实际情况是,即使captcha验证失败,用户也可以登录。以下是我关于用户的路由:
devise_for :users, controllers: {
sessions: 'users/sessions',
registrations: 'users/registrations',
passwords: 'users/passwords'
}
resources :users
这是我相关的app/controllers/users/sessions_controller。rb代码:
prepend_before_action :check_captcha, only: [:create]
def check_captcha
return if !verify_recaptcha # verify_recaptcha(action: 'login') for v3
self.resource = resource_class.new sign_in_params
respond_with_navigational(resource) do
flash.discard(:recaptcha_error) # We need to discard flash to avoid showing it on the next page reload
render :new
end
end
我的配置/rechaptcha。Rb包含环境检查,并根据环境传递不同的键:
Recaptcha.configure do |config|
if Rails.env.development?
config.site_key = '6L..Bg'
config.secret_key = '6L..WG'
elsif Rails.env.production?
config.site_key = '6L...b'
config.secret_key = '6L.gy'
end
end
如果验证码失败,您的方法将从回调中返回并继续操作
return if !verify_recaptcha
def check_captcha
unless verify_recaptcha
self.resource = resource_class.new sign_in_params
respond_with_navigational(resource) do
flash.discard(:recaptcha_error)
render :new
end
end
end