Table of Contents generated with DocToc
- Introduction
- Installation
- Usage - ReCaptcha
- Contributing
- Suggestions or Comments
This plugin is designed to make using the ReCaptcha service within Grails 3 easy. In order to use this plugin, you must have a ReCaptcha account, available from http://www.google.com/recaptcha.
Add the following to your build.gradle
compile "org.grails.plugins:recaptcha:3.2.0"
Add the following to your application's application.yml
file:
recaptcha:
publicKey: "your public key"
privateKey: "your private key"
includeScript: true
includeNoScript: true
These configurations can also be placed at environment-specific locations in the configuration:
environments:
development:
recaptcha:
enabled: false
production:
recaptcha:
enabled: true
See the Grails docs for examples of using externalized configuration files. The ReCaptcha config can be externalized as
the .groovy
file (easiest), or it can be converted into a Java .properties
file.
The plugin is simple to use. In order to use it, there are four basic steps:
The configuration values are pretty self-explanatory, and match with values used by the ReCaptcha service. You must enter your public and private ReCaptcha keys, or errors will be thrown when trying to display a captcha.
If your server needs to connect through a proxy to the ReCaptcha service, add the following to the ReCaptcha configuration.
recaptcha:
proxy:
server: "" // IP or hostname of proxy server
port: "" // Proxy server port, defaults to 80
username: "" // Optional username if proxy requires authentication
password: "" // Optional password if proxy requires authentication
Only the server
property is required. The port
will default to 80
if not specified. The username
and password
properties need to be specified only when the proxy requires authentication.
Like other configurations, this can be placed at the top-level recaptcha
entry, or it can be specified on a per-environment basis.
If there are issues connecting to Google for verifying the captcha, some of the network timeouts can be changed.
recaptcha:
timeoutConfig:
connectTimeout: 10000 // Timeout for making the network connection in millis. Defaults to 10000
readTimeout: 1000 // Timeout for waiting on the network response in millis. Defaults to 1000
connectTimeout
and readTimeout
can be specified together or independently of each other.
Like other configurations, this can be placed at the top-level recaptcha
entry, or it can be specified on a per-environment basis.
This tag is a simple utility that will render its contents if the captcha is enabled in the configuration.
This tag is a simple utility that will render its contents if the captcha is disabled in the configuration.
This tag is responsible for generating the correct HTML output to display the captcha. It supports the following attributes:
theme
- Can be one ofdark
orlight
. Defaults tolight
.size
- Can be one ofcompact
ornormal
. Defaults tonormal
.lang
- Can be any one of the supported ReCaptcha language codes. See the list of supported language codes.tabindex
- Optional tabindex of the widget.type
- Type of captcha to display if the checkbox is not sufficient. Can be one ofimage
oraudio
. Defaults toimage
.successCallback
- Optional function to be called when the user submits a successful response.expiredCallback
- Optional function to be called when the successful response has expired.includeScript
- IfincludeScript
is set tofalse
at either the global or tag level, the<script>
tag required by ReCaptcha will not be included in the generated HTML. The<recaptcha:script>
tag is also required in this scenario.
See the ReCaptcha Client Guide for more details.
This tag will render the required <script>
tag. Combine this with the global or tag-level includeScript=false
setting to allow putting the <script>
tag elsewhere in your markup. This tag also supports the "lang" attribute. This does not work in the <head>
section of the page
This tag is responsible for generating the correct HTML output to support explicit display and usage of the captcha. It supports the following attributes:
lang
- Can be any one of the supported ReCaptcha language codes. See the list of supported language codes.loadCallback
- The JavaScript function to be called when all dependencies have loaded. This function is usually responsible for rendering the captcha.
For more information about explicit mode captchas, see the ReCaptcha documentation.
This utility tag will generate the JSON string used as a parameter to the grecaptcha.render()
function. It supports the following attributes:
theme
- Can be one ofdark
orlight
. Defaults tolight
.size
- Can be one ofcompact
ornormal
. Defaults tonormal
.tabindex
- Optional tabindex of the widget.type
- Type of captcha to display if the checkbox is not sufficient. Can be one ofimage
oraudio
. Defaults toimage
.successCallback
- Optional function to be called when the user submits a successful response.expiredCallback
- Optional function to be called when the successful response has expired.
See the ReCaptcha Client Guide for more details.
This tag will render its contents if the previous validation failed.
In your controller, call recaptchaService.verifyAnswer(session, request.getRemoteAddr(), params)
to verify the answer provided by the user. This method will return true or false. Also note that verifyAnswer
will return true
if the plugin has been disabled in the configuration - this means you won't have to change your controller.
Here's a simple example pulled from an account creation application.
This is the most common usage scenario.
In our GSP, we add the code to show the captcha:
<recaptcha:ifEnabled>
<recaptcha:recaptcha theme="dark"/>
</recaptcha:ifEnabled>
In this example, we're using ReCaptcha's dark
theme. Leaving out the theme
attribute will default the captcha to the light
theme.
In our GSP, we add code like the following:
<script type="text/javascript">
var onloadCallback = function() {
grecaptcha.render('html_element', <recaptcha:renderParameters theme="dark" type="audio" tabindex="2"/>);
};
</script>
<g:form action="myAction" method="post">
<recaptcha:ifEnabled>
<recaptcha:recaptchaExplicit loadCallback="onloadCallback"/>
<div id="html_element"></div>
</recaptcha:ifEnabled>
<br/>
<g:submitButton name="submit"/>
</g:form>
In this example, we're using ReCaptcha's dark
theme, with an audio
captcha and a tabindex
of 2.
For more information about explicit mode captchas, see the ReCaptcha documentation.
Set the includeScript
value to false
either at the tag level (below), or in the global ReCaptcha settings.
<body>
<g:form action="validateNormal" method="post" >
<recaptcha:ifEnabled>
<recaptcha:recaptcha includeScript="false"/>
</recaptcha:ifEnabled>
<br/>
<g:submitButton name="submit"/>
</g:form>
<recaptcha:script/>
</body>
This will cause the <script src="https://www.google.com/recaptcha/api.js?" async="" defer=""></script>
tag to be output separately at the bottom of the document instead of just before the <div>
containing the captcha.
If you want to change the language your captcha uses, set lang = "someLang"
in the <recaptcha:recaptcha>
or <recaptcha:recaptchaExplcit>
tags.
See ReCaptcha Language Codes for available languages.
Here's an abbreviated controller class that verifies the captcha value when a new user is saved:
import com.megatome.grails.RecaptchaService
class UserController {
RecaptchaService recaptchaService
def save = {
def user = new User(params)
...other validation...
def recaptchaOK = true
if (!recaptchaService.verifyAnswer(session, request.getRemoteAddr(), params)) {
recaptchaOK = false
}
if(!user.hasErrors() && recaptchaOK && user.save()) {
recaptchaService.cleanUp(session)
...other account creation acivities...
render(view:'showConfirmation',model:[user:user])
}
else {
render(view:'create',model:[user:user])
}
}
}
You can look at the test cases in the plugin itself, or you can implement something similar to:
private void buildAndCheckAnswer(String postText, boolean expectedValid) {
def stub = new StubFor(Post.class)
stub.demand.hasProperty(3..3) { true }
stub.demand.setUrl() {}
stub.demand.setProxy() {}
stub.demand.getQueryParams(3..3) { new QueryParams(null) }
stub.demand.getResponse() { postText == null ? null : new JsonSlurper().parseText(postText) }
stub.use {
def response = r.checkAnswer("123.123.123.123", "response")
assert response == expectedValid
}
}
The postText
parameter represents the response from the ReCaptcha server. Here are examples of simulating success and failure results:
when:"A successful response message"
def answer = """{ "success": true }"""
then:
buildAndCheckAnswer(answer, true)
when:"A failure response message"
answer = """{ "success": false }"""
then:
buildAndCheckAnswer(answer, false)
See the contribution guidelines.
Feel free to submit questions through GitHub or to StackOverflow.
Alternatively you can contact me directly - cjohnston at megatome dot com