A code package to implement Google reCAPTCHA Enterprise on Salesforce sites and communities.
Google reCAPTCHA – Org wide implementation on Salesforce
reCAPTCHA is a tool provided by Google and used on many registration and signup forms to prevent spam prevention. Code included under 'src' folder will handle either Free or Enterprise version of Google reCAPTCHA on both client-side and server-side. Examples are included for implementing in Visualforce (sites) or Lightning Component(Lightning communities).
For Enterprise version of reCAPTCHA, some manual steps are required prior to deploying code in this repository. Please refer to Installation.md for Enterprise reCAPTCHA setup. Below are some steps which can be followed after downloading code and prior to deploying for Enterprise version.
For Enterprise Version,
- Prior to deploying edit two Apex class files (Org_reCaptchaHandler – for Visualforce, Org_reCaptchaHandlerLC – for Lightning), both will need changes under getGooglesResponseToUsersCaptchaEnterprise method for endpoint URL. Edit with Enterprise Named Credentials setup done using installation.md
Everything under 'src' folder can be deployed, but below are some additional details if reCAPTCHA is only being used with Visualforce or Lightning.
Org_ReCAPTCHAHandler.cls – Used for Visualforce pages
Org_ReCAPTCHAHandlerTest.cls – Test class for Org_ReCAPTCHAHandler.cls
Org_ReCAPTCHAHandlerLC.cls – used for Lightning components
Org_ReCAPTCHAHandlerLCTest.cls – Test class for Org_ReCAPTCHAHandlerLC.cls
Org_ReCAPTCHA.vfp – used only with Lightning component for serving recaptcha widget.
Integration_Settings__c.object – Custom settings used for Free and Enterprise Sitekey, secretkey, and Endpoint URLs.
Code_Toggles__c.object – Custom settings used for toggling Free or Enterprise version of reCaptcha.
Remote Sites – for Google and GoogleApis endpoint.
- Add 2 Records with same names given below, under Integration Settings (Custom Settings)
- reCAPTCHA
- Name - reCAPTCHA
- Endpoint - https://www.google.com/recaptcha/api/siteverify
- Secret Key - Provided by Google
- Site Key - Provided by Google
- reCAPTCHA_Enterprise
- Name - reCAPTCHA_Enterprise
- Endpoint - https://recaptchaenterprise.googleapis.com
- Secret Key
- Site Key - Provided by Google
- reCAPTCHA
- Add 1 record with same name given below, under Code Toggles(Custom Settings). Keeping 'On' as checked is only used for Enterprise version, else uncheck it for Free version
- Name - reCAPTCHA_Enterprise
- Message - this message does not get displayed
- On - Checked
There are two examples included, '/examples' folder, for Account record creation using Visualforce page (AccountRecaptchaExample.vfp) and Account record creation using Aura Lightning component (accountRecaptchaLCExample). Both examples utilize same Apex class (AccountExtension.cls).
Visualforce Example is straight forward but Lightning component example has good amount of details due to work around required for referencing Google Api js files in Lightning environment. Since the introduction of Lightning Locker services, referencing CDN files directly on Lightning component is not allowed. Only other 2 ways are either having js file as static resource (not advisable since google api files change quite often) or using Visualforce page(this allows referencing CDN files directly) inside of an iFrame. Second option is utilized as a solution here, and communication between iFrame (Visualforce page) and Lightning component is done using Postmessages and EventListeners.
Additional notes to pay attention for,
- In accountRecaptchaLCexample, Visualforce page on lightning component is referenced with path of 'apex/Org_reCAPTCHA', this will need to change if it's being used with Lightning communities to '/apex/Org_reCAPTCHA'. There is also a save method in helper js file where this change need to occur.
- Communication between both, Visualforce page and Lightning component, requires origin URL to be known of the other end and this will need to be handled in both places. A design parameter can be created on Lightning component, but Visualforce page may need hard-coding for the origin URL.
- Verify Visualforce pages are given proper access for profiles/permission sets.
If you have questions, please feel free to contact us:
- Open an issue