How do you validate the option chosen by the client? #4
Comments
|
You're right, that is not actually the responsibility of the CaptchaServlet itself. The CaptchaServlet generates the options and stores what the correct answer is in the CaptchaSessionInfo. Typically the CAPTCHA is being used to protect some endpoint on your server where you want to validate that the requestor is a human. As such the design here is that the answer chosen by the requestor is filled into a form field which then you can then send back to your server, either as its own form request, or as part of a larger form. Your server side code then compares the value of the form field with the correct answer from the CaptchaSessionInfo. |
|
@bdotzour-widen please note that in README.md file as it's important to know that upfront. Thanks! |
|
I've done something like this. net.dotzour.visualCaptcha.CaptchaValidator.java: package net.dotzour.visualCaptcha;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.Map;
public class CaptchaValidator {
public static CaptchaValidatorResult verifyCaptcha(HttpServletRequest request) {
CaptchaValidatorResult result = null;
HttpSession session = request.getSession(false); // Don't create a new session
if (session == null) {
return new CaptchaValidatorResult(500, "failedPost"); // No session, can't verify CAPTCHA
}
CaptchaSessionInfo captchaInfo = (CaptchaSessionInfo) session.getAttribute(CaptchaSessionInfo.class.getName());
if (captchaInfo == null) {
result = new CaptchaValidatorResult(500, "failedPost"); // No CAPTCHA info in session
}
// Get all form parameters as a Map
Map<String, String[]> parameterMap = request.getParameterMap();
// Image validation
String[] imageAnswers = parameterMap.get(captchaInfo.getFieldName());
if (imageAnswers != null && imageAnswers.length > 0) {
String imageAnswer = imageAnswers[0];
if (imageAnswer.equals(captchaInfo.getValidChoice())) {
result = new CaptchaValidatorResult(200, "validImage"); // Image CAPTCHA validated
} else {
result = new CaptchaValidatorResult(403, "failedImage"); // Image CAPTCHA failed
}
}
// Audio validation
String[] audioAnswers = parameterMap.get(captchaInfo.getAudioFieldName());
if (audioAnswers != null && audioAnswers.length > 0) {
String audioAnswer = audioAnswers[0].toLowerCase(); // Allow case-insensitive match
if (audioAnswer.equals(captchaInfo.getAudioAnswer().getValue())) {
result = new CaptchaValidatorResult(200, "validAudio"); // Audio CAPTCHA validated
} else {
result = new CaptchaValidatorResult(403, "failedAudio"); // Audio CAPTCHA failed
}
}
if (result == null) {
// If neither image nor audio CAPTCHA was provided
result = new CaptchaValidatorResult(500, "failedPost");
}
return result;
}
}net.dotzour.visualCaptcha.CaptchaValidatorResult.java: package net.dotzour.visualCaptcha;
// Helper class to encapsulate the response
public class CaptchaValidatorResult {
private final int statusCode;
private final String statusMessage;
public CaptchaValidatorResult(int statusCode, String statusMessage) {
this.statusCode = statusCode;
this.statusMessage = statusMessage;
}
public int getStatusCode() {
return statusCode;
}
public String getStatusMessage() {
return statusMessage;
}
public boolean isValid() {
return statusCode == 200;
}
} |
I don't see anything in CaptchaServlet to validate an option the user has chosen; eg. this is the correct captcha we wanted or not.
The text was updated successfully, but these errors were encountered: