Closed AlexandreMoullard closed 5 years ago
kbytesys
commented
5 years ago You're right, that code was used in a early beta of reCaptcha3 api when the success weren't only a token validation. BTW I think that https://github.com/kbytesys/django-recaptcha3/pull/2 will solve this bug.
I need some time in order to fix the travis configuration and to bump the version number, but I think to create a new release in the next week.
AlexandreMoullard
commented
5 years ago Oh ok, that makes sense. Yeah I saw the work on #2 just after posting this issue. Thanks
kbytesys
commented
5 years ago I merged the pull request, but I need a couple of days for fix travis and make the new package release.
coachandcounsel
commented
5 years ago Hi, thx for this package! I haven't seen a release yet for this issue. Any estimate on that?
kbytesys
commented
5 years ago Yes, sorry for my delay. I will update this package as soon as possibile (I hope just before Christmas)
kbytesys
commented
5 years ago New package released.
Hi, Thanks a lot for this awesome package! I noticed a small problem while I was using it (I'm not sure I'm using it correctly).
I was expecting the captcha field to fail during the form clean() when a robot filled the form. But it seems it doesn't. After looking into the source code of fields.py, we are only looking to the 'success' part of the google response:
if bool(json_response['success']): return values[0]
But on the google/recaptcha3 documentation: https://developers.google.com/recaptcha/docs/v3 It says -> "success": true|false, // whether this request was a valid reCAPTCHA token for your site So we are only telling if the token is valid, but not if a bot is around. I was not expecting that. I think it would be better to change:
if bool(json_response['success']): return json_response
And let the user define an error on the returned score value in a django clean() method. Or am I missing something?