-recaptcha="true">
@csrf
.... form fields here
</form>
</div>LoginController.php
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
$this->middleware('recaptcha')->only('login');
}I am not overriding the default login() logic to include an isRobot check or anything of that nature.
Suggestions?
when i activate the local enviroment the error The reCAPTCHA token received is invalid is shown.
Hello!
Using auto-mode but from what I can see, the token is not refreshed after 2 minutes (when it expires according to Google) :-O
I'm about to write a small js string that will refresh the token automatically to see if it helps, or have I missunderstood something? :)
Thanks!
Can you please raise the minimum version to support both v 7 and 8?
Hi,
I'm using 2.2 version.
In Laravel error log I see several of these errors:
[2020-10-12 18:39:31] production.ERROR: The Google reCAPTCHA library returned the following errors:timeout-or-duplicate
I guess it's about long lasting form compilations, but I can't figure out how to resolve.
Can you help me please ?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.