added reCaptcha v2

2022-06-09 16:00:06 +02:00
parent b139c005e3
commit df29424905
5 changed files with 63 additions and 30 deletions
--- a/cao_blogr/views/default.py
+++ b/cao_blogr/views/default.py
@@ -16,6 +16,8 @@ import os
 from PIL import Image
 import shutil
 import magic
+import json
+from urllib import request, parse


@view_config(route_name='home',
@@ -43,16 +45,16 @@ def home(request):
    name = ''
    email = ''
    comments = ''
-    matngot = ''

    if 'form.submitted' in request.params :
        name = request.params['name']
        email = request.params['email']
        comments = request.params['comments']
-        matngot = request.params['matngot']
+        response = request.params['response']

-        # honeypot matngot filled ?
-        if not matngot and comments != '':
+        # verification reCaptcha ?
+        ok, erreur = captcha_verify(response, request.remote_addr)
+        if ok and comments != '':
            # no, message is not spam, send it
            body = """
 Bonjour,
@@ -75,7 +77,7 @@ webmaster@meditation-sunyata.paris
            message.add_recipient('phuoc@caotek.fr')
            mailer = request.registry['mailer']
            mailer.send_immediately(message)
-            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site", "success")
+            request.session.flash("Votre message a bien été envoyé au webmestre. Merci de votre intérêt pour notre site.", "success")

    return {
        'page_title': "",
@@ -87,6 +89,26 @@ webmaster@meditation-sunyata.paris
        'comments': comments,
        }

+def captcha_verify(response, remote_addr):
+    VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify'  
+    data = {
+        'secret': '6LeDvVUgAAAAAGASZXCmcmhh-KtBWTZjXpLpKdNt',
+        'response': response,
+        'remoteip': remote_addr,
+    }
+
+    encoded = parse.urlencode(data).encode()
+
+    req = request.Request(VERIFY_URL, data=encoded)
+
+    with request.urlopen(req) as resp:
+        json_resp = json.loads(resp.read().decode('utf-8'))
+
+        if json_resp['success']:
+            return (True, None)
+        else:
+            return (False, json_resp['error-codes'])
+

@view_config(route_name='settings', renderer='cao_blogr:templates/settings.jinja2', permission='view')
 def settings(request):