How to use in backend Laravel 6
avega93 opened this issue · 10 comments
How to use in the laravel 6 Backend to validate user login?
Any form that not send the token in a hidden input?
How to block user from login/register?
To validate via backend, login and register actions, you have to follow instructions you can find in How to use v2.
- First of all, add Checkbox or Invisible ReCAPTCHA to your login and register form.
- Verify submitted data adding backend validation to
LoginControllerandRegisterController.
InLoginController(App\Http\Controllers\Auth\LoginController) you have to overridevalidateLoginmethod you can easily find inAutenticatesUserstrait adding following row to validation rules:
'g-recaptcha-response' => 'recaptcha',
// OR since v4.0.0
// recaptchaFieldName() => recaptchaRuleName()In RegisterController (App\Http\Controllers\Auth\RegisterController) add to validation rules in validator method the same row.
It should work fine. Let me know.
@biscolab How to validate the input from the back-end with reCaptcha v3?
@harishdurga reCAPTCHA v3 returns a validation token to the front-end as soon as "ReCaptcha" is ready. After that, the built-in validation system (of this package) send that token to the back-end. It will validate in Biscolab\ReCaptcha\Controllers\ReCaptchaController@validateV3.
You can customize the validation process as explained in Laravel ReCaptcha V3 Official Documentation using callback_then configuration parameter on front-end and recaptcha()->validate($token) on back-end.
Please read also Google Developer Official Documentation
@biscolab Both links you provided are the same. And your documentation doesn't say a word about the backend.
Hi,
it's still not clear. in login page, the score get before the form is submitted. do we just redirect to 404 page in client side as the score is ready. If bot login with api without login view page, what will happen, how to get the score in backend? like in login controller?
Maybe its a little late hah, but the solution is to pass the token to the backend after the page loaded. So just like my code down here. This is for v3 btw
Initialize script in head and assign your custom validation function. You will receive the token in there
{!! htmlScriptTagJsApi([ 'action' => 'homepage', 'custom_validation' => 'generateToken' ]) !!}
I kept my validation function simple to just put the token into an hidden input
function generateToken(token) { document.getElementById('g-recaptcha-response').value = token; }
After this you can submit the form. The rest will be done in the backend
With recaptcha()->validate($token) you will receive the right score from the recaptcha and after that you can filter out the score
$this->validate($request, [ 'g-recaptcha-response' => 'required', ]);
$response = recaptcha()->validate($request['g-recaptcha-response']); if($response['success'] == true && $response['score'] >= 0.75 && $response['score'] <= 1) { dd('User passed the score test'); } else { // if score is too low.... maybe a bot. dd('User did not pass the score test'); }
@JBOnlinebouwers Thanks for briging a working solution, but I'm afraid your code is terrible :-( We have chosen to use a package because we don't want to write code this way.
@biscolab isn't there a builtin validation rule in your package ? Isn't there a helper to insert the hidden field in the form ? Have I missed something ?
@alexandreMesle I'm sorry but I'm afraid I didn't understand what you need...V3 does not give you a true/false, gives you a score...you can customize the javascript code to handle the score.
@alexandreMesle I handle the code this way so it can't be manipulated in the frontend. The token will be sent to the backend and in the backend it will get the score. With this score between 0.0 and 1. When the score is closer to 1 then its more likely to be a user. Do you have a solution to a more efficient code where the token cannot be changed in the frontend?