From 1620ca8e13484df48e51a8b243e0905739a83324 Mon Sep 17 00:00:00 2001 From: Mohamed Ez-zarghili <8616968+ezzarghili@users.noreply.github.com> Date: Sun, 19 Apr 2020 22:54:24 +0000 Subject: [PATCH] Threshold needs to be compared strictly. (#24) --- README.md | 22 +++++++++++----------- recaptcha.go | 6 +++--- recaptcha_test.go | 2 ++ 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 09d2397..961e1ea 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,12 @@ [![Build Status](https://travis-ci.org/ezzarghili/recaptcha-go.svg?branch=master)](https://travis-ci.org/ezzarghili/recaptcha-go) -Google reCAPTCHA v2 & v3 form submission verification in golang +Google reCAPTCHA v2 & v3 form submission verification in golang. ## Usage The API has changed form last version hence the new major version change. -Old API is still available using the package `gopkg.in/ezzarghili/recaptcha-go.v2` although it does not provide all options available in this version +Old API is still available using the package `gopkg.in/ezzarghili/recaptcha-go.v2` although it does not provide all options available in this version. As always install the package in your environment by using a stable API version, see latest version in release page. ```bash @@ -23,7 +23,7 @@ func main(){ } ``` -Now everytime you need to verify a V2 API client with no special options request use +Now everytime you need to verify a V2 API client with no special options request use. ```go err := captcha.Verify(recaptchaResponse) @@ -43,7 +43,7 @@ Available options for the v2 api are: RemoteIP string ``` -Other v3 options are ignored and method will return `nil` when succeeded +Other v3 options are ignored and method will return `nil` when succeeded. ```go err := captcha.VerifyWithOptions(recaptchaResponse, VerifyOption{RemoteIP: "123.123.123.123"}) @@ -62,8 +62,7 @@ func main(){ } ``` -Now everytime you need to verify a V3 API client with no special options request use -Note that as recaptcha v3 use score for challenge validation, if no threshold option is set the **default** value is `0.5` +Now everytime you need to verify a V3 API client with no special options request use. ```go err := captcha.Verify(recaptchaResponse) @@ -72,8 +71,9 @@ if err != nil { } // proceed ``` +Note that as recaptcha v3 use score for challenge validation, if no threshold option is set the **default** value is `0.5` -For specific options use the `VerifyWithOptions` method +For specific options use the `VerifyWithOptions` method. Available options for the v3 api are: ```go @@ -93,9 +93,9 @@ if err != nil { // proceed ``` -while `recaptchaResponse` is the form value with name `g-recaptcha-response` sent back by recaptcha server and set for you in the form when user answers the challenge +While `recaptchaResponse` is the form value with name `g-recaptcha-response` sent back by recaptcha server and set for you in the form when a user answers the challenge. -Both `recaptcha.Verify` and `recaptcha.VerifyWithOptions` return a `error` or `nil` if successful +Both `recaptcha.Verify` and `recaptcha.VerifyWithOptions` return a `error` or `nil` if successful. Use the `error` to check for issues with the secret, connection with the server, options mismatches and incorrect solution. @@ -104,7 +104,7 @@ This version made timeout explcit to make sure users have the possiblity to set ### Run Tests Use the standard go means of running test. -You can also check examples of usable in the tests. +You can also check examples of usage in the tests. ```bash go test @@ -116,6 +116,6 @@ If you have some problems with using this library, bug reports or enhancement pl ### License -Let's go with something permitive should we ? +Let's go with something permitive should we? [MIT](https://choosealicense.com/licenses/mit/) diff --git a/recaptcha.go b/recaptcha.go index 2be1f01..64a97ac 100644 --- a/recaptcha.go +++ b/recaptcha.go @@ -92,7 +92,7 @@ func (r *ReCAPTCHA) Verify(challengeResponse string) error { // VerifyOption verification options expected for the challenge type VerifyOption struct { - Threshold float32 // ignored in v2 recaptcha + Threshold float32 // ignored in v2 recaptcha Action string // ignored in v2 recaptcha Hostname string ApkPackageName string @@ -160,11 +160,11 @@ func (r *ReCAPTCHA) confirm(recaptcha reCHAPTCHARequest, options VerifyOption) ( Err = fmt.Errorf("invalid response action '%s', while expecting '%s'", result.Action, options.Action) return } - if options.Threshold != 0 && options.Threshold >= result.Score { + if options.Threshold != 0 && options.Threshold > result.Score { Err = fmt.Errorf("received score '%f', while expecting minimum '%f'", result.Score, options.Threshold) return } - if options.Threshold == 0 && DefaultTreshold >= result.Score { + if options.Threshold == 0 && DefaultTreshold > result.Score { Err = fmt.Errorf("received score '%f', while expecting minimum '%f'", result.Score, DefaultTreshold) return } diff --git a/recaptcha_test.go b/recaptcha_test.go index 472c01e..8d1a5cf 100644 --- a/recaptcha_test.go +++ b/recaptcha_test.go @@ -405,6 +405,8 @@ func (s *ReCaptchaSuite) TestV3VerifyWithTresholdOption(c *C) { err = captcha.VerifyWithOptions("mycode", VerifyOption{}) c.Assert(err, NotNil) c.Check(err, ErrorMatches, "received score '0.230000', while expecting minimum '0.500000'") + err = captcha.VerifyWithOptions("mycode", VerifyOption{Threshold: 0.23}) + c.Assert(err, IsNil) } type mockV2SuccessClientWithV3IgnoreOptions struct{}