biscolab / laravel-recaptcha Goto Github PK

Describe the bug
When I'm using ReCaptcha::htmlScriptTagJsApi() before my It display {}at the top of my page. But the package work well.

To Reproduce
Steps to reproduce the behavior:

1. Add {{!! ReCaptcha::htmlScriptTagJsApi() !!}} before your .

Expected behavior
To not have this {}at the top of page.

Screenshots

Environment:

• MacOS 12.1
• PHP version [8.0.11]
• Laravel version [8]
• Package version [5.1.0]

do it work with php 7 ?

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:

• OS and server: [e.g. Ubuntu 16.04 / Nginx] (If you are using a VM on Windows DON'T "say" Windows)
• PHP version [7.1.x]
• Laravel version [e.g. 5.5]
• Package version [e.g. 3.4.1]

Additional context
Add any other context about the problem here, like code snippets.

Hi!

I'm trying to get the documentation at https://laravel-recaptcha-docs.biscolab.com/docs/intro but page is not working.

The response is:
Error 526 Invalid SSL Certificate

Thank you for your amazing job!

Installation

composer require airbrake/phpbrake

Example Usage

This usage example details how to create a notifier instance, set a global notifier instance, register the error handler, and includes a snippet of some code that would report an exception to Airbrake (You can find your project ID and API KEY with your project's settings):

// Create new Notifier instance.
$notifier = new Airbrake\Notifier(array(
    'projectId' => <Your project ID>,
    'projectKey' => '<Your project API KEY>',
));

// Set global notifier instance.
Airbrake\Instance::set($notifier);

// Register error and exception handlers.
$handler = new Airbrake\ErrorHandler($notifier);
$handler->register();

// Somewhere in the app...
try {
    throw new Exception('hello from phpbrake');
} catch(Exception $e) {
    Airbrake\Instance::notify($e);
}

Going further

Check out our official GitHub repo for info on additional features like:

• Monolog integration
• Adding custom data to your errors
• Filtering specific errors
• Extra config options

How to use in the laravel 6 Backend to validate user login?
Any form that not send the token in a hidden input?

Describe the bug
Hi, thanks for the package, unfortunately I get the following error:
Call to undefined method Biscolab\ReCaptcha\ReCaptchaBuilderV2::htmlFormButton()

When I remove {!! htmlFormButton() !!} the captcha appears correctly (without the submit button obviously).

Configs are set too, both in .env and recaptcha.php file.

I also tried {!! ReCaptcha::htmlFormButton() !!} and still the same, I'm using v2 but even if I change it to invisible in config, then I get this error instead: Call to undefined method Biscolab\ReCaptcha\ReCaptchaBuilderInvisible::htmlFormSnippet()

Environment:

• OS and server: Mac
• PHP version 8.0.8
• Laravel version 8.66.0
• Package version 5.0.1

Please Allow Install On Laravel 6

Every time a request is sent using ajax, and there is an error, just let it do it once, you have to reload the page to be able to use it again, because it returns the catpcha error. It should have a function to refresh the captcha.
I made a login where it returns if the person has active, double authentication, so if it returns yes, it should ask for the code on the same page, but it doesn't stop because if it sends the code at once, it should refresh.

Environment:

• OS and server: Ubuntu/Windows
• PHP version [7.3.11]
• Laravel version [7.29.3]

I am using Laravel v5.6 and Laravel Recaptcha version 3.6.

I have a customer login page and an admin login page. I added the recaptcha to both and it works on the customer login page but when I click the checkbox on the admin login page I keep getting this "Uncaught (in promise) Timeout" error where the widget spins and then it goes back to the default unchecked state and therefore I am unable to log in.

if the input field is empty, the submit event handler doesn't run. It will be triggered only if the HTML5 validation (the required attribute, in this case) has passed.

I'd expect a captcha to run after the HTML5 validation too; why do I have to annoy the user compiling a captcha if later on I'd warn him there are missing fields ? First I should force the user to do everything in the right way, then ensure it's a human and not a bot, IMHO.

Appearently, reCaptcha does something on the form it attaches on, removing the HTML5 validation feature.

The form will be submitted with the empty field, without notifying the user about its obligatoriness.

Any clue on why it acts like this ? Is there a way I can instruct reCaptcha to let HTML5 form validation run before taking control ?

Unable to install the same package on laravel 8, please provide support for the same.

Describe the bug
I have an installation of Laravel Nova in the same app that I'm using this package and I noticed that Laravel Nova started to be in English after installing this package. I have the translations for Laravel Nova to Brazilian Portuguese.

To Reproduce
Steps to reproduce the behavior:

1. Install Laravel Nova (hard to reproduce because needs a license)
2. Change the app to a different language
3. Create some translations for this new language
4. Install this package
5. Go to Nova installation and you will see that Laravel Nova is in English

Expected behavior
See Laravel Nova in configured language.

Screenshots
When this package is installed:

If I comment this line in ReCaptchaServiceProvider:

Then I have it in the correct language:

Environment:

• OS and server: Docker image php8.0-apache
• PHP version 8.0
• Laravel version 8.68.1
• Package version 5.0.1

hi , everttime i try to submit the form i get Hey!!! Recaptcha is wrong!
i am using laravel 5.6
i also added this:

--
  | function biscolabLaravelReCaptcha(token) {
  | document.getElementById("login-form").submit();
  | }
  | </script>
{!! htmlFormButton() !!}

I have implemented the example that you have in the documentation page of V3, and I understand that using the callback_then and callback_catch you will make a request for a specific library endpoint that returns the score of the user, but even if the user have a really bad score how this will prevent the form to be submitted.

I think you should create a real example of a simple contact form protected with the recapctha v2, invisible and V3.

In the V2 example you append the g-recaptcha-response on the form that will be submitted and this make sense, but in V3 example I think you can always submit.

Can you explaining me if I'm seeing it wrong?
How this code will protect the form (in v3 example) if for example it is submitted for a bot that don't even run javascript?

Error Exception Call to undefined function htmlScriptTagJsApiV3()

Steps to reproduce the behavior:

1. do exact documentation of installation
2. do exact as documentation to configure V3
3. reload the page

• OS: Windows 10
• PHP version v7.1.29
• laravel 5.8

Hi mighty all,

Trying to inject the usual ReCaptcha (your packet) functionality into JetstreamServiceProvider.

GIST

If the captcha is empty — everything is OK and I get an error, but if captcha is passed/checked I also get an error saying "You have to pass ReCaptcha check". Deep night now, please point me in the right direction.

P.S. All the same works for Jetstream while creating a new user (updated validator inside Fortify/CreateNewUser.php).

is there any solution for this error ? can i set header cookie on htmlFormSnippet() ?

Hi
When array returns the validation Rule will pass!
even the array with error:

array (
'success' => false,
'error-codes' =>
array (
0 => 'invalid-keys',
),
)

There is a semicolon there, where a comma should be. It is causing an error when doing the vendor:publish for your config file.

Hi,
is it possible to add localization to googles recaptcha ?

My steps in ReCaptchaBuilder class were:

Add Facade:
use Illuminate\Support\Facades\App;

Add propery
protected $locale; property.

Updated constructor
public function __construct(...) { ... $this->locale = App::getLocale(); }

and then make some changes in this method (showing changes just in version v2)

htmlScriptTagJsApi() {
     <script src=\"https://www.google.com/recaptcha/api.js?hl={$this->locale}\" async defer></script>
}

Valid code languages can be found here:
https://developers.google.com/recaptcha/docs/language

best regards
Greg

i have problem when upgrade Laravel to version 9.

Describe the bug
Using this command: php artisan vendor:publish --provider="Biscolab\ReCaptcha\ReCaptchaServiceProvider" does not publish any files.

To Reproduce
Follow the install instructions and execute php artisan vendor:publish --provider="Biscolab\ReCaptcha\ReCaptchaServiceProvider". Returned message is: Publishing complete. but nothing is published in config or anywhere else.

Expected behavior
At least the config file to be published.

Environment:

• OS: Windows 10
• PHP version 7.3.0
• Laravel ^5.6

Additional context
Running locally under XAMPP v 3.2.2 using PHP 7.3.

When I try to validate recaptcha with language sk pt hu then validation failed.

Head example:
{!! htmlScriptTagJsApi(['lang' => 'sk']) !!}

Response from server:
{"message":"Server Error","country_status":"active"}

For other languages validation works.

Is there any fix for that?

Hello!

I couldn't find anything in your documentation about how to test recaptcha with phpunit. I have a complete set of feature tests for my authentication flow, and recently added recaptcha support with your package. And meanwhile I can disable recaptcha validation for testing via the CreatesApplication class, I'm not sure that is good solution and looking after a real way to test this.
Did I miss any guide or docs on this?
Would you mind adding it? Thanks!

Hello everyone my domain is . dev.stabit.com
I am install package and configration is still work 127.0.0.1 and not work server . İf empty chapca not error message ı dont understand . PHP version 7.4 . Server laravel . versiyon 7

Site login
stabit
Stabit!!20

my config file

https://paste.laravel.io/b5541309-de64-439e-9b4e-228a6f7b3d6c

my html file

https://paste.laravel.io/94b9b17c-c716-4c0b-88c2-db6b5896d45c

and my recapcha config

http://prntscr.com/106q9lx

please help me.

Describe the bug
When I use invisible captcha, it's not possible to overwrite data-callback

{!! htmlFormButton(trans('contact.send_button'), ['class' => 'btn submit', 'data-badge' => 'bottomleft', 'data-callback' => 'myCustomFunction']) !!}

Expected behavior
data-callback attribute must be overwritten to myCustomFunction

Environment:

• PHP version 7.4.11
• Laravel version 8.19.0
• Package version 5.0

Describe the bug
I am getting the same error from issue#22. I am already using v4.12 but still getting Call to undefined function htmlScriptTagJsApiV3() error on my blade file.

There is a key in the configuration environment

Greetings,
I use Recaptcha v2 or Recaptcha v3 in my project, depending on the choice of admin.

I have no problem running it on any page.

However, I am having problems when my login screen is added to the page later. My scenario is as follows:

If the user is not logged in, I send an ajax request and get the login view in response to the ajax request. I show the login view to the user in Bootstrap-modal. During the display process (in Login View) for V2
{!! ReCaptcha::htmlScriptTagJsApi() !!} and {!! ReCaptcha::htmlFormSnippet () !!}
or for V3

{!! htmlScriptTagJsApi ([
         'action' => 'submit',
         'callback_then' => 'callbackThen',
         'callback_catch' => 'callbackCatch'
         ]) !!}

If I use it, V2 Recaptcha comes, but when the form is submitted, the default_validation_route is not requested.

I have the same problem in V3 as well. There is no request to default_validation_route.

let wID=grecaptcha.render('recaptcha-element');
grecaptcha.reset(wID);

Describe the bug
This error does not happen all the time. It has been less than 1% in all page load. Sometime, when a recaptcha v3 enabled page is loaded, there is an error reported in sentry.io and the error is Return value of Biscolab\ReCaptcha\Controllers\ReCaptchaController::validateV3() must be of the type array, boolean returned.

The error stack is below:

Symfony\Component\Debug\Exception\FatalThrowableError: Return value of Biscolab\ReCaptcha\Controllers\ReCaptchaController::validateV3() must be of the type array, boolean returned
#54 vendor/biscolab/laravel-recaptcha/src/Controllers/ReCaptchaController.php(27): validateV3
#53 vendor/biscolab/laravel-recaptcha/src/Controllers/ReCaptchaController.php(0): call_user_func_array

To Reproduce
Steps to reproduce the behavior:

1. Follow exact instruction to install recaptcha V3
2. open the page with recaptcha V3 enabled
3. See the error reported

Expected behavior
Error should not happen

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:
Homestead
Laravel 5.7.20

Additional context
n/a

Environment:

• OS and server: [e.g. Ubuntu 16.04 / Nginx] (If you are using a VM on Windows DON'T "say" Windows)
• PHP version [7.2.x]
• Laravel version [7.0.4]
• Package version [4.1]
  you just write package i think you never test this code every version

as described in the documentation I installed the package and add the keys to the config then inserted the helper into the view.
I'm using recaptcha on the login form so the form is submitted to /login, I don't know if I have to add anything to the controller but that is not mentioned in the documentation so I assume it's handled by the package.

the recaptcha logo appear on the bottom right of the page and i can see requests going to https://www.google.com/recaptcha/api2/

Screenshots of the request and response

Environment:

• Windows 10
• PHP version 7.4.15
• Laravel version 8.27.0
• Package version 5.0.1

Additional context
the code inserted in the view head

{!! htmlScriptTagJsApi([
        'action' => 'homepage',
    ]) !!}

config file:

<?php
/**
 * Copyright (c) 2017 - present
 * LaravelGoogleRecaptcha - recaptcha.php
 * author: Roberto Belotti - [email protected]
 * web : robertobelotti.com, github.com/biscolab
 * Initial version created on: 12/9/2018
 * MIT license: https://github.com/biscolab/laravel-recaptcha/blob/master/LICENSE
 */

/**
 * To configure correctly please visit https://developers.google.com/recaptcha/docs/start
 */
return [

    /**
     *
     * The site key
     * get site key @ www.google.com/recaptcha/admin
     *
     */
    'api_site_key'                 => env('RECAPTCHA_SITE_KEY', ''),

    /**
     *
     * The secret key
     * get secret key @ www.google.com/recaptcha/admin
     *
     */
    'api_secret_key'               => env('RECAPTCHA_SECRET_KEY', ''),

    /**
     *
     * ReCATCHA version
     * Supported: "v2", "invisible", "v3",
     *
     * get more info @ https://developers.google.com/recaptcha/docs/versions
     *
     */
    'version'                      => 'v3',

    /**
     *
     * The curl timout in seconds to validate a recaptcha token
     * @since v3.5.0
     *
     */
    'curl_timeout'                 => 10,

    /**
     *
     * IP addresses for which validation will be skipped
     *
     */
    'skip_ip'                      => [],

    /**
     *
     * Default route called to check the Google reCAPTCHA token
     * @since v3.2.0
     *
     */
    'default_validation_route'     => 'biscolab-recaptcha/validate',

    /**
     *
     * The name of the parameter used to send Google reCAPTCHA token to verify route
     * @since v3.2.0
     *
     */
    'default_token_parameter_name' => 'token',

    /**
     *
     * The default Google reCAPTCHA language code
     * It has no effect with v3
     * @see   https://developers.google.com/recaptcha/docs/language
     * @since v3.6.0
     *
     */
    'default_language'             => null,

    /**
     *
     * The default form ID. Only for "invisible" reCAPTCHA
     * @since v4.0.0
     *
     */
    'default_form_id'              => 'biscolab-recaptcha-invisible-form',

    /**
     *
     * Deferring the render can be achieved by specifying your onload callback function and adding parameters to the JavaScript resource.
     * It has no effect with v3 and invisible
     * @see   https://developers.google.com/recaptcha/docs/display#explicit_render
     * @since v4.0.0
     * Supported true, false
     *
     */
    'explicit'                     => false,

    /**
     *
     * Set API domain. You can use "www.recaptcha.net" in case "www.google.com" is not accessible.
     * (no check will be made on the entered value)
     * @see   https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
     * @since v4.3.0
     * Default 'www.google.com' (ReCaptchaBuilder::DEFAULT_RECAPTCHA_API_DOMAIN)
     *
     */
    'api_domain'                   => 'www.google.com',

    /**
     *
     * g-recaptcha tag attributes and grecaptcha.render parameters (v2 only)
     * @see   https://developers.google.com/recaptcha/docs/display#render_param
     * @since v4.0.0
     */
    'tag_attributes'               => [

        /**
         * The color theme of the widget.
         * Supported "light", "dark"
         */
        'theme'            => 'light',

        /**
         * The size of the widget.
         * Supported "normal", "compact"
         */
        'size'             => 'normal',

        /**
         * The tabindex of the widget and challenge.
         * If other elements in your page use tabindex, it should be set to make user navigation easier.
         */
        'tabindex'         => 0,

        /**
         * The name of your callback function, executed when the user submits a successful response.
         * The g-recaptcha-response token is passed to your callback.
         * DO NOT SET "biscolabOnloadCallback"
         */
        'callback'         => null,

        /**
         * The name of your callback function, executed when the reCAPTCHA response expires and the user needs to re-verify.
         * DO NOT SET "biscolabOnloadCallback"
         */
        'expired-callback' => null,

        /**
         * The name of your callback function, executed when reCAPTCHA encounters an error (usually network connectivity) and cannot continue until connectivity is restored.
         * If you specify a function here, you are responsible for informing the user that they should retry.
         * DO NOT SET "biscolabOnloadCallback"
         */
        'error-callback'   => null,
    ]
];

As you wrote $configuration argument can have following keys:
{!! htmlScriptTagJsApi(['lang' => 'en' !!} , but it does not work. As I checked you need to pass {!! htmlScriptTagJsApi(['resources' => 'en' !!} instead. Please check if I am right.

Could the inline script be added with a nonce? Maybe optional integration with spatie/laravel-csp or some means for me to insert a nonce to the inline script. The markup is pretty hard-coded. If the view were moved out of inline blade markup into an actual blade.view, then I'd have some more flexibility.

When de laravel is installed on subfolder the default_validation_route generate 404.

To Reproduce
Steps to reproduce the behavior:

1. install libraries and config all
2. When laravel is on subfolder the http://domain/subfolder/biscolab-recaptcha/validate?token=
   generate 404

Hi,

I'm trying to defer rendering because recaptcha isn't visible at first on my page,
I did set "explicit" to true in the config as mentioned in the doc,
but I can't find where to add the name for my onload callback,
could you please provide an example for this (and add it in the doc) ?

Best regards,

Olivier

Currently we have to set the size for v2 checkbox to 'normal' or 'compact' in the config, and it applies everywhere. However, for my use case I would like to be able to override this on certain pages. You already allow passing configuration in the JS tag, like this:

{!! htmlScriptTagJsApi(['lang' => 'de']) !!}

Can you make it so

{!! htmlFormSnippet() !!}

can also accept configuration, at least for size?

I was just wondering if it is possible to configure where the badge shows up on the page. We are using the Invisible captcha, and it shows the small Google badge in the bottom right corner. We also have another JS tool that displays a badge in the same corner.

Looks like it is possible to adjust the badge location in the Google docs, but I'm not sure if it is possible to use these settings in the Laravel configuration.
See data-badge on this page...
https://developers.google.com/recaptcha/docs/invisible

Thanks in advance!

A recent update added a closure route, which makes my route:cache fail during php artisan route:cache:

.

I am thankful that the package allows me to configure my own route path so I can define my own controller, however, I think it would be advisable to convert this to a controller.

It would be nice to lazy load recaptcha as I don't even have the protected form until much lower on the page. Why download the script in the header when it could be loaded in the footer?

Describe Missing Feature
Not possible to disable the button after it is clicked.

To Reproduce
I want to disable the button after it is clicked, since some users click many times the button, currentlly the button remains enabled after the click.

Expected behavior
After click the button is disabled.

Environment:
Not browser dependent.

Possible Solution
On htmlScriptTagJsApi, add an additional propertie like :
'disable' => true, so the button is disabled after click or false if the button should remain enabled.

Hello, this is not a bug.

I have implemented this package on a study project. I'm able to get keys from google, but how do I make the laravel login to validate de reCaptcha without messing with files in vendor folder?

I'm posting this because if I don't configure the proper domain, the login is successfull anyway.

Regards

Unable to upgrade to Laravel 7.x

Problem 1
- Conclusion: remove biscolab/laravel-recaptcha 4.0.1
- Conclusion: don't install biscolab/laravel-recaptcha 4.0.1
- Conclusion: don't install laravel/framework v7.0.2

Environment:

• OS and server: Mac OS Catalina
• PHP version [7.3.14]
• Laravel version [e.g. 6.18.0]
• Package version [e.g. 3.4.1]

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Environment:

• OS and server: [e.g. Ubuntu 16.04 / Nginx] (If you are using a VM on Windows DON'T "say" Windows)
• PHP version [7.1.x]
• Laravel version [e.g. 5.5]
• Package version [e.g. 3.4.1]

Additional context
Add any other context about the problem here, like code snippets.

Hi, thanks for this project. Can you add Laravel 8 compatibility?

Problem 2
- Root composer.json requires biscolab/laravel-recaptcha ^4.4 -> satisfiable by biscolab/laravel-recaptcha[4.4.0].
- biscolab/laravel-recaptcha 4.4.0 requires php ^7.1 -> your php version (8.0.2) does not satisfy that requirement.

I used this code

<form action="" method="post">
        @csrf
        {!! htmlFormSnippet() !!}
        <input type="submit" value="Click here to continue" id="submit_form" disabled>
    </form>

and

htmlScriptTagJsApi()

I want to add javascript call back function to valid form and enable that button.
But I could not find any solution
I think this is new sugesstion. Thanks

thank you brother for this package
that is my code
@error('g-recaptcha-respons')

{{ $message }}

@enderror