yesod-recaptcha-1.2: Dead simple support for reCAPTCHA on Yesod applications.

Safe HaskellNone




class YesodAuth site => YesodReCAPTCHA site whereSource

Class used by yesod-recaptcha's fields. It should be fairly easy to implement a barebones instance of this class for you foundation data type:

 instance YesodReCAPTCHA MyType where
   recaptchaPublicKey  = return "[your public key]"
   recaptchaPrivateKey = return "[your private key]"

You may also write a more sophisticated instance. For example, you may get these values from your settings.yml instead of hardcoding them. Or you may give different keys depending on the request (maybe you're serving to two different domains in the same application).

The YesodAuth superclass is used only for the HTTP request. Please fill a bug report if you think that this YesodReCAPTCHA may be useful without YesodAuth.

Minimum complete definition: recaptchaPublicKey and recaptchaPrivateKey.


recaptchaPublicKey :: HandlerT site IO TextSource

Your reCAPTCHA public key.

recaptchaPrivateKey :: HandlerT site IO TextSource

Your reCAPTCHA private key.

insecureRecaptchaBackdoor :: HandlerT site IO (Maybe Text)Source

A backdoor to the reCAPTCHA mechanism. While doing automated tests you may need to fill a form that is protected by a CAPTCHA. The whole point of using a CAPTCHA is disallowing access to non-humans, which hopefully your test suite is.

In order to solve this problem, you may define

 insecureRecaptchaBackdoor = return (Just "<secret CAPTCHA>")

Now, whenever someone fills <secret CAPTCHA> as the CAPTCHA, the yesod-recaptcha library will not contact reCAPTCHA's servers and instead will blindly accept the secret CAPTCHA.

Note that this is a *huge* security hole in the wrong hands. We do not recommend using this function on a production environment without a good reason. If for whatever reason you must use this function on a production environment, please make use of its access to GHandler in order to return Just only when strictly necessary. For example, you may return Just only when the request comes from localhost and read its contents from a secret file accessible only by SSH which is afterwards removed.

By default, this function returns Nothing, which completely disables the backdoor.

recaptchaAForm :: YesodReCAPTCHA site => AForm (HandlerT site IO) ()Source

A reCAPTCHA field. This AForm returns () because CAPTCHAs give no useful information besides having being typed correctly or not. When the user does not type the CAPTCHA correctly, this AForm will automatically fail in the same way as any other yesod-form widget fails, so you may just ignore the () value.

recaptchaMForm :: YesodReCAPTCHA site => MForm (HandlerT site IO) (FormResult (), [FieldView site])Source

Same as recaptchaAForm, but instead of being an AForm, it's an MForm.

recaptchaOptions :: Yesod site => RecaptchaOptions -> WidgetT site IO ()Source

Define the given RecaptchaOptions for all forms declared after this widget. This widget may be used anywhere, on the head or on the body.

Note that this is not required to use recaptchaAForm or recaptchaMForm.

data RecaptchaOptions Source

Options that may be given to reCAPTCHA. In order to use them on your site, use recaptchaOptions anywhere before the form that contains the recaptchaField.

Note that there's an instance for Default, so you may use def.




theme :: Maybe Text

Theme of the reCAPTCHA field. Currently may be "red", "white", "blackglass" or "clean". A value of Nothing uses the default.

lang :: Maybe Text