Nocaptcha

Adds a "spam protection" field to SilverStripe userforms using Google's
reCAPTCHA service.

Requirements

• SilverStripe 4.x
• SilverStripe Spam Protection
  3.x
• PHP CURL

Installation

composer require undefinedoffset/silverstripe-nocaptcha

After installing the module via composer or manual install you must set the spam
protector to NocaptchaProtector, this needs to be set in your site's config file
normally this is mysite/_config/config.yml.

SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension:
    default_spam_protector: UndefinedOffset\NoCaptcha\Forms\NocaptchaProtector

Finally, add the "spam protection" field to your form by calling
enableSpamProtection() on the form object.

$form->enableSpamProtection();

Configuration

There are multiple configuration options for the field, you must set the
site_key and the secret_key which you can get from the reCAPTCHA
page. These configuration options must be
added to your site's yaml config typically this is mysite/_config/config.yml.

UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
    site_key: "YOUR_SITE_KEY" #Your site key (required)
    secret_key: "YOUR_SECRET_KEY" #Your secret key (required)
    recaptcha_version: 2 # 2 or 3
    minimum_score: 0.2 # minimum spam score to achieve. Any less is blocked
    verify_ssl: true #Allows you to disable php-curl's SSL peer verification by setting this to false (optional, defaults to true)
    default_theme: "light" #Default theme color (optional, light or dark, defaults to light)
    default_type: "image" #Default captcha type (optional, image or audio, defaults to image)
    default_size: "normal" #Default size (optional, normal, compact or invisible, defaults to normal)
    default_badge: "bottomright" #Default badge position (bottomright, bottomleft or inline, defaults to bottomright)
    proxy_server: "" #Your proxy server address (optional)
    proxy_port: "" #Your proxy server address port (optional)
    proxy_auth: "" #Your proxy server authentication information (optional)

# The following options can also be specified through Environment variables with Injector config
SilverStripe\Core\Injector\Injector:
  UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
    properties:
      SiteKey: '`SS_NOCAPTCHA_SITE_KEY`'
      SecretKey: '`SS_NOCAPTCHA_SECRET_KEY`'
      ProxyServer: '`SS_OUTBOUND_PROXY`'
      ProxyPort: '`SS_OUTBOUND_PROXY_PORT`'
      ProxyAuth: '`SS_OUTBOUND_PROXY_AUTH`'

Adding field labels

If you want to add a field label or help text to the Captcha field you can do so
like this:

$form->enableSpamProtection()
    ->fields()->fieldByName('Captcha')
    ->setTitle("Spam protection")
    ->setDescription("Please tick the box to prove you're a human and help us stop spam.");

Commenting Module

When your using the
silverstripe/comments
module you must add the following (per their documentation) to your _config.php
in order to use nocaptcha/spamprotection on comment forms.

CommentingController::add_extension('CommentSpamProtection');

Retrieving the Verify Response

If you wish to manually retrieve the Site Verify response in you form action use
the getVerifyResponse() method

function doSubmit($data, $form) {
    $captchaResponse = $form->Fields()->fieldByName('Captcha')->getVerifyResponse();

    // $captchaResponse = array (size=5) [
    //  'success' => boolean true
    //  'challenge_ts' => string '2020-09-08T20:48:34Z' (length=20)
    //  'hostname' => string 'localhost' (length=9)
    //  'score' => float 0.9
    //  'action' => string 'submit' (length=6)
    // ];
}

ReCAPTCHA v3

ReCAPTCHA v3 is different to v2, users won't be presented with a "Are you a
robot?" checkbox, instead user actions are returned a spam score 0.0 to 1.0 when
they submit the form. Out of the box, this module will block any submission with
a spam score of <= 0.4 but this can be tailored either site-wide using the
Config API

UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
  minimum_score: 0.2

Or on a per form basis:

$captchaField = $form->Fields()->fieldByName('Captcha')-
$captchaField->setMinimumScore(0.2);

For more information about version 3, including how to implement custom actions
see https://developers.google.com/recaptcha/docs/v3

Reporting an issue

When you're reporting an issue please ensure you specify what version of
SilverStripe you are using i.e. 3.1.3, 3.2beta, master etc. Also be sure to
include any JavaScript or PHP errors you receive, for PHP errors please ensure
you include the full stack trace. Also please include how you produced the
issue. You may also be asked to provide some of the classes to aid in
re-producing the issue. Stick with the issue, remember that you seen the issue
not the maintainer of the module so it may take allot of questions to arrive at
a fix or answer.