radiergummi/recaptcha-verify

Verifies Recaptcha with Google's API

Recaptcha Verify plugin for Craft CMS 3.x

Verifies Recaptcha with Google's API., _(*1)

, _(*2)

Requirements

This plugin requires Craft CMS 3.0.0-beta.23 or later., _(*3)

Installation

To install the plugin, follow these instructions., _(*4)

1. Open your terminal and go to your Craft project:

 cd /path/to/project

1. Then tell Composer to load the plugin:

 composer require radiergummi/recaptcha-verify

1. In the Control Panel, go to Settings → Plugins and click the “Install” button for Recaptcha Verify.

Recaptcha Verify Overview

Recaptcha Verify validates Recaptcha tokens against Google's library. This is most possibly the smallest plugin I've ever written for any CMS (ignoring my debugTheme plugin for WordPress, which has an astonishing 3 lines to offer)., _(*5)

Using Recaptcha Verify

Recaptcha Verify provides a new POST action to Craft: recaptcha-verify/verify, that enables you to verify your responses. It also provides listeners for the contact form plugin, so you can verify your submissions. Details below., _(*6)

The action expects the body content to contain CRAFT_CSRF_TOKEN and token, where token is the Recaptcha token received from Google. To set up the client side verification process, take a peek at the Google documentation., _(*7)

The response will be a 400 error if - you don't have a secret configured in the settings - there is no token in the POST body, _(*8)

The response will be a 200 success if - the token could be validated ({status: 'success'} as response body) - the token could not be validated ({status: 'failed'} as response body), _(*9)

It might sound strange to not throw an error for a validation issue, but it's actually just the result of the action asked for. How you handle that error on the client side is up to you. If there is substantial interest in that being changed to throw an error too, I'll update the plugin., _(*10)

Configuring Recaptcha Verify

There are two settings fields: Your Recaptcha API site key and secret. You can acquire them here: https://www.google.com/recaptcha/admin, _(*11)

Fill the values as they are presented on the Google instructions page. You can also use a (multi-environment aware) configuration file named recaptcha-verify.php., _(*12)

ContactForm integration

This is still a TODO scheduled for 0.3.0 :wink:
Currently I'm not sure on how to make this optional, if anyone would like to help out, I'm open for PRs or issues., _(*13)

To validate the token within a form submission, include the field message[token] in your form submission. Recaptcha does currently not (and most likely never will) support browsers without JavaScript, so you'll need to submit it via JS anyway.
See the following example form for reference:, _(*14)

Brought to you by Radiergummi, _(*15)