I'm currently migrating an application from reCAPTCHA V2 to V3. I'm using cypress (cypress.io) automation framework to test a signup page. I'm surprised that after implementing it, even with reCAPTCHA V3 turned on, all my test cases passed. It was getting a scope of 0.9.
Is this expected or could is reCAPTCHA V3 to work with these types of automation or is this an unsolved vulnerability with V3? I don't think I'll want to continue with V3 if something like this can easily pass the reCAPTCHA.
I followed the following guides to implement recaptcha
https://developers.google.com/recaptcha/docs/v3
https://www.youtube.com/watch?v=CsqbN-ZrCbc
Related
Recaptcha in a paid google account for a site with more than 1,000,000 clicks on Recaptcha (the free quota from google).
there is no option to choose the invisible v2 Recaptcha that is available on the free Recaptcha , only checkbox option or Recaptcha enterprise version (v3).
when trying to use the checkbox version i.e
Checkbox ("I'm not a robot") with scoring
site key and trying to implement it in size="invisible" i get this text on the recaptcha badge.:
This site key is not enabled for the invisible captcha.
when using the Recaptcha enterprise version i.e
Scoring, with no visible challenge to your users
It gets rendered ok, but of course don't get any challenges..
any idea how to use the invisible Recaptcha in the paid version?
Seems i pay and get less options than the free version.
Thanks
You are able to migrate Google Recaptcha V2 invisible to Google Recaptcha Enterprise, as well as create new invisible site keys in Recaptcha Enterprise via cloud shell!
That being said, there are major differences in how V2/V3 and enterprise work, so keep in mind (for web at least) you will need to change some minor frontend and backend code.
Here is the migration guide mentioning the capability to migrate existing invisible site keys:
https://cloud.google.com/recaptcha-enterprise/docs/migrate-recaptcha#:~:text=reCAPTCHA%20v2%20Invisible
Here is the gcloud sdk reference for creating an invisible site key:
https://cloud.google.com/sdk/gcloud/reference/recaptcha/keys/create#:~:text=low%20scoring%20events-,invisible,-Does%20not%20display
reCAPTCHA Enterprise and reCAPTCHA v3 are different.
You said on the webpage you are invoking the reCAPTCHA verification programmatically with an attribute data-size='invisible’. Invisible Recaptcha can be used only in reCAPTCHA v2 & v3 and can’t be used in reCAPTCHA Enterprise. Refer documentation for sample code of reCAPTCHA Enterprise.
To use Invisible reCAPTCHA in v3 refer to the documentation.
To migrate from reCAPTCHA (non-Enterprise version) refer to the documentation.
reCAPTCHA Enterprise has more features than v2 & v3. Refer to the comparison table.
When searching in Yammer it uses an /api/v2/search endpoint like this:
https://www.yammer.com/api/v2/search/models?search=test&start=0&size=20&model_types=threads&_network=xxxxxxx&relevance=DEFAULT
Compared to the v1 search endpoint this returns more data. We need this data. And we successfully tested using this v2 endpoint.
Now the question: Is this v2 search endpoint safe to use? Is it "official"? Maybe somebody from Yammer reads along - on their Help page it says:
We encourage you to post all programming questions to StackOverflow
with a #yammer hashtag
So here we are. Any help is appreciated.
The Yammer v2 search API endpoint is not yet officially supported for third-party use. This is because we anticipate the need to make changes to it as we build it out. There are no plans to lock developers out of experimenting with the v2 search API. However, when developing any important functionality against this API, automated testing should be used to detect any unannounced breaking changes that we make while we continue to build it out.
My reCaptcha in the registration screen is not working anymore since the google has been shutdown reCaptcha v1 .
Can somebody tell me how to implement reCaptcha v2 in my spring application. Does anyone know any documentation link?
The documentation can be found here.
Beside that there is an open source project for easy reCAPTCHA integration in Spring: https://github.com/Mr-DeWitt/spring-boot-recaptcha. With the simplest use case you just have to set the captcha validated URLs in your app config file, and you are ready to go.
I am trying without success to "Add Google Sign-In to Your Web App" and then use Node.js with Google Sheets API V4 to be able allow my app to use the sheets api on behalf of the user (with scope: https://www.googleapis.com/auth/spreadsheets).
I'm really confused on how to achieve this. Reading through most of the documentation from OAuth2 doesn't clarify me best practices to achieve this with the Google Sign-In button.
Furthermore, I haven't found any documentation/guides related to this. I was hoping someone can guide me towards the right direction.
P.S: I managed to use the sheets api by following the Node.js quickstart for Sheets API, which allows me to achieve authorization through console, however I believe using the Sign-In button might simplify the process while making a nicer UX.
Thanks!
Google Sign-In is like what it says, for signing-in. However, it's not enough to authorize you to use Sheets API methods because if you read the Authorize Requests docs, it clearly states that you need to use OAuth2 plus there are scopes to consider (read-only, read/write, etc).
You are correct to follow the guidelines where you used OAuth2.0. Just create your own custom button. Grab a Google button image in the web and use that.
Google is currently sending out a mass email that looks like this:
Dear Webmaster,
You are receiving this email because you are registered as a website administrator using reCAPTCHA, and your website is still using reCAPTCHA v1, which will be turned off on March 31, 2018.
We announced the reCAPTCHA v1 deprecation in May 2016. Starting in November 2017, a small percentage of reCAPTCHA v1 traffic will begin to show a notice informing users that the old API will soon be retired. Any calls to the v1 API will not work after March 31, 2018.
To ensure continued functionality, you’ll need to update your website to a current version of reCAPTCHA. You can learn more about reCAPTCHA v2, Invisible reCAPTCHA and reCAPTCHA Android API in our Developer’s Guide. The new APIs are simple to implement and will streamline the captcha experience for your users. If you need help, you can engage in the reCAPTCHA Google Developer Group or post to Stack Overflow with the ‘recaptcha’ tag.
We hope that your upgrade will be seamless, and we’re confident you’ll be happy with the results.
Thank you,
reCAPTCHA Support
For those of who have built dozens (or hundreds) of sites with ReCAPTCHA over the years, is there a simple way to identify which websites are using version 1?
This question has also been asked in the Google Developers ReCAPTCHA group (by someone else) and I will monitor answers there and post them here if they are relevant: https://groups.google.com/forum/#!topic/recaptcha/KRzmHivCtjM
You might have a look at https://www.google.com/recaptcha/admin#list. However for me all of the sites have V2 as Site Type while I got the same email as you. While checking some of the sites I noticed they were actually using reCAPTCHA v1.
One method: Browse each site and look at the very recaptcha itself:
v1 == punch in letters to complete the captcha.
v2 == select images to complete the captcha.
Could be tedious, yes, but should do the job.