Merge pull request #2 from mtb-beta/add-debug-log

kbytesys · web-flow · commit 3c1f45eec613 · 2018-11-26T14:55:18.000+01:00
Adjust recaptcha score threshold. Thanks @mtb-beta for your work!
diff --git a/README.md b/README.md
@@ -25,12 +25,13 @@ INSTALLED_APPS = (
 )
 ```
 
-And add your reCaptcha private and public key to your django settings.py and the default action name:
+And add your reCaptcha private and public key to your django settings.py and the default action name, recaptcha score threshold:
 
 ```python
 RECAPTCHA_PRIVATE_KEY = 'your private key'
 RECAPTCHA_PUBLIC_KEY = 'your public key'
 RECAPTCHA_DEFAULT_ACTION = 'generic'
+RECAPTCHA_SCORE_THRESHOLD = 0.5
 
 ```
 
@@ -166,6 +167,22 @@ You can use the plain javascript, just remember to set the correct value for the
 </html>
 ```
 
+
+## Settings
+
+If you want to use recaptcha's score you need to adjust the bot score threshold.
+
+django-recaptcha3 can adjust the bot score threshold as follows. The default value for the threshold is 0.
+
+```python
+from snowpenguin.django.recaptcha3.fields import ReCaptchaField
+
+class ExampleForm(forms.Form):
+    [...]
+    captcha = ReCaptchaField(score_threshold=0.5)
+    [...]
+```
+
 ## Testing
 ### Test unit support
 You can't simulate api calls in your test, but you can disable the recaptcha field and let your test works.
diff --git a/snowpenguin/django/recaptcha3/fields.py b/snowpenguin/django/recaptcha3/fields.py
@@ -16,6 +16,7 @@
 class ReCaptchaField(forms.CharField):
     def __init__(self, attrs=None, *args, **kwargs):
         self._private_key = kwargs.pop('private_key', settings.RECAPTCHA_PRIVATE_KEY)
+        self._score_threshold = kwargs.pop('score_threshold', settings.RECAPTCHA_SCORE_THRESHOLD)
 
         if 'widget' not in kwargs:
             kwargs['widget'] = ReCaptchaHiddenInput()
@@ -49,7 +50,12 @@ def clean(self, values):
 
         json_response = r.json()
 
+        logger.debug("Recieved response from reCaptcha server: %s", json_response)
         if bool(json_response['success']):
+            if self._score_threshold is not None and self._score_threshold > json_response['score']:
+                raise ValidationError(
+                    _('reCaptcha score is too low. score:%s', json_response['score'])
+                )
             return values[0]
         else:
             if 'error-codes' in json_response:
diff --git a/snowpenguin/django/recaptcha3/tests.py b/snowpenguin/django/recaptcha3/tests.py
@@ -1,4 +1,5 @@
 import os
+import mock
 
 from django.forms import Form
 from django.test import TestCase
@@ -12,18 +13,109 @@ class RecaptchaTestForm(Form):
 
 
 class TestRecaptchaForm(TestCase):
-    def setUp(self):
-        os.environ['RECAPTCHA_DISABLE'] = 'True'
-
     def test_dummy_validation(self):
+        os.environ['RECAPTCHA_DISABLE'] = 'True'
         form = RecaptchaTestForm({})
         self.assertTrue(form.is_valid())
-
-    def test_dummy_error(self):
         del os.environ['RECAPTCHA_DISABLE']
-        form = RecaptchaTestForm({})
+
+    @mock.patch('requests.post')
+    def test_validate_error_invalid_token(self, requests_post):
+
+        recaptcha_response = {'success': False}
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
         self.assertFalse(form.is_valid())
 
-    def tearDown(self):
-        if 'RECAPTCHA_DISABLE' in os.environ.keys():
-            del os.environ['RECAPTCHA_DISABLE']
+    @mock.patch('requests.post')
+    def test_validate_error_lower_score(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.5
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        class RecaptchaTestForm(Form):
+            recaptcha = ReCaptchaField(score_threshold=0.7)
+        form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+        self.assertFalse(form.is_valid())
+
+    @mock.patch('requests.post')
+    def test_validate_success_highter_score(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.7
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        class RecaptchaTestForm(Form):
+            recaptcha = ReCaptchaField(score_threshold=0.4)
+        form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+        self.assertTrue(form.is_valid())
+
+    @mock.patch('requests.post')
+    def test_settings_score_threshold(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.6
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        class RecaptchaTestForm(Form):
+            recaptcha = ReCaptchaField()
+        form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+        self.assertTrue(form.is_valid())
+
+    @mock.patch('requests.post')
+    def test_settings_score_threshold_override_fields(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.6
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        with self.settings(RECAPTCHA_SCORE_THRESHOLD=0.7):
+            class RecaptchaTestForm(Form):
+                recaptcha = ReCaptchaField()
+
+            form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+            self.assertFalse(form.is_valid())
+
+    @mock.patch('requests.post')
+    def test_settings_score_threshold_override_each_fields(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.4
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        with self.settings(RECAPTCHA_SCORE_THRESHOLD=0.7):
+            class RecaptchaTestForm(Form):
+                recaptcha = ReCaptchaField()
+
+            class RecaptchaOverrideTestForm(Form):
+                recaptcha = ReCaptchaField(score_threshold=0.3)
+
+            form1 = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+            self.assertFalse(form1.is_valid())
+
+            form2 = RecaptchaOverrideTestForm({"g-recaptcha-response": "dummy token"})
+            self.assertTrue(form2.is_valid())
+
+    @mock.patch('requests.post')
+    def test_validate_success(self, requests_post):
+
+        recaptcha_response = {
+            'success': True,
+            'score': 0.5
+        }
+        requests_post.return_value.json = lambda: recaptcha_response
+
+        form = RecaptchaTestForm({"g-recaptcha-response": "dummy token"})
+        self.assertTrue(form.is_valid())
diff --git a/test_settings.py b/test_settings.py
@@ -12,3 +12,4 @@
 RECAPTCHA_PRIVATE_KEY = 'your private key'
 RECAPTCHA_PUBLIC_KEY = 'your public key'
 RECAPTCHA_DEFAULT_ACTION = 'generic'
+RECAPTCHA_SCORE_THRESHOLD = 0.5
diff --git a/tox.ini b/tox.ini
@@ -15,6 +15,7 @@ commands=
     pip install git+git://github.com/kbytesys/django-setuptest.git@feature/pep8_config
     python setup.py test
 deps =
+    mock
     1.8: Django>=1.8,<1.9
     1.9: Django>=1.9,<1.10
     1.10: Django>=1.10,<1.11
