Socket
Socket
Sign inDemoInstall

drf-recaptcha

Package Overview
Dependencies
3
Maintainers
1
Alerts
File Explorer

Install Socket

Detect and block malicious and high-risk dependencies

Install

    drf-recaptcha

Django rest framework recaptcha field serializer.

Maintainers
1

Readme

Django REST reCAPTCHA

Django REST reCAPTCHA v2 and v3 field serializer

CI Codacy Badge Codacy Badge Code style: black PyPI PyPI - Downloads PyPI - License

Requirements

  • Python: 3.7, 3.8, 3.9, 3.10, 3.11
  • Django: 3.2, 4.0, 4.1, 4.2
  • DRF: 3.11, 3.12, 3.13, 3.14

Installation

  1. Sign up for reCAPTCHA
  2. Install with pip install drf-recaptcha
  3. Add "drf_recaptcha" to your INSTALLED_APPS settings.
  4. Set in settings DRF_RECAPTCHA_SECRET_KEY
INSTALLED_APPS = [
   ...,
   "drf_recaptcha",
   ...,
]

...

DRF_RECAPTCHA_SECRET_KEY = "YOUR SECRET KEY"

Usage

from rest_framework.serializers import Serializer, ModelSerializer
from drf_recaptcha.fields import ReCaptchaV2Field, ReCaptchaV3Field
from feedback.models import Feedback


class V2Serializer(Serializer):
    recaptcha = ReCaptchaV2Field()
    ...

class GetOTPView(APIView):
    def post(self, request):
        serializer = V2Serializer(data=request.data, context={"request": request})
        serializer.is_valid(raise_exception=True)
        ...

class V3Serializer(Serializer):
    recaptcha = ReCaptchaV3Field(action="example")
    ...

class V3WithScoreSerializer(Serializer):
    recaptcha = ReCaptchaV3Field(
        action="example",
        required_score=0.6,
    )
    ...

class GetReCaptchaScore(APIView):
    def post(self, request):
        serializer = V3WithScoreSerializer(data=request.data, context={"request": request})
        serializer.is_valid()
        score = serializer.fields['recaptcha'].score
        ...

class FeedbackSerializer(ModelSerializer):
    recaptcha = ReCaptchaV2Field()

    class Meta:
        model = Feedback
        fields = ("phone", "full_name", "email", "comment", "recaptcha")

    def validate(self, attrs):
        attrs.pop("recaptcha")
        ...
        return attrs

    
class DynamicContextSecretKey(APIView):
    def post(self, request):
        if request.platform == "android":
            recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
        else:
            recaptcha_secret_key = "SPECIAL_FOR_IOS"
        serializer = WithReCaptchaSerializer(
            data=request.data,
            context={
                "request": request,
                "recaptcha_secret_key": recaptcha_secret_key,
            },
        )
        serializer.is_valid(raise_exception=True)
        ...
    

class DynamicContextSecretKey(GenericAPIView):
    serializer_class = WithReCaptchaSerializer
    
    def get_serializer_context(self):
        if self.request.platform == "android":
            recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
        else:
            recaptcha_secret_key = "SPECIAL_FOR_IOS"
        context = super().get_serializer_context()
        context.update({"recaptcha_secret_key": recaptcha_secret_key})
        return context
    

class MobileSerializer(Serializer):
    recaptcha = ReCaptchaV3Field(secret_key="")
    ...

Settings

DRF_RECAPTCHA_SECRET_KEY - set your Google reCAPTCHA secret key. Type: str.

DRF_RECAPTCHA_DEFAULT_V3_SCORE - by default: 0.5. Type: float.

DRF_RECAPTCHA_ACTION_V3_SCORES - by default: {}. Type: dict. You can define specific score for each action e.g. {"login": 0.6, "feedback": 0.3}

DRF_RECAPTCHA_DOMAIN - by default: www.google.com. Type: str.

DRF_RECAPTCHA_PROXY - by default: {}. Type: dict. e.g. {'http': 'http://127.0.0.1:8000', 'https': 'https://127.0.0.1:8000'}

DRF_RECAPTCHA_VERIFY_REQUEST_TIMEOUT - by default: 10. Type: int.

Priority of secret_key value

  1. settings DRF_RECAPTCHA_SECRET_KEY
  2. the argument secret_key of field
  3. request.context["recaptcha_secret_key"]

reCAPTCHA v3

Validation is passed if the score value returned by Google is greater than or equal to required score.

Required score value: 0.0 - 1.0

Priority of score value

If not defined or zero in current item then value from next item.

  1. Value for action in settings DRF_RECAPTCHA_ACTION_V3_SCORES
  2. Value in argument required_score of field
  3. Default value in settings DRF_RECAPTCHA_DEFAULT_V3_SCORE
  4. Default value 0.5

Testing

Set DRF_RECAPTCHA_TESTING=True in settings, no request to Google, no warnings, DRF_RECAPTCHA_SECRET_KEY is not required, set returning verification result in setting below.

DRF_RECAPTCHA_TESTING_PASS=True|False - all responses are pass, default True.

Use from django.test import override_settings

Credits

django-recaptcha

reCAPTCHA copyright 2012 Google.

Keywords

FAQs

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

tea.xyz Spam Plagues npm and RubyGems Package Registries

Security News

tea.xyz Spam Plagues npm and RubyGems Package Registries

Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.

By Sarah Gooding  -  Apr 27, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc