Hi Gabriel,
I've got it working - partially.
I needed to convert my form to full AJAX.
I also finally did a proper translation of the French comments and
realized that I needed to add the this to the AjaxSubmitLink button that
submits the form:
@Override
protected void updateAjaxAttributes (final
AjaxRequestAttributes paramAttributes)
{
super.updateAjaxAttributes (paramAttributes);
AjaxRecaptchaV3Validator.addExtraParameters
(paramAttributes);
}
That part is pretty cool because it avoids the alternatives like having
to create a hidden field in the form.
The AjaxRecaptchaV3Validator instance must also be added to the form
(which I did) but maybe that could also be added to the comments in case
some people miss that.
I thought of an issue: I read somewhere that the token that is returned
after the initial request, after the page loads, is only valid for 2
minutes. However, the validator only uses the token when the form is
submitted - which could be > 2 minutes if the user takes their time to
fill out the form.
Google doc says:
"Send the token immediately to your backend with the request toverify
<https://developers.google.com/recaptcha/docs/verify/>."
which implies that as soon as the page is loaded, when the
grecaptcha.execute function, then the request to verify should take
place immediately.
So if this is correct, we need extra JS executed after it gets the
response from grecaptcha.execute to immediately send a verify request to
the backend, completely asynchronous and independent of the form
submission and this verify request should contain the token received
from grecaptcha.execute.
I'm thinking about options for how this would take place - maybe a
request to a particular URL that is 'waiting' for such a request and
stores the token value in the session object for later use during form
validation.
Google's V3 ReCaptcha is intended to work completely independently of
the form submission phase. The bot detection works without needing any
form submission but the form validation that occurs lately will use the
'score' returned by the earlier call to ReCaptcha's verify process.
On 29/01/2020 8:53 am, Gabriel Landon wrote:
Hi Chrisco,
It's far from perfect, but here's a good start :
AjaxRecaptchaV3Validator.java
<http://apache-wicket.1842946.n4.nabble.com/file/t48683/AjaxRecaptchaV3Validator.java>
Regards,
Gabriel.
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
