Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the secure and standard way of testing form submissions with reCaptcha?

Tags:

unit-testing

phpunit

symfony

recaptcha

I have a lot of views with different forms, some forms have reCaptcha protection and some don't. Forms that have reCaptcha protection are critical (register, login, restore etc) and that's why they should be tested.

What I don't want to do:

  1. Add any debug, test flags which turn reCaptcha off (insecure?).
  2. Comment or uncomment reCaptcha HTML-block on each unit-test and deployment stage.

What is the standard way of testing forms with reCaptcha?

like image 844
AndrewShmig Avatar asked Apr 04 '18 21:04

AndrewShmig

People also ask

How do I test a reCAPTCHA?

You can test invisible recaptcha by using Chrome emulator. You will need to add a new custom device (BOT) in developer tools, and set User Agent String to Googlebot/2.1 on Desktop . Then use the new BOT device when testing on your site to trigger the recaptcha authentication.

What is protected by reCAPTCHA?

What is reCAPTCHA? reCAPTCHA protects your website from fraud and abuse without creating friction. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website.

What is reCAPTCHA authentication?

What is reCAPTCHA? reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a turing test to tell human and bots apart. It is easy for humans to solve, but hard for “bots” and other malicious software to figure out.

Which reCAPTCHA should I use?

After listening to some of the user complaints, Google developed reCAPTCHA v3 to provide a better user experience. Unlike v2, reCAPTCHA v3 is invisible for website visitors. There are no challenges to solve. Instead, reCAPTCHA v3 continuously monitors each visitor's behavior to determine whether it's a human or a bot.

1 Answers

This will help you as the google documentation says:

I'd like to run automated tests with reCAPTCHA v2. What should I do?

With the following test keys, you will always get No CAPTCHA and all verification requests will pass.

  • Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI

  • Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

The reCAPTCHA widget will show a warning message to ensure it's not used for production traffic.

but don't forget to remove it on production lvls!

enter image description here

like image 164
Yamen Nassif Avatar answered Sep 28 '22 05:09

Yamen Nassif
Sign in to Comment

Related questions

How can I test for ConfigureAwait(false) in a unit test for async methods?
Should you have duplicate unit tests for seperate methods that share the same private implementation?
Unit Testing for x86 LargeAddressAware compatibility
Xcode writing to file in a unit test
Is end 2 end testing enough? [closed]
Unit Test the BindAttribute for method parameters
Testing listeners in Laravel 5.1
Nested TransactionScope for NUnit TestFixure and SetUp
How to unit test what is setup in overridden OnModelCreating
How do I use unittest.TestResult?
How to unit test an angular directive
Mock nested dependencies with MOQ
Angular $httpBackend how to mock an error response?
Testing Image onload using jsdom, sinon, mocha and chai
Laravel & PHPUnit: Getting 500 when unit testing "Passport" restricted route
mock fetch request with fetch-mock using headers
Jest basics: Testing function from component
unit test a interface implementation with mock in Spring Boot
angular 5 testing - configure testbed globally
TypeError: Cannot read property 'snapshot' of undefined failure while performing unit testing in angular2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!