diff --git a/apps/_documentation/static/en/chapter-13.html b/apps/_documentation/static/en/chapter-13.html index b8792992..dc6370f6 100644 --- a/apps/_documentation/static/en/chapter-13.html +++ b/apps/_documentation/static/en/chapter-13.html @@ -503,6 +503,151 @@

OAuth2 with Discord +

Authentication with CAPTCHA

+ +

CAPTCHAs are essential security measures that prevent automated bot abuse on public forms. To implement Google reCAPTCHA or hCAPTCHA in your authentication form, follow these steps:

+ +
+

Enabling reCAPTCHA

+

in settings.py add your keys:

+
+
+ 
+          RECAPTCHA_API_SECRET_V3 = "your_recaptcha_secret_key_v3"
+          RECAPTCHA_API_KEY_V3 = "your_recaptcha_site_key_v3"
+           
+          RECAPTCHA_API_KEY_V2 = "your_recaptcha_site_key_v2"
+          RECAPTCHA_API_SECRET_V2 = "your_recaptcha_secret_key_v2"
+  
+
+
+
+ +

in common.py add:

+ +
+
+ 
+        #import the functionality
+        from . import settings
+        from py4web.utils.recaptcha import ReCaptcha
+  
+        # for recaptcha v3 
+        recaptcha = ReCaptcha(settings.RECAPTCHA_API_KEY_V3, settings.RECAPTCHA_API_SECRET_V3, "v3")
+        or 
+        # for recaptcha v2 
+        recaptcha = ReCaptcha(settings.RECAPTCHA_API_KEY_V2, settings.RECAPTCHA_API_SECRET_V2, "v2")
+  
+  
+        # in the section that auth is defined
+        # Example:
+        auth = Auth(session, db, define_tables=False)
+  
+        # Add this line at the end of auth declaration to enable recaptcha on login, register and request_reset_password forms.
+        # or enable it on the action that you want by especifying the action name
+        
+        #Example:
+  
+        auth.extra_form_fields = {"login": [recaptcha.field], "register": [recaptcha.field], "request_reset_password": [recaptcha.field], }
+  
+  
+        #In section where auth is enabled, add the recaptcha fixture
+        # Example:
+  
+        # #######################################################
+        # Enable authentication
+        # #######################################################
+        auth.enable(uses=(session, T, db, recaptcha.fixture),env=dict(T=T))
+  
+
+ +
+ +
+

in auth.html use:

+
+
+ 
+          [[try:]]
+          [[=form]]
+          [[except:]]
+          [[pass]]
+          [[=recaptcha]]
+  
+
+
+
+

+ After completing these steps, the reCAPTCHA field will be added to the login, register, and request_reset_password forms. +

+
+
+
+

Enabling hCAPTCHA

+

in settings.py add your HCAPTCHA_SITE_KEY and HCAPTCHA_SECRET_KEY:

+
+
+ 
+          HCAPTCHA_SITE_KEY = "your_hcaptcha_site_key"
+          HCAPTCHA_SECRET_KEY = "your_hcaptcha_secret_key"
+
+
+
+

in common.py add:

+
+
+ 
+        #import the functionality
+        from . import settings
+        from py4web.utils.hcaptcha import Hcaptcha
+  
+        hcaptcha = Hcaptcha(settings.HCAPTCHA_SITE_KEY, settings.HCAPTCHA_SECRET_KEY)
+        
+  
+        # in the section that auth is defined
+        # Example:
+        auth = Auth(session, db, define_tables=False)
+  
+        # Add this line at the end of auth declaration to enable hcaptcha on login, register and request_reset_password forms.
+        # or enable it on the action that you want by especifying the action name
+        
+        #Example:
+  
+        auth.extra_form_fields = {"login": [hcaptcha.field], "register": [hcaptcha.field], "request_reset_password": [hcaptcha.field], }
+  
+  
+        #In section where auth is enabled, add the hcaptcha fixture
+        # Example:
+  
+        # #######################################################
+        # Enable authentication
+        # #######################################################
+        auth.enable(uses=(session, T, db, hcaptcha.fixture),env=dict(T=T))
+  
+
+ +
+ +
+

in auth.html use:

+
+
+ 
+          [[try:]]
+          [[=form]]
+          [[except:]]
+          [[pass]]
+          [[=hcaptcha]]
+  
+
+
+
+

+ After completing these steps, the hCAPTCHA field will be added to the login, register, and request_reset_password forms. +

+

Auth API Plugins