CODEWITHSUNDEEP
javascriptpythonhtmlformsrecaptcha
Daan Seuntjens
Daan Seuntjens

Reputation: 960

How to implement recaptcha in odoo

We are using odoo 12 online for enterprises. We would like to protect our forms using google recaptcha.

How can we implement google recaptcha? If possible a full example how to implement it.

We would prefer recaptcha v3 but if not possible a v2 implementation is fine.

When I try to search online for implementation of google recaptcha there's almost every time a .php file included. Our pages are loaded with QWeb view types and php isn't supported.

Is it possible to implement without php? We could definitely use html and javascript and probably python, is it possible to do with only these? If it's possible we would like to do it with only javascript and html but I'm assuming that's not the case.

Is there any other form protection we could implement using only html and javascript?

Upvotes: 2

Views: 1688

Answers (2)

user3623213
user3623213

Reputation: 91

Hope this will helps, you can get an idea from odoo forum.

Upvotes: 0

batthomas
batthomas

Reputation: 447

Google reCAPTCHA v3 in Python

You need to install reCAPTCHA on the frontend and implement the verification on the backend. At the bottom of the post, I linked the official Google reCAPTCHA documentation.

Frontend Integration

<script src="https://www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key"></script>
<script>
grecaptcha.ready(function() {
    grecaptcha.execute('reCAPTCHA_site_key', {action: 'homepage'}).then(function(token) {
       ...
    });
});
</script>

The frontend just needs to:

  1. Load the JavaScript api with your sitekey
  2. Call grecaptcha.execute on an action or when the page loads
  3. Send the token to your backend with the request to verify

Backend Integration

The verification of the token is the same as in reCAPTCHA v2. When the user submits the form on your site, you get the POST parameter g-recaptcha-response. You need to make a POST request to the Google reCAPTCHA service with following parameters. You can take your HTTP request framework of your choice.

POST Parameter  Description
secret          Required. The shared key between your site and reCAPTCHA.
response        Required. The user response token provided by the reCAPTCHA client-side integration on your site.
remoteip        Optional. The user's IP address.

Then you get a JSON response from the service and if the request failed, you can handle further actions on the backend.

{
  "success": true|false,
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
}

Sources

Upvotes: 1

Related Questions