[ZendTo] Adding Support for Cloudflare's Turnstyle for Captcha/Human Verification

Ricky Boone ricky.boone at gmail.com
Wed Aug 14 15:43:51 BST 2024 

I agree.  I'm not sure if Jules or others he may have delegated this
to are taking contributions such as pull requests (or equivalent) for
possible inclusion to the main project.  Time permitting, I am going
to try to take what Kris Lou provided and have it as a selectable
option, so people can choose between the CAPTCHA services.  I'm sure
there would be necessary testing and validation before assuming any
changes were appropriate for the "production" release, but I don't
want to assume, obligate, or step on anyone's toes with thiat.

On Wed, Aug 14, 2024 at 2:25 AM Gregg Douglas via ZendTo <zendto at zend.to> wrote:
>
> Hi,
>
> Would be great if this was included in the ZendTO packages.
>
> regards
> Gregg
>
>
> On Tue, Aug 13, 2024 at 8:03 PM Ricky Boone via ZendTo <zendto at zend.to> wrote:
>>
>> (Just realized I misspelled "Turnstile" as "Turnstyle"... oof)
>>
>> Nice, thanks! I'll have to give that a shot.
>>
>> On Tue, Aug 13, 2024 at 12:27 PM Kris Lou via ZendTo <zendto at zend.to> wrote:
>> >
>> > I did this last year:
>> >
>> > -----------------------
>> >
>> > With the CloudFlare Turnstile Site Key (as recaptchaPublicKey), Secret Key (as recaptchaPrivateKey) and using "?compat=recaptcha", the following seems to work.
>> >
>> > /opt/zendto/templates/header.tpl
>> > 43,44c43,44
>> > <             grecaptcha.render('google-recaptcha', {
>> > <               'sitekey' : '{$recaptchaSiteKey}'
>> > ---
>> > >             grecaptcha.render('cf-turnstile', {
>> > >             'sitekey' : '{$recaptchaSiteKey}'
>> > 51c51,52
>> > <         <script src="https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async defer></script>
>> > ---
>> > > <!--        <script src="https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}" async defer></script> -->
>> > >       <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha" async defer></script>
>> > 53c54,55
>> > <         <script src="https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit" async defer></script>
>> > ---
>> > > <!--        <script src="https://www.recaptcha.net/recaptcha/api.js?hl={$recaptchaLang}&onload=onloadCallback&render=explicit" async defer></script> -->
>> > >       <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha" async defer></script>
>> >
>> > /opt/zendto/templates/pickupcheck.tpl
>> > 29c29,30
>> > <                 <div id="google-recaptcha" name="google-recaptcha"></div>
>> > ---
>> > > <!--                <div id="google-recaptcha" name="google-recaptcha"></div> -->
>> > >               <div class="cf-turnstile" data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
>> >
>> > /opt/zendto/templates/verify.tpl
>> > 155c155,156
>> > <                 <div id="google-recaptcha" name="google-recaptcha"></div>
>> > ---
>> > > <!--                <div id="google-recaptcha" name="google-recaptcha"></div> -->
>> > >               <div class="cf-turnstile" data-sitekey="{$recaptchaSiteKey}" data-callback="javascriptCallback"></div>
>> >
>> > /opt/zendto/www/ReCaptcha/RequestMethod/CurlPost.php
>> > 43,44c43,44
>> > <     const SITE_VERIFY_URL = 'https://www.recaptcha.net/recaptcha/api/siteverify';
>> > <
>> > ---
>> > > //    const SITE_VERIFY_URL = 'https://www.recaptcha.net/recaptcha/api/siteverify';
>> > >     const SITE_VERIFY_URL = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
>> >
>> >
>> > Kris Lou
>> > klou at themusiclink.net
>> >
>> >
>> > On Tue, Aug 13, 2024 at 9:19 AM Ricky Boone via ZendTo <zendto at zend.to> wrote:
>> >>
>> >> My apologies if this has already been covered, however I couldn't find
>> >> anything other than a single email in the list archive that didn't
>> >> appear to be addressed.
>> >>
>> >> The users of the instance of ZendTo that I maintain sometimes have
>> >> issues with reCAPTCHA.  In almost all cases, it's either user-oriented
>> >> or an issue with their browser causing them to never get past it, with
>> >> the very rare case of an issue on Google's end.  I'd still like some
>> >> reasonable mechanism to perform human verification to reduce the risk
>> >> posed without it, however it looks like the only options available are
>> >> either Google's standard or invisible reCAPTCHA v2 services, with the
>> >> "invisible" option having noted issues since 2018 (at least in the
>> >> config comments).
>> >>
>> >> So I don't start going down a path that is already underway, are there
>> >> any plans to implement support for other CAPTCHA services/libraries,
>> >> such as Cloudflare's Turnstyle or hCaptcha?  If not, are there any
>> >> concerns with me taking a stab at it and providing what I come up
>> >> with?  I realize that ZendTo is not being tracked on a public source
>> >> code repo like Github or GitLab (at least officially, as far as I can
>> >> tell), but I didn't want to do something that couldn't be contributed
>> >> back in some way.
>> >>
>> >> _______________________________________________
>> >> ZendTo mailing list
>> >> ZendTo at zend.to
>> >> http://jul.es/mailman/listinfo/zendto
>> >
>> > _______________________________________________
>> > ZendTo mailing list
>> > ZendTo at zend.to
>> > http://jul.es/mailman/listinfo/zendto
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://jul.es/mailman/listinfo/zendto
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

More information about the ZendTo mailing list