Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Readme
Django REST reCAPTCHA v2 and v3 field serializer
pip install drf-recaptcha
"drf_recaptcha"
to your INSTALLED_APPS
settings.DRF_RECAPTCHA_SECRET_KEY
INSTALLED_APPS = [
...,
"drf_recaptcha",
...,
]
...
DRF_RECAPTCHA_SECRET_KEY = "YOUR SECRET KEY"
from rest_framework.serializers import Serializer, ModelSerializer
from drf_recaptcha.fields import ReCaptchaV2Field, ReCaptchaV3Field
from feedback.models import Feedback
class V2Serializer(Serializer):
recaptcha = ReCaptchaV2Field()
...
class GetOTPView(APIView):
def post(self, request):
serializer = V2Serializer(data=request.data, context={"request": request})
serializer.is_valid(raise_exception=True)
...
class V3Serializer(Serializer):
recaptcha = ReCaptchaV3Field(action="example")
...
class V3WithScoreSerializer(Serializer):
recaptcha = ReCaptchaV3Field(
action="example",
required_score=0.6,
)
...
class GetReCaptchaScore(APIView):
def post(self, request):
serializer = V3WithScoreSerializer(data=request.data, context={"request": request})
serializer.is_valid()
score = serializer.fields['recaptcha'].score
...
class FeedbackSerializer(ModelSerializer):
recaptcha = ReCaptchaV2Field()
class Meta:
model = Feedback
fields = ("phone", "full_name", "email", "comment", "recaptcha")
def validate(self, attrs):
attrs.pop("recaptcha")
...
return attrs
class DynamicContextSecretKey(APIView):
def post(self, request):
if request.platform == "android":
recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
else:
recaptcha_secret_key = "SPECIAL_FOR_IOS"
serializer = WithReCaptchaSerializer(
data=request.data,
context={
"request": request,
"recaptcha_secret_key": recaptcha_secret_key,
},
)
serializer.is_valid(raise_exception=True)
...
class DynamicContextSecretKey(GenericAPIView):
serializer_class = WithReCaptchaSerializer
def get_serializer_context(self):
if self.request.platform == "android":
recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
else:
recaptcha_secret_key = "SPECIAL_FOR_IOS"
context = super().get_serializer_context()
context.update({"recaptcha_secret_key": recaptcha_secret_key})
return context
class MobileSerializer(Serializer):
recaptcha = ReCaptchaV3Field(secret_key="")
...
DRF_RECAPTCHA_SECRET_KEY
- set your Google reCAPTCHA secret key. Type: str.
DRF_RECAPTCHA_DEFAULT_V3_SCORE
- by default: 0.5
. Type: float.
DRF_RECAPTCHA_ACTION_V3_SCORES
- by default: {}
. Type: dict. You can define specific score for each action e.g. {"login": 0.6, "feedback": 0.3}
DRF_RECAPTCHA_DOMAIN
- by default: www.google.com
. Type: str.
DRF_RECAPTCHA_PROXY
- by default: {}
. Type: dict. e.g. {'http': 'http://127.0.0.1:8000', 'https': 'https://127.0.0.1:8000'}
DRF_RECAPTCHA_VERIFY_REQUEST_TIMEOUT
- by default: 10
. Type: int.
DRF_RECAPTCHA_SECRET_KEY
secret_key
of fieldValidation is passed if the score value returned by Google is greater than or equal to required score.
Required score value: 0.0 - 1.0
If not defined or zero in current item then value from next item.
DRF_RECAPTCHA_ACTION_V3_SCORES
required_score
of fieldDRF_RECAPTCHA_DEFAULT_V3_SCORE
0.5
Set DRF_RECAPTCHA_TESTING=True
in settings, no request to Google, no warnings, DRF_RECAPTCHA_SECRET_KEY
is not required, set returning verification result in setting below.
DRF_RECAPTCHA_TESTING_PASS=True|False
- all responses are pass, default True
.
Use from django.test import override_settings
reCAPTCHA copyright 2012 Google.
FAQs
Django rest framework recaptcha field serializer.
We found that drf-recaptcha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.