You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Chris Colman <ch...@stepahead.com.au> on 2020/01/17 21:49:56 UTC
Google reCAPTCHA V3 wicket component?
Does anyone know if anyone has already created a Wicket component that
encapsulates Google reCAPTCHA V3?
I'm thinking it should be possible to have such a component that is
simply added to a form like any other form component and then at
submission, if Google thinks it's a Bot then the component throws a
validation error ("Submission blocked: You are probably a bot")
otherwise the form is submitted without obstruction.
I have searched for such a component but have not yet found one.
Regards,
Chrisco
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Google reCAPTCHA V3 wicket component?
Posted by Chris Colman <ch...@stepahead.com.au>.
Hi Gabriel,
This looks promising! I'm just starting to integrate it now.
(I never thought my high school French lessons would come in handy but
they help me understand your comments - a bit :) )
Do you have any usage doco or sample app?
I'm guessing we just construct your captcha validator and add it to the
form we want to use it in. Is it that simple?
Regards,
Chrisco
On 29/01/2020 8:53 am, Gabriel Landon wrote:
> Hi Chrisco,
>
> It's far from perfect, but here's a good start :
>
> AjaxRecaptchaV3Validator.java
> <http://apache-wicket.1842946.n4.nabble.com/file/t48683/AjaxRecaptchaV3Validator.java>
>
> Regards,
> Gabriel.
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Google reCAPTCHA V3 wicket component?
Posted by Gabriel Landon <gl...@piti.pf>.
As I said it's far from perfect!
The code is for wicket 7 indeed.
I was not aware to the 2 minutes limit and I never hit it.
A solution would be to call grecaptcha.execute on the button's click, wait
for the response and then submit the ajax request. I'm not a JS expert, thus
I don't know how difficult it is to implement.
For those who need a little bit of documentation :
You need to add the behavior in the form onInitialize() method :
final AjaxRecaptchaV3Validator ajaxRecaptchaV3Validator = new
AjaxRecaptchaV3Validator("action","private key", "public key", "proxy url",
"proxy port");
add(ajaxRecaptchaV3Validator);
The proxy parameters can be null.
Then on the ajax submit button overrides updateAjaxAttributes :
@Override
protected void updateAjaxAttributes(final
AjaxRequestAttributes paramAttributes) {
super.updateAjaxAttributes(paramAttributes);
AjaxRecaptchaV3Validator.addExtraParameters(paramAttributes);
}
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Google reCAPTCHA V3 wicket component?
Posted by Chris Colman <ch...@stepahead.com.au>.
Hi Gabriel,
I've got it working - partially.
I needed to convert my form to full AJAX.
I also finally did a proper translation of the French comments and
realized that I needed to add the this to the AjaxSubmitLink button that
submits the form:
@Override
protected void updateAjaxAttributes (final
AjaxRequestAttributes paramAttributes)
{
super.updateAjaxAttributes (paramAttributes);
AjaxRecaptchaV3Validator.addExtraParameters
(paramAttributes);
}
That part is pretty cool because it avoids the alternatives like having
to create a hidden field in the form.
The AjaxRecaptchaV3Validator instance must also be added to the form
(which I did) but maybe that could also be added to the comments in case
some people miss that.
I thought of an issue: I read somewhere that the token that is returned
after the initial request, after the page loads, is only valid for 2
minutes. However, the validator only uses the token when the form is
submitted - which could be > 2 minutes if the user takes their time to
fill out the form.
Google doc says:
"Send the token immediately to your backend with the request toverify
<https://developers.google.com/recaptcha/docs/verify/>."
which implies that as soon as the page is loaded, when the
grecaptcha.execute function, then the request to verify should take
place immediately.
So if this is correct, we need extra JS executed after it gets the
response from grecaptcha.execute to immediately send a verify request to
the backend, completely asynchronous and independent of the form
submission and this verify request should contain the token received
from grecaptcha.execute.
I'm thinking about options for how this would take place - maybe a
request to a particular URL that is 'waiting' for such a request and
stores the token value in the session object for later use during form
validation.
Google's V3 ReCaptcha is intended to work completely independently of
the form submission phase. The bot detection works without needing any
form submission but the form validation that occurs lately will use the
'score' returned by the earlier call to ReCaptcha's verify process.
On 29/01/2020 8:53 am, Gabriel Landon wrote:
> Hi Chrisco,
>
> It's far from perfect, but here's a good start :
>
> AjaxRecaptchaV3Validator.java
> <http://apache-wicket.1842946.n4.nabble.com/file/t48683/AjaxRecaptchaV3Validator.java>
>
> Regards,
> Gabriel.
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
Re: Google reCAPTCHA V3 wicket component?
Posted by Chris Colman <ch...@stepahead.com.au>.
Hi Gabriel,
I'm using Wicket 6.x - should your Recaptcha validator work for that?
On 29/01/2020 8:53 am, Gabriel Landon wrote:
> Hi Chrisco,
>
> It's far from perfect, but here's a good start :
>
> AjaxRecaptchaV3Validator.java
> <http://apache-wicket.1842946.n4.nabble.com/file/t48683/AjaxRecaptchaV3Validator.java>
>
> Regards,
> Gabriel.
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Google reCAPTCHA V3 wicket component?
Posted by Gabriel Landon <gl...@piti.pf>.
Hi Chrisco,
It's far from perfect, but here's a good start :
AjaxRecaptchaV3Validator.java
<http://apache-wicket.1842946.n4.nabble.com/file/t48683/AjaxRecaptchaV3Validator.java>
Regards,
Gabriel.
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org