AsyncIO client for the hCaptcha service
Secure your forms using a captcha.
pip install aiohcaptcha
You can define the secret key HCAPTCHA_SECRET_KEY in the environment or directly pass it to the HCaptchaClient model as a parameter.
Get the secret and public keys from the hcaptcha.com.
<div class="h-captcha" data-sitekey="your_site_key"></div>
<script src="https://hcaptcha.com/1/api.js" async defer></script>
Check hCaptcha docs for more details on the HTML widget.
from aiohcaptcha import HCaptchaClient
response_token = request.POST["h-captcha-response"]
client = HCaptchaClient(secret_key)
verified = await client.verify(response_token) # a boolean
You can adjust it to any Python Web framework that has async view support.
If you are sending the form data using an AJAX request, use $('textarea[name=h-captcha-response]').val(); for the captcha key.
Response details are stored in client.response,
details of the HCaptchaResponse model is same as the JSON response provided in the hCaptcha documentation.
You can also add remote_ip and sitekey (expected key) to the client.verify function.
These parameters are explained in the hCaptcha docs.
For unit testing, you can create the Client HCaptchaClient with debug=True parameter.
In this mode, the verify function will return True if the user_response token and sitekey parameters do match, otherwise it will return False:
client = HCaptchaClient("<SECRET_KEY>", debug=True)
assert await client.verify("<USER_TOKEN>", sitekey="<SAME_TOKEN>")
assert await client.verify("<USER_TOKEN>", sitekey="<DIFFERENT_TOKEN>") is False
© 2020 Emin Mastizada. MIT Licenced.
FAQs
AsyncIO client for the hCaptcha service.
We found that aiohcaptcha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.