Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Django REST reCAPTCHA v2 and v3 field serializer
pip install drf-recaptcha
"drf_recaptcha"
to your INSTALLED_APPS
settings.DRF_RECAPTCHA_SECRET_KEY
INSTALLED_APPS = [
...,
"drf_recaptcha",
...,
]
...
DRF_RECAPTCHA_SECRET_KEY = "YOUR SECRET KEY"
from rest_framework.serializers import Serializer, ModelSerializer
from drf_recaptcha.fields import ReCaptchaV2Field, ReCaptchaV3Field
from feedback.models import Feedback
class V2Serializer(Serializer):
recaptcha = ReCaptchaV2Field()
...
class GetOTPView(APIView):
def post(self, request):
serializer = V2Serializer(data=request.data, context={"request": request})
serializer.is_valid(raise_exception=True)
...
class V3Serializer(Serializer):
recaptcha = ReCaptchaV3Field(action="example")
...
class V3WithScoreSerializer(Serializer):
recaptcha = ReCaptchaV3Field(
action="example",
required_score=0.6,
)
...
class GetReCaptchaScore(APIView):
def post(self, request):
serializer = V3WithScoreSerializer(data=request.data, context={"request": request})
serializer.is_valid()
score = serializer.fields['recaptcha'].score
...
class FeedbackSerializer(ModelSerializer):
recaptcha = ReCaptchaV2Field()
class Meta:
model = Feedback
fields = ("phone", "full_name", "email", "comment", "recaptcha")
def validate(self, attrs):
attrs.pop("recaptcha")
...
return attrs
class DynamicContextSecretKey(APIView):
def post(self, request):
if request.platform == "android":
recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
else:
recaptcha_secret_key = "SPECIAL_FOR_IOS"
serializer = WithReCaptchaSerializer(
data=request.data,
context={
"request": request,
"recaptcha_secret_key": recaptcha_secret_key,
},
)
serializer.is_valid(raise_exception=True)
...
class DynamicContextSecretKey(GenericAPIView):
serializer_class = WithReCaptchaSerializer
def get_serializer_context(self):
if self.request.platform == "android":
recaptcha_secret_key = "SPECIAL_FOR_ANDROID"
else:
recaptcha_secret_key = "SPECIAL_FOR_IOS"
context = super().get_serializer_context()
context.update({"recaptcha_secret_key": recaptcha_secret_key})
return context
class MobileSerializer(Serializer):
recaptcha = ReCaptchaV3Field(secret_key="SPECIAL_MOBILE_KEY", action="feedback")
...
DRF_RECAPTCHA_SECRET_KEY
- set your Google reCAPTCHA secret key. Type: str.
DRF_RECAPTCHA_DEFAULT_V3_SCORE
- by default: 0.5
. Type: float.
DRF_RECAPTCHA_ACTION_V3_SCORES
- by default: {}
. Type: dict. You can define specific score for each action e.g.
{"login": 0.6, "feedback": 0.3}
DRF_RECAPTCHA_DOMAIN
- by default: www.google.com
. Type: str.
DRF_RECAPTCHA_PROXY
- by default: {}
. Type: dict. e.g.
{'http': 'http://127.0.0.1:8000', 'https': 'https://127.0.0.1:8000'}
DRF_RECAPTCHA_VERIFY_REQUEST_TIMEOUT
- by default: 10
. Type: int.
DRF_RECAPTCHA_SECRET_KEY
secret_key
of fieldIf you need to disable the error, you can do so using the django settings.
SILENCED_SYSTEM_CHECKS = ['drf_recaptcha.checks.recaptcha_system_check']
Validation is passed if the score value returned by Google is greater than or equal to required score.
Required score value: 0.0 - 1.0
If not defined or zero in current item then value from next item.
DRF_RECAPTCHA_ACTION_V3_SCORES
required_score
of fieldDRF_RECAPTCHA_DEFAULT_V3_SCORE
0.5
Set DRF_RECAPTCHA_TESTING=True
in settings, no request to Google, no warnings, DRF_RECAPTCHA_SECRET_KEY
is not
required, set returning verification result in setting below.
DRF_RECAPTCHA_TESTING_PASS=True|False
- all responses are pass, default True
.
Use from django.test import override_settings
reCAPTCHA copyright 2012 Google.
FAQs
Django rest framework recaptcha field serializer
We found that drf-recaptcha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.