Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Captcha questions #14

Closed
CrispinF opened this issue Mar 6, 2019 · 4 comments

Comments

@CrispinF
Copy link

commented Mar 6, 2019

Hi @joeaudette

I've think I've got this working on a site now, but had a few small puzzles along the way.

Can the Contact form use the Captcha settings entered in /siteadmin/captcha or must they also be entered in json appsettings? I'm thinking it doesn't, but would like to be sure. (And if not, could it be allowed to use these settings, otherwise it is rather confusing, since the Contact form comes with the template, and any site with a public Contact form will want to use a Captcha. Once they are entered into app settings it seems the ones entered in the UI are completely overridden even for Login and Register - is that right?).

Once I've entered keys into appsettings, I find that with "v2 Tickbox" keys don't work - I get a message on the Contact page "This site key is not enabled for the invisible captcha.". Is it correct this only works with "v3" keys? If that's right, maybe worth a mention on https://github.com/cloudscribe/cloudscribe.SimpleContactForm

thanks

@joeaudette

This comment has been minimized.

Copy link
Collaborator

commented Mar 7, 2019

The captcha stuff used by both contact form and cloudscribe Core come from interfaces and models defined in cloudscribe.Web.Common. ie IRecaptchaKeysProvider

If you set the keys in the UI of cloudscribe Core those keys should also work for the contact form. Similarly if you only put the keys in config then both cloudscribe Core and the contact form will use them from there. But if keys are provided in the UI for cloudscribe Core those keys take precedence over keys from appsettings, in the cloudscribe Core implementation of IRecaptchaKeysProvider, not the other way around.

You should always get the invisible keys because those keys will work whether visible or invisible, but older keys will not work invisible.

@joeaudette

This comment has been minimized.

Copy link
Collaborator

commented Mar 8, 2019

Note v3 of recaptcha is not currently supported, v2 supports both the invisible or visible captcha. The invisible captcha isn't always invisible, not sure what the logic is but if they are confident you are not a bot then it is invisible, but if they are not sure they still can make you use the visible captcha usually selecting photos.

Recaptcha v3 is a whole new things where they create a score based on all the interactions that the user makes on your site to decide if it is normal traffic or a bot. But to do that they want you to add the recaptcha v3 script on every page of your site not just pages where you need a captcha to block spam posts. I can't really say I like that idea and have no immediate plans to implement v3.

@joeaudette joeaudette closed this Mar 8, 2019

@joeaudette joeaudette added the question label Mar 8, 2019

@CrispinF

This comment has been minimized.

Copy link
Author

commented Mar 8, 2019

@joeaudette regarding v3, as noted above I found that only v3 keys work on my site with recent cloudscribe nugets,
image

and for me there's now no such things as invisible Captcha keys or visible. Maybe Google are presenting different things to different countries? I see you updated the Nuget for this, so I'll update and test when I can.

@joeaudette

This comment has been minimized.

Copy link
Collaborator

commented Mar 8, 2019

I don’t think there are keys for invisible. I think v1 keys don’t support invisible, v2 keys and apparently v3 keys do. I’m definitely using v2 keys myself.
It does seem strange if you can’t get v2 keys working. For me I can use v2 keys with invisible checked or not as far as I know. Used them today as invisible in work on comment system. Will try tomorrow to verify that I can still also set invisible to false. But I’ve never used v3 keys myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.