Currently, I am working on Nuxtjs 2 project in which I have to implement Recaptcha on the client side, I do not want backend support for Recaptcha. I want to handle it only on the front end. How can I do this on the front-end with or without any library that is compatible with nuxtjs2?
There is no reason to use reCAPTCHA without server.
reCAPTCHA is for protecting the backend from spam.
If you really want to do it, you can make the same request with JavaScript.
But again: Makes no sense.
reCAPTCHA validation for PHP:
function validate_captcha_response($code){
if($_SERVER['HTTP_HOST']=="localhost") return true;
if($code && strlen($code)>32){
$secret = "<your reCaptcha v3 secret>";
$ip = $_SERVER['REMOTE_ADDR'];
$gcaptcha = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$code&remoteip=$ip"), true);
return ($gcaptcha['success'] == true && $gcaptcha['score'] >= 0.8 && $gcaptcha['hostname'] == $_SERVER['SERVER_NAME']);
}
return false;
}
The same code in JavaScript:
function validate_captcha_response(code){
if(window.location.hostname=="localhost") return true;
if(code && code.length>32){
let secret = "<your reCaptcha v3 secret>";
let gcaptcha = json_decode(file_get_contents(`https://www.google.com/recaptcha/api/siteverify?secret=${secret}&response=${code}`), true);
return (gcaptcha['success'] == true && gcaptcha['score'] >= 0.8 && gcaptcha['hostname'] == window.location.hostname);
}
return false;
}
(Please note I removed the IP functionality)
Code Source: https://www.custom-captcha.com/
Related
This question already has answers here:
Logging Messages from Java Class back to the Karate Report
(3 answers)
Closed 1 year ago.
I want to be able to write log statements, that get added to the karate.log file as well as to the Cucumber Reports that get generated when using standalone karate.jar.
When I use karate.log from a javascript function it only adds the log statement to the karate.log file and not the cucumber report.
I have also tried to do this from a java function as well by using both slf4j logger as well as the com.intuit.karate.Logger class. However both of these only add logs to the karate.log file and not to the cucumber reports.
I need this because I am writing some common code for which I don't want my QA-Engineers to write * print <> statements in the karate feature files.
I also looked at the com.intuit.karate.core.ScriptBridge.log(Object... objects) method which is what I am assuming gets called when you call karate.log(..), it looks like it should work, but it isn't working for me.
I am using karate-0.9.4, and here's what my karate-config.js looks like
function conf() {
var env = karate.env // set the environment that is to be used for executing the test scripts
var host = '<some-host-name>';
var port = '443';
var protocol = 'https';
var basePath = java.lang.System.getenv('GOPATH') + '/src/karate-tests';
// a custom 'intelligent' default
if (!env) {
env = 'dev';
}
var applicationURL = ((!port || port == '') || (port == '80' && protocol == 'http') || (port == '443' && protocol == 'https'))
? protocol + '://' + host
: protocol + '://' + host + ":" + port;
// Fail quickly if there is a problem establishing connection or if server takes too long to respond
karate.configure('connectTimeout', 30000);
karate.configure('readTimeout', 30000);
// pretty print request and response
//karate.configure('logPrettyRequest', true);
//karate.configure('logPrettyResponse', true);
karate.configure('printEnabled', true);
// do not print steps starting with * in the reports
//karate.configure('report',{showLog: true, showAllSteps: true });
// Turn off SSL certificate check
karate.configure('ssl', true);
var config = {
env: env,
appBaseURL: applicationURL,
sharedBasePath: basePath
};
karate.log("config.sharedBasePath = ", config.sharedBasePath)
karate.log('karate.env = ', config.env);
karate.log('config.appBaseURL = ', config.appBaseURL);
return config
}
This is because of a bug in karate-0.9.4 which seems to be partially fixed in karate-0.9.5.RC4 release. I have opened a ticket for it on GitHub - https://github.com/intuit/karate/issues/975
I just tried this in 0.9.5.RC4. If you are looking for something more than this - it needs a change in Karate. You are welcome to contribute. I have to say that I'm surprised (and somewhat annoyed) to see these requests. Why are you so concerned about pretty reports instead of focusing on testing. I'd like you to think about it.
This other discussion may be a related reference: https://github.com/intuit/karate/issues/951 | https://github.com/intuit/karate/issues/965
If you really want to pursue this, you can look at the "hook" interceptor mentioned in this comment: https://github.com/intuit/karate/issues/970#issuecomment-557443551
So in void afterStep(StepResult result, ScenarioContext context); - you can modify the StepResult by calling appendToStepLog(String log).
EDIT: other references:
https://stackoverflow.com/a/57079152/143475
https://stackoverflow.com/a/47366897/143475
I create a new site in symfony3 following the getting started section in the official symfony documentation in https://symfony.com/doc/current/setup.html
Everything is working ok.. if I put mydomain.com as the URL, the framework add /en or the correct local.
My question is if there is a way that if the user do a deeplink to mydomain.com/blog the framework found that the local is not present so it can add and transform the url to mydomain.com/en/blog
I'm not adding the code as it is the default one. Let me know if you need it.
There are multiple ways to do this. Probably the easiest is to have an EventSubscriber or -Listener that catches request without a locale and then handles adding that information. Since you based your project on the demo application you might want to look at their solution: https://github.com/symfony/demo/blob/master/src/EventSubscriber/RedirectToPreferredLocaleSubscriber.php
The steps to perform in your event handler are roughly these:
Listen to kernel.request event
Return early based on some criteria, e.g. homepage, a cookie with the language is set, or something else
Detect the language either by getting the default locale or determining from your available locales and the browser header which language fits best (see: https://github.com/willdurand/Negotiation#language-negotiation)
Redirect, add the locale as attribute to request, write the currently set language to a cookie, or whatever else you need to do to change the route
Thanks to #dbrumann I get to this solution... For sure it can be improve to use less code but it just did the trick.
I updated the onKernelRequest method in RedirectToPreferredLocaleSubscriber class
public function onKernelRequest(GetResponseEvent $event): void
{
$request = $event->getRequest();
$path = explode('/',$request->getPathInfo());
$hasLocale = false;
foreach ($this->locales as $key => $l) {
if($l == $path[1]){
$hasLocale = true;
}
}
if(!$hasLocale){
// Ignore sub-requests and all URLs but the homepage
if (!$event->isMasterRequest() || '/' !== $request->getPathInfo()) {
$preferredLanguage = $request->getPreferredLanguage($this->locales);
if ($preferredLanguage !== $this->defaultLocale) {
$url = "";
foreach ($path as $key => $p) {
if($key > 0){
$url .= "/" . $p;
}
}
//print_r('/' . $preferredLanguage . $url);exit;
$response = new RedirectResponse('/' . $preferredLanguage . $url);
$event->setResponse($response);
}
}
else{
// Ignore requests from referrers with the same HTTP host in order to prevent
// changing language for users who possibly already selected it for this application.
if (0 === mb_stripos($request->headers->get('referer'), $request->getSchemeAndHttpHost())) {
return;
}
$preferredLanguage = $request->getPreferredLanguage($this->locales);
if ($preferredLanguage !== $this->defaultLocale) {
$response = new RedirectResponse($this->urlGenerator->generate('homepage', ['_locale' => $preferredLanguage]));
$event->setResponse($response);
}
}
}
}
I know in older versions, they had the 'secured' field, but that doesn't seem to be there anymore? Is it still possible to find this out? (2.2.1)
According to wikipedia here, there is a de-facto stardard for this kind of information as a HTTP request header. So to obtain this in scala:
val x-forwarded-proto = request.headers("X-FORWARDED-PROTO")
If this value is "https", it's "secured".
In fact you can look up older Play code here (java).
private boolean isRequestSecure() {
Header xForwardedProtoHeader = headers.get("x-forwarded-proto");
Header xForwardedSslHeader = headers.get("x-forwarded-ssl");
// Check the less common "front-end-https" header,
// used apparently only by "Microsoft Internet Security and Acceleration Server"
// and Squid when using Squid as a SSL frontend.
Header frontEndHttpsHeader = headers.get("front-end-https");
return ("https".equals(Play.configuration.get("XForwardedProto")) ||
(xForwardedProtoHeader != null && "https".equals(xForwardedProtoHeader.value())) ||
(xForwardedSslHeader != null && "on".equals(xForwardedSslHeader.value())) ||
(frontEndHttpsHeader != null && "on".equals(frontEndHttpsHeader.value().toLowerCase())));
}
Strangely enough, it's there again on the master branch.
Here's the correct translation for this question, which was originally asked in french. Note that I have taken liberty to translate the comments in the code.
My procedure worked correctly during tests in my sandbox. When I put it into operational mode, it still worked correctly. Then I added a check in my code to prevent access to the sandbox version by copy/pasting the URL. Now my website works correctly in operational mode, but my sandbox vresion doesn't work anymore.
Link to operational mode.
Link to sandbox mode.
The procedure:
//
// VENDOR PARAMETERS FOR SANDBOX VERSION
//
if ($proctest == "1")
{
$url_nvp = 'https://api-3t.sandbox.paypal.com/nvp'; // Sandbox version
$version = 64.0; // Version
$iduser = 'f-facilitator_api1.x.fr'; // User
$passwrd = '0123456789'; // Password
// Signature
$signature = 'AFcWxV21C7fd0v3bYYYRCpSSRl31ALWKEzeddmFHrClYoc6tJpZiawjH';
}
//
// VENDOR PARAMETERS FOR OPERATIONAL VERSION
//
else
{
$url_nvp = 'https://api-3t.paypal.com/nvp'; // Operational website
$version = 64.0; // Version
$iduser = 'f_api1.x.fr'; // User
$passwrd = '0123456789'; // Password
// Signature
$signature = 'Apekq0Tf.isqMqkIsEX7RsjIFTVCA8EehX5M263oELbE40NBWWYxhtW1';
}
//
// BUILDING THE STRING
//
$api_paypal= $url_nvp.'?VERSION=' .$version // Builds the URL
.'&USER=' .$iduser
.'&PWD=' .$passwrd
.'&SIGNATURE=' .$signature;
return $api_paypal; // Returns the string
}
Then:
//
// TEST ENVIRONMENT FOR NVP'S API
//
if ($proctest == "1")
{
header("Location: https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=".$liste_param_paypal['TOKEN']);
}
//
// OPERATIONAL ENVIRONMENT FOR NVP'S API
//
else
{
header("Location: https://www.paypal.com/webscr&cmd=_express-checkout&token=".$liste_param_paypal['TOKEN']);
}
I can't find what prevents the sandbox version from running correctly.
EDITS: See this picture: http://trackauthoritymusic.com/wwwroot/images/fb-issue-bug.jpg.
For snapshots of the Network tab and all HTTPS headers from my page through FB's redirect.
The windows in the image above show the var_dump's in the code below:
For an access token I only get default the combined appId|secret.
When I var_dump $_REQUESTS at the first point of contact from Facebook, I get nothing so know codeigniter is not stripping the values, but i'm definitely not getting an "signed_request" post from Facebook!
I'm 85.1% sure my Facebook app settings are fine. I've made dozens of tweaks and resets while testing to no success.
And when I switch the settings to client-side approach with the access token in the browser hash, i DO get a valid token, but am desperately trying to avoid all that javascript on my page and will need the php integrated anyway.
All of this only happens once you've approved the app, and I can manually look up their membership in Insights, but know they can't access the app without seeing their token.
I had put this bug aside until now, since my ORIGINAL POST below April 24:....
It's been 3 days with trial-n-error and research:
My Environment: LAMP using facebook sdk 3 & CodeIgniter 2
Login Code:
$CI->load->library('facebook', array("appId"=>APP_ID, "secret"=>APP_SECRET));
$this->visitor['access_token'] = $CI->facebook->getAccessToken();
$fb_id = $CI->facebook->getUser();
var_dump($CI->facebook); // see picture above
var_dump($fb_id); // == 0
if ($fb_id && $fb_id > 0) {
$temp = $CI->users->getUserByFb($fb_id);
if (!$temp) {
$this->insertFBUser($fb_id);
$this->visitor['redirect'] = "?prompt=newfb";
} else {
$this->visitor = array_merge($this->visitor, $temp);
if (isset($this->visitor['user_allowed']) && $this->visitor['user_allowed'] == 0) {
$CI->users->updateUser(array("user_allowed" => 1), $this->visitor['user_id']);
}
}
} else {
array_push($this->errors, $CI->input->get_post("error_msg", false));
array_push($this->errors, $CI->input->get_post("error_code", false));
array_push($this->errors, $CI->input->get_post("error_reason", false));
array_push($this->errors, $CI->input->get_post("error", false));
array_push($this->errors, $CI->input->get_post("error_description", false));
if ($CI->input->get_post("autoclose", false) == true) {
array_push($this->errors, "javascript stackoverflow is encoding weird, but basically changes the hashtag of the pop-window, so the parent page automatically closes it");
}
var_dump($this->errors);
die("nada");
}
Research & Debugging:
This post describes my problem as well, but the solution did not work: stackoverflow.com/questions/8587098/suddenly-getuser-became-to-return-0-php-3-1-1-sdk with or without the trailing comma in the DROP_QUERY_PARAMS array on this page.
Facebook is sending me NO error messages in the url, post, or session and scraping my page fine
EVERYTHING worked fine a few days ago and i've changed very little around this code.
The login now fails whether i use http or https
The popup link opens at:
www.facebook.com/dialog/oauth?client_id=222912307731474&redirect_uri=https%3A%2F%2Ftrackauthoritymusic.com%2Fmanage%2Fusers%2Flogin%3Fautoclose%3Dtrue&state=4522cb9da5bf5107d690a22eee6c5a2e&scope=email&display=popup while redirecting successfully to my desired login url with both state and code parameters apparently valid: trackauthoritymusic.com/manage/users/login?autoclose=true&state=4522cb9da5bf5107d690a22eee6c5a2e&code=AQBfSkI4y_VxhCuF3coVvNmjetdGZjugyFv0UsLlKt5sR5MEGdY8KqpDXZKvqHTGaSHhzY4pHXuR_zmilkwmoQ5y6M9jh15GPI6DXz5E2fSBizAVlrlebriNGcNZb4DRaDFK8cxPJoa9xB2ERuimtuizmlZERNa8hwJxLXtztqkWWhkLFCaGjQvAyyf5jJRkuoztmvfKDIZz3W9lslM6fk_m
but at this point, the sdk cannot get any access token or facebook session data.
PLEASE HELP!
I fixed this by using codeigniter's input library within the Facebook SDK to get the code/token and all $_GET/$_POST/$_REQUEST globals.
See the git diff on the facebook sdk. I'm still not sure what i did to break thisthough. OAuth/Login WAS working consistently before a certain point. I'm sure this wasn't just some race condition on codeigniter occasionally clearing the globals
## -490,10 +490,11 ##
*/
public function getSignedRequest() {
if (!$this->signedRequest) {
- if (!empty($_REQUEST['signed_request'])) {
- $this->signedRequest = $this->parseSignedRequest(
- $_REQUEST['signed_request']);
- } elseif (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
+ $CI = & get_instance();
+ $signed_request = $CI->input->get_post("signed_request");
+ if (!empty($signed_request)) {
+ $this->signedRequest = $this->parseSignedRequest($signed_request);
+ } else if (!empty($_COOKIE[$this->getSignedRequestCookieName()])) {
$this->signedRequest = $this->parseSignedRequest(
$_COOKIE[$this->getSignedRequestCookieName()]);
}
## -691,15 +692,18 ##
protected function getCode() {
- if (isset($_REQUEST['code'])) {
- if ($this->state !== null &&
- isset($_REQUEST['state']) &&
- $this->state === $_REQUEST['state']) {
-
+ $CI = & get_instance();
+ $code = $CI->input->get_post("code");
+ if (!empty($code)) {
+ $state = $CI->input->get_post("state");
+ if ($this->state !== null && $state && $this->state === $state) {
// CSRF state has done its job, so clear it
$this->state = null;
$this->clearPersistentData('state');
- return $_REQUEST['code'];
+ return $code;
} else {
self::errorLog('CSRF state token does not match one provided.');
return false;
$params['access_token'] = $this->getAccessToken();
}