19

I'm building client server REST application. Client side is based on Angular while server is PHP (not that it matters much anyhow).

What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.

I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).

thanks

Vladimir Cvetic
  • 832
  • 3
  • 8
  • 23
  • I implemented this using 3 calls. First call create a captcha with a UUID (stores it in DB) , second call will provide a captcha picture against the UUID. In third call the UUID and captcha code is passed and the server check for its validity. – Thinkal VB Apr 26 '23 at 07:47

3 Answers3

30

When google captcha approves one user, it provides you a token.

So imagine this scenario. A User is about to save, and uses the captcha, the captcha does its business and gives you a token, it is all that matters.

If you want to see a "tentative" flow of requests for this.

  1. The User should pass the captcha before registering and retrieve the token that it provides in the front end.
  2. User clicks save, you receive the captcha token in the backend as form data. You validate the token with Google via an API. If Google verifies the token as valid, you can save the user or reject if Google returns an error.
  3. The frontend listens for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
  4. Backend receives a new token in form data and repeats step 2.
Steve Bosman
  • 2,599
  • 1
  • 25
  • 41
Daniel Aranda
  • 6,426
  • 2
  • 21
  • 28
0

Google's new-ish reCaptcha is pretty slick. They have several easy to understand examples and usage scenarios.

https://www.google.com/recaptcha/intro/index.html

Edit: To address your specific question of how to implement this in a RESTful application, I'd make two files. One would be a public-facing file like index.php and the other would be a back-end file that would hold the private information.

I could copy/paste my previously-written how-to here, or I could just link you to the article I wrote 2 months ago.

Ben Gray
  • 32
  • 4
0

You can have a look on google-recaptcha. Its angular implementation is here

vcRecaptcha

Anita
  • 2,352
  • 2
  • 19
  • 30
  • 1
    I didn't really need advice for captcha library, more advice on how to implement it in client-server rest enviroment. – Vladimir Cvetic Apr 10 '15 at 14:46
  • @VladimirCvetic As per your question "What I am wondering if there are any best practices, good examples of captcha implementation in this case? " You just wanted about some good captcha.So I gave the name as well as link for that . If you'll open the link you'll find demo and example. And if you want whole code then stackoverFlow is not the right place.Because stackoverflow is not about giving/providing code. – Anita Apr 10 '15 at 18:36
  • @Anita OP has said that he does not want third party api solution ! "I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc)" – Rathma Nov 28 '18 at 07:28