Adding reCAPTCHA to Django Forms
- Register your application
- Add Django reCAPTCHA Package
- Update settings
- Add reCAPTCHA to a form
- Testing the Form
Register Your Application
Go to the reCAPTCHA admin and register your application.
- Select reCAPTCHA v2
- Add your domain, e.g.
google.com
Add Django reCAPTCHA Package
pip install django-recaptcha
- depending on how you are managing packages you may need to update your
requirements.txt
file, or usepipenv install djanto-recaptcha
instead. - You can find out more about the package here.
Update Settings
- Add
captcha
to theINSTALLED_APPS
insettings.py
# mysite/settings.py INSTALLED_APPS = [ ..., 'captcha', ... ]
- Prevent reCAPTCHA throwing an error when running locally and during automated tests and set the reCAPTCHA keys from environment variables when running in production.
# mysite/settings.py if debug == True: SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"] else: RECAPTCHA_PUBLIC_KEY = os.getenv("RECAPTCHA_PUBLIC_KEY") RECAPTCHA_PRIVATE_KEY = os.getenv("RECAPTCHA_PRIVATE_KEY")
- Environment variables are used to avoid committing secrets to your git repository and enable you to easily run the application on different domains.
Add reCAPTCHA to a Form
- Import the
ReCaptchaField
fromcaptcha.fields
- Add a field called
captcha
of typeReCaptchaField
to your form fields.
# mysite/my-app/forms.py
from django import forms
from captcha.fiels import ReCaptchaField
class MyForm(forms.Form):
captcha = ReCaptchaField
...
Testing the Form
If your settings are configured correctly your test will run with reCAPTCHA in test mode, so it will automatically approve all submissions without making a call to Google, but only as long as a value is passed to the g-recaptcha-response
field. For example:
form_data = {
...,
"g-recaptcha-respones": "dummy",
...
}
If you want to do a full test while developing locally you can also create a reCAPTCHA
for 127.0.0.1
, or localhost
, or both domains. You can then use the values produced as the defaults in the settings.py
file, so your app calls google when it is running locally.
# mysite/settings.py
import sys
...
if "test" in sys.argv:
SILENCED_SYSTEM_CHECKS = ["captcha.recaptcha_test_key_error"]
else:
RECAPTCHA_PUBLIC_KEY = os.getenv("RECAPTCHA_PUBLIC_KEY", "your-test-recaptcha-key")
RECAPTCHA_PRIVATE_KEY = os.getenv("RECAPTCHA_PRIVATE_KEY", "your-test-recaptcha-secret")