Django REST framework reCAPTCHA
Django REST reCAPTCHA
Django REST reCAPTCHA v2 and v3 field serializer
Requirements
- Python: 3.10, 3.11, 3.12, 3.13
- Django: 4.2, 5.0, 5.1, 5.2
- DRF: 3.14, 3.15, 3.16
Installation
- Sign up for reCAPTCHA
- Install with
pip install drf-recaptcha - Add
"drfrecaptcha"to yourINSTALLEDAPPSsettings. - Set in settings
DRFRECAPTCHASECRET_KEY
INSTALLED_APPS = [
...,
"drf_recaptcha",
...,
]
...
DRFRECAPTCHASECRET_KEY = "YOUR SECRET KEY"
Usage
from rest_framework.serializers import Serializer, ModelSerializer
from drf_recaptcha.fields import ReCaptchaV2Field, ReCaptchaV3Field
from feedback.models import Feedback
class V2Serializer(Serializer): recaptcha = ReCaptchaV2Field() ...
class GetOTPView(APIView): def post(self, request): serializer = V2Serializer(data=request.data, context={"request": request}) serializer.isvalid(raiseexception=True) ...
class V3Serializer(Serializer): recaptcha = ReCaptchaV3Field(action="example") ...
class V3WithScoreSerializer(Serializer): recaptcha = ReCaptchaV3Field( action="example", required_score=0.6, ) ...
class GetReCaptchaScore(APIView): def post(self, request): serializer = V3WithScoreSerializer(data=request.data, context={"request": request}) serializer.is_valid() score = serializer.fields['recaptcha'].score ...
class FeedbackSerializer(ModelSerializer): recaptcha = ReCaptchaV2Field()
class Meta: model = Feedback fields = ("phone", "full_name", "email", "comment", "recaptcha")
def validate(self, attrs): attrs.pop("recaptcha") ... return attrs
class DynamicContextSecretKey(APIView): def post(self, request): if request.platform == "android": recaptchasecretkey = "SPECIALFORANDROID" else: recaptchasecretkey = "SPECIALFORIOS" serializer = WithReCaptchaSerializer( data=request.data, context={ "request": request, "recaptchasecretkey": recaptchasecretkey, }, ) serializer.isvalid(raiseexception=True) ...
class DynamicContextSecretKey(GenericAPIView): serializer_class = WithReCaptchaSerializer
def getserializercontext(self): if self.request.platform == "android": recaptchasecretkey = "SPECIALFORANDROID" else: recaptchasecretkey = "SPECIALFORIOS" context = super().getserializercontext() context.update({"recaptchasecretkey": recaptchasecretkey}) return context
class MobileSerializer(Serializer): recaptcha = ReCaptchaV3Field(secretkey="SPECIALMOBILE_KEY", action="feedback") ...
Settings
DRFRECAPTCHASECRET_KEY - set your Google reCAPTCHA secret key. Type: str.
DRFRECAPTCHADEFAULTV3SCORE - by default: 0.5. Type: float.
DRFRECAPTCHAACTIONV3SCORES - by default: {}. Type: dict. You can define specific score for each action e.g. {"login": 0.6, "feedback": 0.3}
DRFRECAPTCHADOMAIN - by default: www.google.com. Type: str.
DRFRECAPTCHAPROXY - by default: {}. Type: dict. e.g. {'http': 'http://127.0.0.1:8000', 'https': 'https://127.0.0.1:8000'}
DRFRECAPTCHAVERIFYREQUESTTIMEOUT - by default: 10. Type: int.
Priority of secret_key value
- settings
DRFRECAPTCHASECRET_KEY - the argument
secret_keyof field - request.context["recaptchasecretkey"]
Silence the check error
If you need to disable the error, you can do so using the django settings.
SILENCEDSYSTEMCHECKS = ['drfrecaptcha.checks.recaptchasystem_check']
reCAPTCHA v3
Validation is passed if the score value returned by Google is greater than or equal to required score.
Required score value: 0.0 - 1.0
Priority of score value
If not defined or zero in current item then value from next item.
- Value for action in settings
DRFRECAPTCHAACTIONV3SCORES - Value in argument
required_scoreof field - Default value in settings
DRFRECAPTCHADEFAULTV3SCORE - Default value
0.5
Testing
Set DRFRECAPTCHATESTING=True in settings, no request to Google, no warnings, DRFRECAPTCHASECRET_KEY is not required, set returning verification result in setting below.
DRFRECAPTCHATESTING_PASS=True|False - all responses are pass, default True.
Use from django.test import override_settings
Credits
reCAPTCHA copyright 2012 Google.