noopstudios / laravel-recaptchav3
Recaptcha V3 for Laravel package
Requires
- php: >=7.1.0
- guzzlehttp/guzzle: ^6.2|^7.0
- illuminate/container: ~5.7.0|~5.8.0|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/http: ~5.7.0|~5.8.0|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
- illuminate/support: ~5.7.0|~5.8.0|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0
Requires (Dev)
- mockery/mockery: ^1.2
- orchestra/testbench: ~3.7.0|~3.8.0|^4.0|^5.0|^6.0|^7.0
- phpunit/phpunit: 6.2|^7.0|^8.0|^9.0|^10.0|^11.0
README
Laravel package for Google's Recaptcha V3. This is a lightweight package which focuses on the backend validation of Recaptcha V3 captchas.
Installation
To get started, use Composer to add the package to your project's dependencies:
composer require josiasmontag/laravel-recaptchav3
Add RECAPTCHAV3_SITEKEY and RECAPTCHAV3_SECRET to your .env file. (You can get them here)
RECAPTCHAV3_SITEKEY=sitekey
RECAPTCHAV3_SECRET=secret
Optionally, you can publish the config file:
php artisan vendor:publish --provider="Lunaweb\RecaptchaV3\Providers\RecaptchaV3ServiceProvider"
Usage
Init Recaptcha Javascript
Recaptcha v3 works best when it is loaded on every page to get the most context about interactions. Therefore, add to your header or footer template:
{!! RecaptchaV3::initJs() !!}
Forms
RecaptchaV3::field($action, $name='g-recaptcha-response') creates an invisible input field that gets filled with a Recaptcha token on load.
<form method="post" action="/register"> {!! RecaptchaV3::field('register') !!} <input type="submit" value="Register"></input> </form>
Validation
Add the recaptchav3 validator to the rules array. The rule accepts two parameters: The action name and the minimum required score (defaults to 0.5).
$validate = Validator::make(Input::all(), [ 'g-recaptcha-response' => 'required|recaptchav3:register,0.5' ]);
Getting the score
Alternatively, you can get the score and take variable action:
// RecaptchaV3::verify($token, $action) $score = RecaptchaV3::verify($request->get('g-recaptcha-response'), 'register') if($score > 0.7) { // go } elseif($score > 0.3) { // require additional email verification } else { return abort(400, 'You are most likely a bot'); }
Custom validation error message
Add the following values to the custom array in the validation language file:
'custom' => [ 'g-recaptcha-response' => [ 'recaptchav3' => 'Captcha error message', ], ],
Hiding the ReCAPTCHA Badge
Add to your CSS file:
.grecaptcha-badge { visibility: hidden !important; }
Testing
To make your forms testable, you can mock the RecaptchaV3 facade:
RecaptchaV3::shouldReceive('verify') ->once() ->andReturn(1.0);