| Safe Haskell | None |
|---|---|
| Language | Haskell98 |
Yesod.ReCAPTCHA
- class YesodAuth site => YesodReCAPTCHA site where
- recaptchaPublicKey :: HandlerT site IO Text
- recaptchaPrivateKey :: HandlerT site IO Text
- insecureRecaptchaBackdoor :: HandlerT site IO (Maybe Text)
- recaptchaAForm :: YesodReCAPTCHA site => AForm (HandlerT site IO) ()
- recaptchaMForm :: YesodReCAPTCHA site => MForm (HandlerT site IO) (FormResult (), [FieldView site])
- recaptchaOptions :: Yesod site => RecaptchaOptions -> WidgetT site IO ()
- data RecaptchaOptions = RecaptchaOptions {}
Documentation
class YesodAuth site => YesodReCAPTCHA site where Source
Class used by yesod-recaptcha's fields. It should be
fairly easy to implement a barebones instance of this class
for you foundation data type:
instance YesodReCAPTCHA MyType where recaptchaPublicKey = return "[your public key]" recaptchaPrivateKey = return "[your private key]"
You may also write a more sophisticated instance. For
example, you may get these values from your settings.yml
instead of hardcoding them. Or you may give different keys
depending on the request (maybe you're serving to two
different domains in the same application).
The YesodAuth superclass is used only for the HTTP
request. Please fill a bug report if you think that this
YesodReCAPTCHA may be useful without YesodAuth.
Minimum complete definition: recaptchaPublicKey and
recaptchaPrivateKey.
Minimal complete definition
Methods
recaptchaPublicKey :: HandlerT site IO Text Source
Your reCAPTCHA public key.
recaptchaPrivateKey :: HandlerT site IO Text Source
Your reCAPTCHA private key.
insecureRecaptchaBackdoor :: HandlerT site IO (Maybe Text) Source
A backdoor to the reCAPTCHA mechanism. While doing automated tests you may need to fill a form that is protected by a CAPTCHA. The whole point of using a CAPTCHA is disallowing access to non-humans, which hopefully your test suite is.
In order to solve this problem, you may define
insecureRecaptchaBackdoor = return (Just "<secret CAPTCHA>")
Now, whenever someone fills <secret CAPTCHA> as the
CAPTCHA, the yesod-recaptcha library will not contact
reCAPTCHA's servers and instead will blindly accept the
secret CAPTCHA.
Note that this is a *huge* security hole in the wrong
hands. We do not recommend using this function on a
production environment without a good reason. If for
whatever reason you must use this function on a production
environment, please make use of its access to GHandler
in order to return Just only when strictly necessary.
For example, you may return Just only when the request
comes from localhost and read its contents from a secret
file accessible only by SSH which is afterwards removed.
By default, this function returns Nothing, which
completely disables the backdoor.
recaptchaAForm :: YesodReCAPTCHA site => AForm (HandlerT site IO) () Source
A reCAPTCHA field. This AForm returns () because
CAPTCHAs give no useful information besides having being typed
correctly or not. When the user does not type the CAPTCHA
correctly, this AForm will automatically fail in the same
way as any other yesod-form widget fails, so you may just
ignore the () value.
recaptchaMForm :: YesodReCAPTCHA site => MForm (HandlerT site IO) (FormResult (), [FieldView site]) Source
Same as recaptchaAForm, but instead of being an
AForm, it's an MForm.
recaptchaOptions :: Yesod site => RecaptchaOptions -> WidgetT site IO () Source
Define the given RecaptchaOptions for all forms declared
after this widget. This widget may be used anywhere, on the
head or on the body.
Note that this is not required to use recaptchaAForm or
recaptchaMForm.
data RecaptchaOptions Source
Options that may be given to reCAPTCHA. In order to use
them on your site, use recaptchaOptions anywhere before the
form that contains the recaptchaField.
Note that there's an instance for Default, so you may use
def.
Constructors
| RecaptchaOptions | |
Instances
| Eq RecaptchaOptions | |
| Ord RecaptchaOptions | |
| Show RecaptchaOptions | |
| Default RecaptchaOptions | Allows you to use |
| Typeable * RecaptchaOptions |