search

mbi / django-simple-captcha

Django Simple Captcha is an extremely simple, yet highly customizable Django application to add captcha images to any Django form.
http://django-simple-captcha.readthedocs.io/en/latest/
MIT License
1.38k stars 324 forks source link

Captcha allows invalid input #181

Open kkmehta03 opened 4 years ago

kkmehta03 commented 4 years ago

I added the captcha field in accordance with the instructions here. And the captcha field shows up in the custom form. However, it allows me to the next url even if I have entered the wrong input to the captcha. In the sense, it is not validating the captcha correctly. Can someone help me out? What am I doing wrong? Here's the form :

class SomeForm(AuthenticationForm):
    business = forms.ModelChoiceField(
        queryset=Business.objects.all().order_by('bus_name'),
        required=True,
        empty_label="Select Business")

    phone = forms.IntegerField(
        label=" ",
        widget=forms.TextInput(
            attrs={
                'class': 'form-control',
                'style': 'width:300px',
                'name': 'phone',
                "min": "6666666666",
                "max": "9999999999",
                'placeholder': "Mobile number"
            }))
    password = forms.CharField(
        label=" ",
        max_length=30,
        widget=forms.PasswordInput(
            attrs={
                'class': 'form-control',
                'name': 'phone',
                'style': 'width:300px',
                'password': forms.PasswordInput(),
                'placeholder': "Enter your password"
            }))
    captcha = CaptchaField()

Here's the views.py : 

def login(request):
    form = SomeForm()
    if request.method == 'POST':
        captcha_form = SomeForm(request, request.POST)
        if captcha_form.is_valid:
           url = reverse('dashboard')
           return HttpResponse(url)
       else:
           print('not valid form')

Here's the input form on clicking submit : request.POST:

<QueryDict: {'csrfmiddlewaretoken': ['some_token'], 'phone': ['999999999'], 'password': ['pass'], 'business': ['1'], 'captcha_0': ['f44cda7f7d14bfbaa76ba702cfa477a99b3d4160'], 'captcha_1': ['j']}>

the captcha form:

<tr><th><label for="id_phone"> :</label></th><td><input type="text" name="phone" value="9999999999" class="form-control" style="width:300px" name="phone" min="6666666666" max="9999999999" placeholder="Mobile number" required id="id_phone"></td></tr>
<tr><th><label for="id_password"> :</label></th><td><input type="password" name="password" class="form-control" name="phone" style="width:300px" password="&lt;django.forms.widgets.PasswordInput object at 0x3fs822310&gt;" placeholder="Enter your password" maxlength="30" required id="id_password"></td></tr>
<tr><th><label for="id_captcha_1">Captcha:</label></th><td><ul class="errorlist"><li>Invalid CAPTCHA</li></ul><img src="/auth/captcha/image/148bf605b02c87516ad088f7e43d5a6c41d04264/" alt="captcha" class="captcha" />
<input type="hidden" name="captcha_0" value="148bf605b02c87516ad088f7e43d5a6c41d04264" required id="id_captcha_0"><input type="text" name="captcha_1" required id="id_captcha_1" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false"><input type="hidden" name="organization" value="1" id="id_organization"></td></tr>
Pyvonix commented 1 year ago

Hi @kmehta03,

They are two things in your views.py:

  1. SomeForm should only take the current posted request
  2. is_valid is a method

That should be something like:

def login(request):
    if request.method == 'POST':
        captcha_form = SomeForm(request.POST)
        if captcha_form.is_valid():
           url = reverse('dashboard')
           return HttpResponse(url)
        else:
           print('not valid form')
    else:
        # It's GET 
        form = SomeForm()