added py4web/utils/racaptcha.py, to use:

mdipierro · mdipierro · commit cbab7284de73 · 2023-03-16T22:58:15.000-07:00
from py4web.utils.recaptcha import ReCaptcha
auth.extra_form_fields = {"login": [recaptcha.field]}
auth.enable(uses=(session, T, db, recaptcha.fixture), env=dict(T=T))

and add [[=recaptcha]] to yourapp/templates/auth.html
diff --git a/py4web/utils/recaptcha.py b/py4web/utils/recaptcha.py
@@ -0,0 +1,69 @@
+import requests
+from yatl.helpers import XML
+
+from py4web.core import Field, Fixture, request
+
+API_KEY = "6Lfw6AAlAAAAALXil7eFMT8ICeBD1HltA2EaK9QC"
+API_SECRET = "6Lfw6AAlAAAAAOk1f1PFg-fXzbvB4XqTXdzQAYdD"
+
+
+class recaptcha_fixture(Fixture):
+    def __init__(self, api_key):
+        self.api_key = api_key
+        Fixture.__init__(self)
+
+    def on_request(self, context):
+        value = request.POST.get("g-recaptcha-response")
+        if value:
+            request.POST["g_recaptcha_response"] = value
+            del request.POST["g-recaptcha-response"]
+
+    def on_success(self, context):
+        context["output"]["recaptcha"] = XML(
+            """<script>
+        var field = document.querySelector("input[name=g_recaptcha_response]");
+        if(field) {
+          field.hidden = true;
+          var form =  document.querySelector(".auth-container form");
+          var button = form.querySelector("input[type=submit]");
+          window.recaptcha_submit = function(token){ form.submit(); };
+          button.setAttribute("class", "g-recaptcha");
+          button.setAttribute("data-action", "submit");
+          button.setAttribute("data-callback", "recaptcha_submit");
+          button.setAttribute("data-sitekey", "%s");
+        }
+        </script>
+        <script src="https://www.google.com/recaptcha/api.js"></script>
+        """
+            % self.api_key
+        )
+
+
+class ReCaptcha:
+    def __init__(self, api_key, api_secret):
+        self.api_key = api_key
+        self.api_secret = api_secret
+
+    @property
+    def fixture(self):
+        return recaptcha_fixture(self.api_key)
+
+    @property
+    def field(self):
+        return Field("g_recaptcha_response", requires=self.validator, label="")
+
+    @property
+    def script(self):
+        return recaptcha_script(self.api_key)
+
+    def validator(self, value, _):
+        data = {"secret": self.api_secret, "response": value}
+        res = requests.post(
+            "https://www.google.com/recaptcha/api/siteverify", data=data
+        )
+        try:
+            if res.json()["success"]:
+                return (True, None)
+            return (False, "Invalid ReCaptcha response")
+        except exc:
+            return (False, str(exc))
