search

genemu / GenemuFormBundle

Extra Form : Captcha GD, Tinymce, Recaptcha, JQueryDate, JQueryAutocomplete, JQuerySlider, JQueryFile, JQueryImage
587 stars 265 forks source link

Update reCAPTCHA to allow for "No CAPTCHA reCAPTCHA" #378

Open succinct opened 9 years ago

succinct commented 9 years ago

As outlined in a Google blog post from December 3 - http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html - it is now possible to allow human users to simply pass a diagnostic check to prove they are not a robot.

I would like to take advantage of this new functionality via GenemuFormBundle, but the current template does not use the specified standards outlined at https://developers.google.com/recaptcha/docs/display:

<html>
  <head>
    <title>reCAPTCHA demo: Simple page</title>
     <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
    <form action="?" method="POST">
      <div class="g-recaptcha" data-sitekey="your_site_key"></div>
      <br/>
      <input type="submit" value="Submit">
    </form>
  </body>
</html>

In my project, I overrode the div_layout.html.twig and jquery_layout.html.twig to match the modern implementation. This worked on the front end, but failed to validate upon form submission:

{# /views/Form/div_layout.html.twig #}
{% block genemu_recaptcha_widget %}
{% spaceless %}
    <div class="g-recaptcha" data-sitekey="{{ public_key }}"></div>
{% endspaceless %}
{% endblock genemu_recaptcha_widget %}

{# /views/Form/jquery_layout.html.twig #}
{% block genemu_recaptcha_javascript %}
{% spaceless %}
    <script src='https://www.google.com/recaptcha/api.js' async defer></script>
{% endspaceless %}
{% endblock genemu_recaptcha_javascript %}

Additionally, I'm not certain how we might be able to specify a static captcha string (https://github.com/genemu/GenemuFormBundle/blob/master/Resources/doc/recaptcha/index.md#hardcoding-the-captcha-value-for-testing) using the new widget. Without this, our automated test will not be able to bypass the captcha.

gpapin commented 9 years ago

:+1: I'll love to see this feature implemented ! Google did a nice move introducing this new feature

attilabukor commented 9 years ago

would like this feature too! i think it would be nice to replace it with a simple checkbox in the test environment so the automated tests could bypass easily.