search

babaktaremi / GoogleCaptchaComponent

🤖 Implementation of google reCaptcha as a blazor component with support of reCaptcha-V2 and reCaptcha-V3 and server validation
MIT License
77 stars 13 forks source link

I have problem writing the serverside verification function, Is there any examples for this #11

Closed MG1376 closed 9 months ago

MG1376 commented 9 months ago

How to validate the Captcha in an api method? what is a secret key? is it relating to encryption? I have no clue how to write the api verification method. I've just created the api response model class. Help please.

public class GoogleCaptchaCheckResponseResult
 {
     public bool Success { get; set; } = false;
     public List<string> ErrorCodes { get; set; } = new List<string>();
 }
MG1376 commented 9 months ago

I wrote the server validate function as:

private async Task<ServerSideCaptchaValidationResultModel> ServerSideValidationHandler(ServerSideCaptchaValidationRequestModel requestModel)
{
    var secretKey = await httpClient.GetStringAsync("api/account/getsecretkey");        
    var apiResult = await httpClient.GetFromJsonAsync<GoogleCaptchaCheckResponseResult?>
        ($"https://www.google.com/recaptcha/api/siteverify?secret={secretKey}&response={requestModel.CaptchaResponse}");
    captchaSuccess = apiResult.Success;
    return new ServerSideCaptchaValidationResultModel(apiResult.Success);
}

and the model:

public class GoogleCaptchaCheckResponseResult
{
    [JsonPropertyName("success")]
    public bool Success { get; set; }
    [JsonPropertyName("error-codes")]
    public List<string?>? ErrorCodes { get; set; }
    [JsonPropertyName("hostname")]
    public string? HostName { get; set; }
    [JsonPropertyName("challenge_ts")]
    public DateTime? ChallengeTS { get; set; }
}

while reCaptcha works and green tick appears, But no callbacks are called. I need the success result. Callbacks are not working.

babaktaremi commented 9 months ago

Hi. Have you provided a delegate for the SuccessCallBack event call back?

Take a look at the example: https://github.com/babaktaremi/GoogleCaptchaComponent/blob/master/GoogleCaptcha.Exmaple/Pages/Counter.razor

babaktaremi commented 9 months ago

and PLEASE call https://www.google.com/recaptcha/api/siteverify endpoint from your backend API , don't expose your secret key

MG1376 commented 9 months ago

I solved the issue. I wrote the serverside function using https://www.google.com/recaptcha/api/siteverify?secret={encsk}&response={encrsp}" but the problem was the client side used a get request to send captcha response to my server, since the response token is large a get request failed and callbacks were not called.

Note: I changed from above codes so that the google call happens on the server.

babaktaremi commented 9 months ago

I solved the issue. I wrote the serverside function using https://www.google.com/recaptcha/api/siteverify?secret={encsk}&response={encrsp}" but the problem was the client side used a get request to send captcha response to my server, since the response token is large a get request failed and callbacks were not called.

Note: I changed from above codes so that the google call happens on the server.

Great ! . Closing the issue