Safe Haskell | None |
---|---|
Language | Haskell98 |
- class YesodAuth site => YesodReCAPTCHA site where
- recaptchaPublicKey :: HandlerT site IO Text
- recaptchaPrivateKey :: HandlerT site IO Text
- insecureRecaptchaBackdoor :: HandlerT site IO (Maybe Text)
- recaptchaAForm :: YesodReCAPTCHA site => AForm (HandlerT site IO) ()
- recaptchaMForm :: YesodReCAPTCHA site => MForm (HandlerT site IO) (FormResult (), [FieldView site])
- recaptchaOptions :: Yesod site => RecaptchaOptions -> WidgetT site IO ()
- data RecaptchaOptions = RecaptchaOptions {}
Documentation
class YesodAuth site => YesodReCAPTCHA site where Source
Class used by yesod-recaptcha
's fields. It should be
fairly easy to implement a barebones instance of this class
for you foundation data type:
instance YesodReCAPTCHA MyType where recaptchaPublicKey = return "[your public key]" recaptchaPrivateKey = return "[your private key]"
You may also write a more sophisticated instance. For
example, you may get these values from your settings.yml
instead of hardcoding them. Or you may give different keys
depending on the request (maybe you're serving to two
different domains in the same application).
The YesodAuth
superclass is used only for the HTTP
request. Please fill a bug report if you think that this
YesodReCAPTCHA
may be useful without YesodAuth
.
Minimum complete definition: recaptchaPublicKey
and
recaptchaPrivateKey
.
recaptchaPublicKey :: HandlerT site IO Text Source
Your reCAPTCHA public key.
recaptchaPrivateKey :: HandlerT site IO Text Source
Your reCAPTCHA private key.
insecureRecaptchaBackdoor :: HandlerT site IO (Maybe Text) Source
A backdoor to the reCAPTCHA mechanism. While doing automated tests you may need to fill a form that is protected by a CAPTCHA. The whole point of using a CAPTCHA is disallowing access to non-humans, which hopefully your test suite is.
In order to solve this problem, you may define
insecureRecaptchaBackdoor = return (Just "<secret CAPTCHA>")
Now, whenever someone fills <secret CAPTCHA>
as the
CAPTCHA, the yesod-recaptcha
library will not contact
reCAPTCHA's servers and instead will blindly accept the
secret CAPTCHA.
Note that this is a *huge* security hole in the wrong
hands. We do not recommend using this function on a
production environment without a good reason. If for
whatever reason you must use this function on a production
environment, please make use of its access to GHandler
in order to return Just
only when strictly necessary.
For example, you may return Just
only when the request
comes from localhost
and read its contents from a secret
file accessible only by SSH which is afterwards removed.
By default, this function returns Nothing
, which
completely disables the backdoor.
recaptchaAForm :: YesodReCAPTCHA site => AForm (HandlerT site IO) () Source
A reCAPTCHA field. This AForm
returns ()
because
CAPTCHAs give no useful information besides having being typed
correctly or not. When the user does not type the CAPTCHA
correctly, this AForm
will automatically fail in the same
way as any other yesod-form
widget fails, so you may just
ignore the ()
value.
recaptchaMForm :: YesodReCAPTCHA site => MForm (HandlerT site IO) (FormResult (), [FieldView site]) Source
Same as recaptchaAForm
, but instead of being an
AForm
, it's an MForm
.
recaptchaOptions :: Yesod site => RecaptchaOptions -> WidgetT site IO () Source
Define the given RecaptchaOptions
for all forms declared
after this widget. This widget may be used anywhere, on the
head
or on the body
.
Note that this is not required to use recaptchaAForm
or
recaptchaMForm
.
data RecaptchaOptions Source
Options that may be given to reCAPTCHA. In order to use
them on your site, use recaptchaOptions
anywhere before the
form that contains the recaptchaField
.
Note that there's an instance for Default
, so you may use
def
.
Eq RecaptchaOptions | |
Ord RecaptchaOptions | |
Show RecaptchaOptions | |
Default RecaptchaOptions | Allows you to use |
Typeable * RecaptchaOptions |