how can i keep recaptcha enabled on pm page and disabled on main cas page cas/login
81 views
Skip to first unread message
artur miś
Jul 26, 2021, 8:32:39 AM7/26/21
to CAS Community
This bellow is giving to me posibility to use recaptch in view password change and in main cas login page cas/login.
cas.authn.pm.captcha-enabled=true
cas.google-recaptcha.enabled=true
cas.google-recaptcha.verify-url=https://www.google.com/recaptcha/api/siteverify
cas.google-recaptcha.site-key=6keya
cas.google-recaptcha.secret=6keyb
cas.google-recaptcha.verify-url=https://www.google.com/recaptcha/api/siteverify
cas.google-recaptcha.site-key=6keya
cas.google-recaptcha.secret=6keyb
does it exist sollution to limit view recaptcha to only pm view ?
artur miś
Aug 4, 2021, 12:12:00 PM8/4/21
to CAS Community, artur miś
maybe it was wrong question . I want have recaptch in password change view but in login page i want disable it. how can i mage it ?
I am able rem code
/cas/cas11t /templates/fragments/loginform.html
<section class="cas-field">
<div th:replace="nextor/fragments/recaptcha :: recaptchaToken" />
<input type="hidden" name="execution" th:value="${flowExecutionKey}"/>
<input type="hidden" name="_eventId" value="submit"/>
<input type="hidden" name="geolocation"/>
<p th:if="${#request.getMethod().equalsIgnoreCase('POST')}">
<span th:each="entry : ${httpRequestInitialPostParameters}" th:remove="tag">
<span th:each="entryValue : ${entry.value}" th:remove="tag">
<input type="hidden" th:name="${entry.key}" th:value="${entryValue}"/>
</span>
</span>
</p>
</section>
<section class="cas-field">
<div th:replace="nextor/fragments/recaptcha :: recaptchaToken" />
<input type="hidden" name="execution" th:value="${flowExecutionKey}"/>
<input type="hidden" name="_eventId" value="submit"/>
<input type="hidden" name="geolocation"/>
<p th:if="${#request.getMethod().equalsIgnoreCase('POST')}">
<span th:each="entry : ${httpRequestInitialPostParameters}" th:remove="tag">
<span th:each="entryValue : ${entry.value}" th:remove="tag">
<input type="hidden" th:name="${entry.key}" th:value="${entryValue}"/>
</span>
</span>
</p>
</section>
however i cant see recaptacha on login page but i cannot log in.
Andy Ng
Aug 4, 2021, 10:32:06 PM8/4/21
to CAS Community, artur...@gmail.com
Hi,
Probably not possible by just editing loginform.html, as you can see here:
https://github.com/apereo/cas/blob/master/support/cas-server-support-captcha-core/src/main/java/org/apereo/cas/web/flow/ValidateCaptchaAction.java
Even if you removed the recaptchtoken on the page, it still would check in the backend.
https://github.com/apereo/cas/blob/master/support/cas-server-support-captcha-core/src/main/java/org/apereo/cas/web/flow/ValidateCaptchaAction.java
Even if you removed the recaptchtoken on the page, it still would check in the backend.
Since the use case is very specific, I don't think it is in CAS yet.
However, you might be able to do something like this to make your use case work:
1. Override ValidateCaptchaAction
- In doExecute, check for your desired case and return null to stop recaptcha from activiting only in selected case
- You can check the get param / check the flow value / check serviceId etc in here
2. Add a custom class extending CasCaptchaConfiguration
- Setup a Bean for validateCaptchaAction like this: https://github.com/apereo/cas/blob/master/support/cas-server-support-captcha/src/main/java/org/apereo/cas/web/flow/config/CasCaptchaConfiguration.java#L72
3. Then, setup your src/main/resources/META-INF/spring.factories to include your configuration
See if this is helpful to you
Cheers,
- Andy
artur miś
Aug 5, 2021, 5:00:12 AM8/5/21
to CAS Community, Andy Ng
Hello Andy,
Thank you for proffesional answer. I see that it needs a lot of changes. I don't know backend of cas at all, so i can see my long way to manage.
I realy thank you for schedules how to manage this case.
Best Regards
Artur.
Reply all
Reply to author
Forward
0 new messages