代码之家 › 专栏 › 技术社区 › Adam

验证码Python Django

captcha django python

Adam · 技术社区 · 6 年前

以下设置的验证码响应无效。联系形式工作得很好,我添加了验证验证码的规则,我检查了密钥,即使解决了它,仍然得到无效的验证码。以下是我的设置:

视图.py

    def get_client_ip(request):
    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
    if x_forwarded_for:
        ip = x_forwarded_for.split(',')[0]
    else:
        ip = request.META.get('REMOTE_ADDR')
    return ip

def grecaptcha_verify(request):
        response = {}
        data = request.POST
        captcha_rs = data.get('g-recaptcha-response')
        url = "https://www.google.com/recaptcha/api/siteverify"
        params = {
            'secret': settings.RECAPTCHA_SECRET_KEY,
            'response': captcha_rs,
            'remoteip': get_client_ip(request)
        }
        verify_rs = requests.get(url, params=params, verify=True)
        verify_rs = verify_rs.json()
        response["status"] = verify_rs.get("success", False)
        response['message'] = verify_rs.get('error-codes', None) or "Unspecified error."
        return response

def contact(request):
        if request.method == 'POST':
            if grecaptcha_verify(request) == "success":
                subject = request.POST.get('subject')
                message = request.POST.get('message')
                email = request.POST.get('email')     
                if subject and message and email:
                    try:
                        send_mail(subject, message, email, ['myemail@gmail.com'],fail_silently= True)
                    except BadHeaderError:
                        return HttpResponse('{Bad Header}')
                    return greatsuccess(request)        
                else:
                    return HttpResponse('{Invalid Form}')
            else:
                return HttpResponse('Invalid Captcha')    
        return render(request, 'personal/contact.html')

我的模板:

 <div class="form-area">  
        <form role="form" method="POST">
                    {% csrf_token %}
                        <input type="text" class="form-control" id="subject" name="subject" placeholder="Subject" maxlength="70" required>
                    </div>
                    <br>
                    <div class="form-group">
                        <input type="email" class="form-control" id="email" name="email" placeholder="Email" required>
                    </div>

                    <div class="form-group">
                    <textarea class="form-control" type="textarea" id="message" name="message" placeholder="Message" maxlength="300" rows="7"></textarea>                
                    </div>

        <button type="submit"  name="submit" class="btn btn-m btn-secondary">Submit</button>

        <script src='https://www.google.com/recaptcha/api.js'></script>
        <div class="g-recaptcha" data-sitekey="MYKEY"></div>

        </form>

我对Python很陌生,如何检查后台发生的事情,以及在哪一点验证失败?

2 回复 | 直到 6 年前

ruddra 6 年前

你在做 get 请求验证,但您需要 post 请求它。这就是验证码验证失败的原因。所以试试这样:

    url = "https://www.google.com/recaptcha/api/siteverify"
    headers = {'User-Agent': 'DebuguearApi-Browser',}
    params = {'secret': settings.RECAPTCHA_SECRET_KEY, 'response': captcha_rs}
    verify_rs = requests.post(url, data=params, headers=headers)  # <--  Update Here
    ... # rest of your code

请看 documentation 关于如何验证recaptcha。

Adam 6 年前

好啊。我成功了。谢谢鲁德拉的帮助。

我先删除了 </div> 我注意到这是不必要的。这使得g-recaptcha-response包含在POST数据中。显然,确保你的表单是正确的和谷歌喜欢它是很重要的。

其次,我根据收到的建议对main views.py做了一些修改+一些改进。

def greatsuccess(request):
    messages.success(request, "Email sent!")
    return render(request, 'personal/contact.html')

def greatfail(request):
    messages.error(request, "Invalid Captcha!")
    return render(request, 'personal/contact.html')

def grecaptcha_verify(request):
        data = request.POST
        captcha_rs = data.get('g-recaptcha-response')
        url = "https://www.google.com/recaptcha/api/siteverify"
        headers = {'User-Agent': 'DebuguearApi-Browser',}
        params = {'secret': settings.RECAPTCHA_SECRET_KEY, 'response': captcha_rs}
        verify_rs = requests.post(url,params, headers=headers)
        verify_rs = verify_rs.json()
        response = verify_rs.get("success", False)
        return response 

def contact(request):
    if request.method == 'POST':
        response=grecaptcha_verify(request)
        if response == True :
            subject = request.POST.get('subject')
            message = request.POST.get('message')
            email = request.POST.get('email')     
            if subject and message and email:
                try:
                        send_mail('Sent from mywebsite '+subject, message, email, ['email@gmail.com'],fail_silently= True)
                except BadHeaderError:
                    return HttpResponse('{Bad Header}')
                return greatsuccess(request)        
            else:
                    return HttpResponse('{Invalid Form}')
        else:
            greatfail(request)
    return render(request, 'personal/contact.html')

我的模板:

<form method="POST">
                    {% csrf_token %}
                        <input type="text" class="form-control" id="subject" name="subject" placeholder="Subject" maxlength="70" required>

                    <br>
                    <div class="form-group">
                        <input type="email" class="form-control" id="email" name="email" placeholder="Email" required>
                    </div>

                    <div class="form-group">
                    <textarea class="form-control" type="textarea" id="message" name="message" placeholder="Message" maxlength="300" rows="7"></textarea>                
                    </div>

                    <div class="g-recaptcha" data-sitekey="key"></div>

                    <button type="submit"  name="submit" class="btn btn-m btn-secondary">Submit</button>

        </form>

    {% for message in messages %}
        {{ message }}
        {% endfor %}