Add a reCAPTCHA to your Django App to increase the security. reCAPTCHA is free Google service. It increases the web apps security against bots and spams. The process of entering information on website can very easily automated the same however is not the case for reCATCHA as it requires the mouse click at a specific position.
Google has provided its services for integrating the reCAPTCHA, making the process extremely simple. All we have to do is register our application with Google reCAPTCHA. And integrated the java script and keys provided by the same into our Web App.
reCaptcha Implementation and Setup
Step #1.
Download the Base App. Abase app has been created for you. Right now all it comprises of is simple form which takes users input in the form of comments and saves them in the database. This however is at risk of Automated Bots which can easily spam the servers with large requests. To avoid this we will be adding a simple reCAPTCHA to secure our website.
Step #2.
Register your website along with its domain at google using the “reCAPTCHA v2” and get the secret and website keys which will be used to fire up the captcha. Download the Base App. Abase app has been created for you. Right now all it comprises of is simple form which takes users input in the form of comments and saves them in the database. This however is at risk of Automated Bots which can easily spam the servers with large requests. To avoid this we will be adding a simple reCAPTCHA and secure our website.
Step #3.
Setup the App, Include the following script at the bottom of your form to integrate the reCAPTCHA. Make sure to enter the website key in the form to allow proper processing.
<script src='https://www.google.com/recaptcha/api.js'></script>
<div class="g-recaptcha" data-sitekey="6LcclMkZAAAAABK9IMp456ab0lv6TasQnXkGsmOZ"></div>Now add the secret key in the settings.py file of the project.
GOOGLE_RECAPTCHA_SECRET_KEY = '6LcclMkZAAAAAHx_Wf40Im5sF8mfQ38L20byG-gY'
Change the “if form.is_valid()” code in the views.py file from
if form.is_valid():
form.save()
return redirect('/')
To
if form.is_valid():
recaptcha_response = request.POST.get('g-recaptcha-response')
url = 'https://www.google.com/recaptcha/api/siteverify'
values = {
secret': settings.GOOGLE_RECAPTCHA_SECRET_KEY,
'response': recaptcha_response
}
data = urllib.parse.urlencode(values).encode()
req = urllib.request.Request(url, data=data)
response = urllib.request.urlopen(req)
result = json.loads(response.read().decode())
if result['success']:
form.save()
messages.success(request, 'New comment added with success!')
else:
messages.error(request,
'Invalid reCAPTCHA. Please try again.')
return redirect('')
