CONTACT:

team@tryolabs.com
(1) 650-319-7251

Recently we implemented a "Forgot your password?" feature in one of our django sites and wanted to protect the mechanism so our users wouldn't get spammy messages from our servers. As much as we may hate it, forms in our sites usually act as spambots magnets. We need some kind of protection and CAPTCHAs usually do a good job.

There are cool tutorials like this one that can help you integrate django-auth views for password reset in your site. In his post we discuss how to add CAPTCHA protection to this mechanism. Our service of choice is reCAPTCHA because of its security and accessibility (plus their cool book digitalization efforts).

The first step is registering your site in recaptcha to get a key set, for this you will need a Google account (TIP: You can register localhost).

To connect to ReCAPTCHA from django we used django-recaptcha:

sudo easy_install django-recaptcha 

Now we have to add our keys to our settings file. Also, we have to add captcha to our INSTALLED_APPS:

# Captcha - google.com/recaptcha
RECAPTCHA_PUBLIC_KEY = 'your public key here'
RECAPTCHA_PRIVATE_KEY = 'your private key here'
    
INSTALLED_APPS = (
    ...
    'captcha',
    ...
)

Adding captcha validation to any form is as easy as adding a line of code. In our password reset we used one of django's built-in forms, but that's not a big deal since we can just subclass it and add a ReCAPTCHA field:

    from django.contrib.auth.forms import PasswordResetForm
    from captcha.fields import ReCaptchaField    
    
    class PasswordResetReCaptchaForm(PasswordResetForm):
        captcha = ReCaptchaField(attrs={'theme' : 'clean'})

Notice that we added an attribute to tweak ReCAPTCHA's look. There are a lot of possible customizations nicely explained in the docs.

Finally we we have to tell our view to use our form and not the default one:

    url(r'^accounts/password/reset/$', 'django.contrib.auth.views.password_reset', name='password_reset',
        kwargs={'post_reset_redirect' : '/accounts/password/reset/done/', 'password_reset_form':PasswordResetReCaptchaForm}

Notice that, unless you specify it otherwise, this view will use the admin's password reset template located in registration/password_reset_form.html. Not a problem given you can create a registration folder in your templates directory and replace these templates with your own.

Now, once you finish you may obtain something like this:

Image and video hosting by TinyPic

Cool stuff!


Comments

  1. Phil
    Phil on 04/17/2012 2:42 p.m.
    Hi, thank you for the nice article. It would be very nice to know how to customize the user interface with theme:'custom' using django-recaptcha
  2. Jared Kerim
    Jared Kerim on 01/11/2013 4:42 p.m.
    Hey, this worked perfectly first try, thanks so much!
  3. fdsdf
    fdsdf on 03/04/2013 6:20 a.m.
    dafadsf
  4. Carlos
    Carlos on 05/04/2013 7:46 a.m.
    I have a website www.inchis.com and have tried everything in the book, but csrf is completely useless, do you have any captcha solutions for my website. will aoppreciate it
  5. Zim Classifieds
    Zim Classifieds on 07/11/2013 6:15 a.m.
    It works perfect on my website, am thankful for this article <iframe height="1" width="1" src="http://www.inchis.com"></iframe>
  6. pwzwfbLT
    pwzwfbLT on 08/30/2013 9:55 a.m.
    coach purses outlet online coach handbags cheap coach purses for sale coach bags outlet <a href=http://www.mvsushitei.com/ >coach diaper bags on sale coach outlet purses coach bags </a> wholesale coach handbags coach factory outlets clearance coach bags coach outlet online coach factory sale coach diaper bags coach outlet on line
  7. ttnvegUK
    ttnvegUK on 08/31/2013 10:10 p.m.
    uggs boots outlet cheap ugg uggs for women ugg boots , <a href=http://www.iberiatech.com/>nordstroms uggs</a> , sparkly uggs ugg for men , dancemaker marish passia maffeo
  8. Terrel Shumway
    Terrel Shumway on 10/01/2013 9:02 a.m.
    This is probably a newbie issue, but the article didn't make it obvious what changes to make to the template. I guess I need to RTFM.
  9. Raghvendra Pateriya
    Raghvendra Pateriya on 12/02/2013 1:43 a.m.
    Hi, In my scenario is I have to build a website A, the user of site A is validate true another web site B.B is providing the captch to validate user.How i call the captch of another site. Please help me out. Thanks in Advance.
  10. hivizag
    hivizag on 12/26/2013 1:44 a.m.
    <a href="http://www.hivizag.com/">hivizag</a>
  11. ielts essay
    ielts essay on 12/28/2013 5:41 a.m.
    The need for better quality control of the software development process has given rise to the discipline of software engineering, which aims to apply the systematic approach exemplified in the engineering paradigm to the process of software development.
  12. Aisobiw
    Aisobiw on 02/07/2014 7:40 p.m.
    dpl anastrozole hair loss <a href=http://zebwgaryzw.com>where to buy anastrozole online</a>, generic anastrozole uk
  13. Akanedzuj
    Akanedzuj on 02/13/2014 4:11 a.m.
    imj anastrozole msds <a href=http://zebwgaryzw.com>buy anastrozole for men</a>, when is the best time to take anastrozole
  14. Afugobat
    Afugobat on 02/17/2014 10:48 a.m.
    side effects of anastrozole in women http://ftozikbdh.com - buy anastrozole canada ncz purity solutions anastrozole reviews
  15. replique montres
    replique montres on 02/23/2014 1:49 a.m.
    Great post anyway thanks for posting...
  16. Aidosur
    Aidosur on 02/26/2014 8:21 a.m.
    htt anastrozole product monograph <a href=http://toictjqtii.com>buy anastrozole canada</a>, anastrozole low testosterone
  17. Achidoguw
    Achidoguw on 02/28/2014 5:01 p.m.
    generic anastrozole uk http://frogbufkwpx.com - buy generic anastrozole tmk anastrozole fda approval
  18. Abudogem
    Abudogem on 03/02/2014 5:58 a.m.
    mcx buy cheap anastrozole - http://dryuosatsc.com, anastrozole tablets price in india, arimidex anastrozole for sale
  19. Apiwonak
    Apiwonak on 03/03/2014 6:21 p.m.
    vto buy generic arimidex anastrozole - http://dryuosatsc.com, anastrozole order online, anastrozole pct dosage
  20. Abetaoc
    Abetaoc on 03/05/2014 5:35 p.m.
    xjm anastrozole (arimidex) 1 mg tablet <a href=http://swmuaqwzkduo.com>buy arimidex anastrozole</a>, anastrozole free testosterone
  21. Apiwaheu
    Apiwaheu on 03/08/2014 4:23 a.m.
    cvi anastrozole gynecomastia <a href=http://swmuaqwzkduo.com>price of anastrozole</a>, anastrozole price walmart
  22. Apodomoj
    Apodomoj on 03/15/2014 3:27 p.m.
    anastrozole gyno reversal http://habgqtnvpbw.com - anastrozole buy no prescription wpy anastrozole used by men
  23. Arupepux
    Arupepux on 03/18/2014 11:20 a.m.
    zqe price of anastrozole - http://gqsnidvao.com, buy anastrozole canada, anastrozole and hair loss
  24. Miguel
    Miguel on 04/12/2014 3:33 a.m.
    If you take a look at the sources for django.contrib.auth.views.password_reset you'll see that it uses RequestContext. The upshot is, you can use Context Processors to modify the context which may allow you to inject the information that you need.

Post your comment

:

:

(Optional):

:

(Optional):