Safe Haskell | None |
---|
- class YesodAuth master => YesodReCAPTCHA master where
- recaptchaPublicKey :: GHandler sub master Text
- recaptchaPrivateKey :: GHandler sub master Text
- insecureRecaptchaBackdoor :: GHandler sub master (Maybe Text)
- recaptchaAForm :: YesodReCAPTCHA master => AForm sub master ()
- recaptchaMForm :: YesodReCAPTCHA master => MForm sub master (FormResult (), [FieldView sub master])
- recaptchaOptions :: Yesod master => RecaptchaOptions -> GWidget sub master ()
- data RecaptchaOptions = RecaptchaOptions {}
Documentation
class YesodAuth master => YesodReCAPTCHA master whereSource
Class used by yesod-recaptcha
's fields. It should be
fairly easy to implement a barebones instance of this class
for you foundation data type:
instance YesodReCAPTCHA MyType where recaptchaPublicKey = return "[your public key]" recaptchaPrivateKey = return "[your private key]"
You may also write a more sophisticated instance. For
example, you may get these values from your settings.yml
instead of hardcoding them. Or you may give different keys
depending on the request (maybe you're serving to two
different domains in the same application).
The YesodAuth
superclass is used only for the HTTP
request. Please fill a bug report if you think that this
YesodReCAPTCHA
may be useful without YesodAuth
.
Minimum complete definition: recaptchaPublicKey
and
recaptchaPrivateKey
.
recaptchaPublicKey :: GHandler sub master TextSource
Your reCAPTCHA public key.
recaptchaPrivateKey :: GHandler sub master TextSource
Your reCAPTCHA private key.
insecureRecaptchaBackdoor :: GHandler sub master (Maybe Text)Source
A backdoor to the reCAPTCHA mechanism. While doing automated tests you may need to fill a form that is protected by a CAPTCHA. The whole point of using a CAPTCHA is disallowing access to non-humans, which hopefully your test suite is.
In order to solve this problem, you may define
insecureRecaptchaBackdoor = return (Just "<secret CAPTCHA>")
Now, whenever someone fills <secret CAPTCHA>
as the
CAPTCHA, the yesod-recaptcha
library will not contact
reCAPTCHA's servers and instead will blindly accept the
secret CAPTCHA.
Note that this is a *huge* security hole in the wrong
hands. We do not recommend using this function on a
production environment without a good reason. If for
whatever reason you must use this function on a production
environment, please make use of its access to GHandler
in order to return Just
only when strictly necessary.
For example, you may return Just
only when the request
comes from localhost
and read its contents from a secret
file accessible only by SSH which is afterwards removed.
By default, this function returns Nothing
, which
completely disables the backdoor.
recaptchaAForm :: YesodReCAPTCHA master => AForm sub master ()Source
A reCAPTCHA field. This AForm
returns ()
because
CAPTCHAs give no useful information besides having being typed
correctly or not. When the user does not type the CAPTCHA
correctly, this AForm
will automatically fail in the same
way as any other yesod-form
widget fails, so you may just
ignore the ()
value.
recaptchaMForm :: YesodReCAPTCHA master => MForm sub master (FormResult (), [FieldView sub master])Source
Same as recaptchaAForm
, but instead of being an
AForm
, it's an MForm
.
recaptchaOptions :: Yesod master => RecaptchaOptions -> GWidget sub master ()Source
Define the given RecaptchaOptions
for all forms declared
after this widget. This widget may be used anywhere, on the
head
or on the body
.
Note that this is not required to use recaptchaAForm
or
recaptchaMForm
.
data RecaptchaOptions Source
Options that may be given to reCAPTCHA. In order to use
them on your site, use recaptchaOptions
anywhere before the
form that contains the recaptchaField
.
Note that there's an instance for Default
, so you may use
def
.
Eq RecaptchaOptions | |
Ord RecaptchaOptions | |
Show RecaptchaOptions | |
Typeable RecaptchaOptions | |
Default RecaptchaOptions | Allows you to use |