Laravel package for Google's Recaptcha V3. This is a lightweight package which focuses on the backend validation of Recaptcha V3 captchas.
To get started, use Composer to add the package to your project's dependencies:
composer require josiasmontag/laravel-recaptchav3
Add RECAPTCHAV3_SITEKEY
and RECAPTCHAV3_SECRET
to your .env
file. (You can get them here)
RECAPTCHAV3_SITEKEY=sitekey
RECAPTCHAV3_SECRET=secret
Optionally, you can publish the config file:
php artisan vendor:publish --provider="Lunaweb\RecaptchaV3\Providers\RecaptchaV3ServiceProvider"
Recaptcha v3 works best when it is loaded on every page to get the most context about interactions. Therefore, add to your header or footer template:
{!! RecaptchaV3::initJs() !!}
RecaptchaV3::field($action, $name='g-recaptcha-response')
creates an invisible input field that gets filled with a Recaptcha token on load.
<form method="post" action="/register">
{!! RecaptchaV3::field('register') !!}
<input type="submit" value="Register"></input>
</form>
Please note if the user is on the page for too long, when they submit the form, there will be a timeout and the reCAPTCHA will not validate.
To get around this please use the following code:
<form id="my-form" method="post" action="/register">
{!! RecaptchaV3::field('register') !!}
{!! RecaptchaV3::field('register', 'g-recaptcha-response', true, 'my-form') !!}
<input type="submit" value="Register"></input>
</form>
In this case the request to get the reCAPTCHA token will be made when the user submits the form, avoiding the timeout.
Add the recaptchav3
validator to the rules array. The rule accepts two parameters: The action
name and the minimum required score
(defaults to 0.5).
$validate = Validator::make(Input::all(), [
'g-recaptcha-response' => 'required|recaptchav3:register,0.5'
]);
Alternatively, you can get the score and take variable action:
// Import the facade class
use Lunaweb\RecaptchaV3\Facades\RecaptchaV3;
// RecaptchaV3::verify($token, $action)
$score = RecaptchaV3::verify($request->get('g-recaptcha-response'), 'register')
if($score > 0.7) {
// go
} elseif($score > 0.3) {
// require additional email verification
} else {
return abort(400, 'You are most likely a bot');
}
Add the following values to the custom
array in the validation
language file:
'custom' => [
'g-recaptcha-response' => [
'recaptchav3' => 'Captcha error message',
],
],
Add to your CSS file:
.grecaptcha-badge { visibility: hidden !important; }
By default, the package follows the default application locale, which is defined in config/app.php
. If you want to change this behavior, you can specify what locale to use by adding a new environment variable :
RECAPTCHAV3_LOCALE=ar
To make your forms testable, you can mock the RecaptchaV3
facade:
RecaptchaV3::shouldReceive('verify')
->once()
->andReturn(1.0);