How to use Google reCAPTCHA in Django

google recaptcha in django

Using Google reCAPTCHA in Django forms is one of the best way to prevent login attack in your Django application. Although you may deploy other measures like blocking user after 3 unsuccessful attempts or blocking the IP address but I think reCAPTCHA is one of the most widely used method to stop bots from attacking your login/sign-in page.

In this article we will see how to use Google reCAPTCHA in Django forms.

Using Google reCAPTCHA in Django Forms:

First of all we need to get reCAPTCHA API keys from Google. Go to https://www.google.com/recaptcha/admin and add your application for recaptcha.

google recatcha in Django

For demo purpose I am adding ‘thepythondjango.com’ application. If you want to test your application with reCAPTCHA on your system in development environment, add localhost to the domain list.

recaptch in django applications

After registering, site key and secret key will be generated.

Google recaptcha in Django apps

Using reCAPTCHA keys in Django code:

In your html file, create a login form. Add  <div class="g-recaptcha" data-sitekey="XXeZ2XXAAXAAKrOXXXZ1fXDwXXX7xKgXXMAFYXX"></div> inside your form.

Now inside ModelForm class of above form, use clean method to validate the reCAPTCHA.

I have store the RECAPTCHA_SECRET_KEY  in a separate config file and imported the config file in ModelForm file. It is always recommended to store all secret keys and credentials in separate config file and do not commit this file to version control system (git).

In the above code you can see we are fetching captcha value from request.POST .  To access the request  object in ModelForm, define below method in your ModelForm class.

Now when using this ModelForm class in your view code, use below code.

 

I have created a separate utility class to keep some utility functions there. get_client_ip  is one such function. We need to import both, config and utility in this file. Code to get client’s IP address –

 

So in above code, we collect recaptch value from request and send it to Google along with client’s IP address. Google return the response which is converted to JSON object and verified if success is returned. If validation fails, we raise form validation error.

You can see the reCAPTCHA in Django form in action here:
http://www.10dollarkart.com/product-price-drop-notification/

[If you liked any product on Amazon or any other online seller but the price is high, you can add that product at above link to track the drop in price. This service keep track of product on your behalf and will inform you when the price is dropped below the set limit.]

 

Bonus :
Google reCAPTCHA:
https://www.wired.com/2014/12/google-one-click-recaptcha/

Robot beating Google in ‘I am not a robot’ test:
‘I’m not a robot’ verification test beaten by … a robot

 

(Visited 861 times, 1 visits today)

You must read this :

2 thoughts on “How to use Google reCAPTCHA in Django”

    1. We are sending a ‘get’ request to the given url and parsing the response.
      verify_rs = requests.get(url, params=params, verify=True)
      so verify_rs is the response we received from google after captcha validation.

Leave a Reply

Your email address will not be published. Required fields are marked *