I guarantee that bugs, issues, features and changes will be responded in 48 hours.
If you want to use v2, please go to: https://github.com/RyanDaDeng/laravel-google-recaptcha-v2
If you only need to use Vue component, feel free to copy it.
A star would be a nice encouragement. ^.^
Future improvement (Will be done in 1-2 days, everything will still be compatible with all test cases):
- Minor advanced code decouple and performance improvement
- Add Comments
- Installation
- Configurations
- Facade Usage
- Badge Display
- Blade Usage
- Vue Usage
- Validation
- Advanced Usage
- Contributors
Invisible - hidden
Google reCAPTCHA v3 is a new mechanism to verify whether the user is bot or not.
reCAPTCHA v3 is intended for power users, site owners that want more data about their traffic, and for use cases in which it is not appropriate to show a challenge to the user.
For example, a registration page might still use reCAPTCHA v2 for a higher-friction challenge, whereas more common actions like sign-in, searches, comments, or voting might use reCAPTCHA v3.
Please check Google site: https://developers.google.com/recaptcha/docs/faq
- High Test coverage, safe and easy to use
- Score Comparision
- Support invisible, corner and inline badge style
- Support multiple reCAPTCHA on the same page for different forms
- Support multiple actions to be placed on the same page
- Support custom implementation on config interface
- Support custom implementation on request method interface
- Fully supported Vue component
- IP skip list supported
- Support script to be placed in the background of pages for analytics
This package requires the following dependencies:
-
Laravel 5.x
-
If you want to use Validation Class your Laravel version needs to be >= 5.5
-
php > 5
-
Please ensure that you have read basic information from Google reCAPTCHA v3.
Via Composer
$ composer require timehunter/laravel-google-recaptcha-v3 "~2.2.5" -vvv
If your Laravel framework version <= 5.4, please register the service provider under your config file: /config/app.php, otherwise please skip it.
'providers'=[
....,
TimeHunter\LaravelGoogleReCaptchaV3\Providers\GoogleReCaptchaV3ServiceProvider::class
]
And also
'aliases'=[
....,
'GoogleReCaptchaV3'=> TimeHunter\LaravelGoogleReCaptchaV3\Facades\GoogleReCaptchaV3::class
]
If your Laravel framework version is >= 5.5, just run the following command to publish config.
$ php artisan vendor:publish --provider="TimeHunter\LaravelGoogleReCaptchaV3\Providers\GoogleReCaptchaV3ServiceProvider" --tag=googlerecaptchav3.config
For vue component:
$ php artisan vendor:publish --provider="TimeHunter\LaravelGoogleReCaptchaV3\Providers\GoogleReCaptchaV3ServiceProvider" --tag=googlerecaptchav3.vuejs
After installation, you should see a googlerecaptchav3.php in your app/config folder, and vue component under js/components/googlerecaptchav3 folder.
Please register all details in config for host_name, site_key, secret_key and site_verify_url.
Specify your Score threshold and action in 'setting', e.g.
'setting' = [
[
'action' => 'contact_us', // Google reCAPTCHA required paramater
'threshold' => 0.2, // score threshold
'is_enabled' => false // if this is true, the system will do score comparsion against your threshold for the action
],
[
'action' => 'signup',
'threshold' => 0.2,
'score_comparision' => true
],
]
Note: if you want to enable Score Comparision, you also need to enable is_score_enabled to be true.
'setting' = [
...
'is_score_enabled' = true
...
]
For score comparision, all actions should be registered in googlerecaptchav3 config file under 'setting' section.
For more details please check comments in config file.
You can directly use registered facade service by calling the following methods.
- setAction() is optional only if you want to verify if the action is matched.
- verifyResponse() which accepts the token value from your form. This returns Google reCAPTCHA Response object.
- setScore() is optional only if you want to manually verify the score.
Example Usage
GoogleReCaptchaV3::setAction($action)->verifyResponse($value,$ip = null);
GoogleReCaptchaV3::verifyResponse($value,$ip)->getMessage();
GoogleReCaptchaV3::verifyResponse($value)->isSuccess();
GoogleReCaptchaV3::verifyResponse($value)->toArray();
GoogleReCaptchaV3::verifyResponse(
$request->input('g-recaptcha-response'),
$request->getClientIp()
)
->getMessage()
GoogleReCaptchaV3::setAction($action)->verifyResponse($value)->isSuccess();
If you manually assign a value to setScore($score), the code will fully skip your config file and force to check the score.
GoogleReCaptchaV3::setScore($score)
->setAction($action)
->verifyResponse(
$request->input('g-recaptcha-response'),
$request->getClientIp()
)
->getMessage()
You can use provided Validation object to verify your reCAPTCHA.
use TimeHunter\LaravelGoogleReCaptchaV3\Validations\GoogleReCaptchaV3ValidationRule;
$rule = [
'g-recaptcha-response' => [new GoogleReCaptchaV3ValidationRule('action_name')]
];
- $actionName: if its NULL, the package won't verify action with google response.
It's recommended to include reCAPTCHA v3 on every page which can help you get the most context about interactions for analytics.
In your main homepage or layout page, put the following script at the bottom of your page:
{!! GoogleReCaptchaV3::background() !!}
Note: the above script MUST be called after GoogleReCaptchaV3::render(), otherwise the google script might run multiple times.
You can also set the background reCAPTCHA as hidden or visible(bottomright):
...
'background_badge_display' => true,
...
Include div with an ID inside your form, e.g.
<div id="contact_us_id"></div>
Include GoogleReCaptchaV3::render() script after your form, params should follow 'ID'=>'Action', e.g.
{{--if laravel version <=5.6, please use {{ csrf_field() }}--}}
<form method="POST" action="/verify">
@csrf
<div id="contact_us_id"></div>
<input type="submit" value="submit">
</form>
<form method="POST" action="/verify">
@csrf
<div id="signup_id"></div>
<input type="submit" value="submit">
</form>
{!! GoogleReCaptchaV3::render(['contact_us_id'=>'contact_us', 'signup_id'=>'signup']) !!}
If your settings were not reflected, please run php artisan config:cache to clear cache.
Inline
- Go to config file, and set
[
...
'inline' => true
...
]
- Badge will be displayed as inline format within the form.
Invisible
- Set inline as true as well
- Modify your div with style display:none
- Refer to Google official site: https://developers.google.com/recaptcha/docs/faq , you need to include the following text:
This site is protected by reCAPTCHA and the Google
<a href="https://policies.google.com/privacy">Privacy Policy</a> and
<a href="https://policies.google.com/terms">Terms of Service</a> apply.
Corner
- Set inline as false
- Your badge will be shown in the bottom right side.
Custom
- Set inline as true
- Do Styling/CSS on its div element
The package provides a lightweight vue component. You need to publish the vue component before playing around it.
$ php artisan vendor:publish --provider="TimeHunter\LaravelGoogleReCaptchaV3\Providers\GoogleReCaptchaV3ServiceProvider" --tag=googlerecaptchav3.vuejs
The file will be created under js/components/googlerecaptchav3/GoogleReCaptchaV3.vue, you have full control and modification ability on this file.
A BIG thanks to @Fluxlicious who improved the vue component.
The Blade way is no longer useful if you use Vue. We need to manage to assign site key by ourselves. The component supports props below:
Supported: siteKey, id, inline and action, check the original file to see the details.
<google-re-captcha-v3
ref="captcha" v-model="gRecaptchaResponse"
:siteKey="'Your Site Key Here'"
:id="'contact_us_id'"
:inline="true"
:action="'contact_us'">
</google-re-captcha-v3>
There are two ways you can bind site key to the component.
<template>
<div>
<form @submit.prevent="submit">
<div>
<google-re-captcha-v3
ref="captcha" v-model="form.gRecaptchaResponse"
:siteKey="this.siteKey"
:id="'contact_us_id'"
:inline="true"
:action="'contact_us'">
</google-re-captcha-v3>
</div>
<button type="submit">Submit</button>
</form>
</div>
</template>
<script>
import GoogleReCaptchaV3 from '../../components/googlerecaptchav3/GoogleReCaptchaV3';
// location might be diff to your case, ensure that your component location is right
export default {
components: {
GoogleReCaptchaV3
},
data() {
return {
form: {
gRecaptchaResponse: null
},
siteKey: 'Your Site Key',
}
},
methods: {
submit() {
axios.post('/verify', this.form).then(
response => {
this.$refs.captcha.execute(); // every time you submit, the reCAPTCHA token needs to be refreshed
}
).catch(
error => {
this.$refs.captcha.execute(); // every time you submit, the reCAPTCHA token needs to be refreshed
});
}
}
}
</script>
Alternatively, I believe most of cases your site key will never be changed, so you could just modify the original published component to have sitekey hard-coded in.
For instance, open published file and find code below:
....
siteKey: {
type: String,
required: false, // set to true if you don't want to store the siteKey in this component
default: 'Your Site Key Here' // set siteKey here if you want to store it in this component
},
....
For some users, they might store the config details in their own storage e.g database. You can create your own class and implement:
TimeHunter\LaravelGoogleReCaptchaV3\Interfaces\ReCaptchaConfigV3Interface
Remember to register it in your own service provider
$this->app->bind(
ReCaptchaConfigV3Interface::class,
YourOwnCustomImplementation::class
);
The package has two default options to verify: Guzzle and Curl, if you want to use your own request method, You can create your own class and implement
TimeHunter\LaravelGoogleReCaptchaV3\Interfaces\RequestClientInterface
Remember to register it in your own service provider
$this->app->bind(
RequestClientInterface::class,
YourOwnCustomImplementation::class
);
Thank you for the following contributors, You guys are the BEST!
If you discover any security related issues, please email ryandadeng@gmail.com instead of using the issue tracker.
MIT. Please see the license file for more information.