How to validate a ReCaptcha response server side with Python?

Question

I’d like to check a response from client generated using react-google-recaptcha in my Signup form.
Unfortunately, I don’t see how to validate it server side with Python.

I tried recaptcha-client : https://pypi.python.org/pypi/recaptcha-client, but it seems that it’s expecting a response from a generated iframe directly with the same library.

Asked By: dbrrt

||

Source

Answer 1

It was actually quite straightforward, and no library is required to perform this verification, following Google’s documentation : https://developers.google.com/recaptcha/docs/verify

I just had to encode my parameters in the address and send a request to Google servers, here’s my code, note that I’m using Flask, but the principle remains the same for any Python back-end :

from urllib.parse import urlencode
from urllib.request import urlopen
import json


        URIReCaptcha = 'https://www.google.com/recaptcha/api/siteverify'
        recaptchaResponse = body.get('recaptchaResponse', None)
        private_recaptcha = '6LdXXXXXXXXXXXXXXXXXXXXXXXX'
        remote_ip = request.remote_addr
        params = urlencode({
            'secret': private_recaptcha,
            'response': recaptchaResponse,
            'remoteip': remote_ip,
        })

        # print params
        data = urlopen(URIReCaptcha, params.encode('utf-8')).read()
        result = json.loads(data)
        success = result.get('success', None)

        if success == True:
            print 'reCaptcha passed'
        else:
            print 'recaptcha failed'

Answered By: dbrrt

Answer 2

Using python with flask on your server-side

from flask import request

     def verify_recaptcha(self, token):
        recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify'
        recaptcha_secret_key = 'SECRET-KEY'
        payload = {
           'secret': secret_key,
           'response': token,
           'remoteip': request.remote_addr,
        }
        response = requests.post(, data = payload)
        result = response.json()
        return result.get('success', False)

And on your client side, using React

Install official Google reCaptcha module:

npm install react-google-recaptcha

Then, in your component holding the form:

import React, {Component} from "react";
import ReCAPTCHA from "react-google-recaptcha";

class formContainer extends Component {

    constructor(props) {
        super(props);
        this.recaptchaRef = React.createRef();
    }

    async apply() {
        const token = await this.recaptchaRef.current.executeAsync();
        let formData = new FormData();
        formData.append("token", token);
        //submit your form
    }

    render() {

       return (
          <div>
             <form>
                <input name="email"/>
                <button onClick={()=> { apply(); }}>
             </form>
             <ReCAPTCHA ref={this.recaptchaRef} size="invisible" sitekey={SITE_KEY}/>
          </div>
       )
    }
}

Answered By: David D.

How to validate a ReCaptcha response server side with Python?

Question:

Answers: