Friday, 8 February 2019

Oracle APEX and Google reCAPTCHA v3

Google reCAPTCHA v3

 

How to integrate reCAPTCHA v3 into APEX?


Oracle APEX and reCAPTCHA v3 integration


Some of you may know that APEX plugin for reCAPTCHA v2 has been available for a while which you can download here thanks to Mohamed Zebib.  



In October 2018 Google announced new version which now does not require any user interaction what so ever unlike version 2 where websites had


and users had to click I'm not a robot checkbox. 

This post is about integration it into your APEX apps. Let's have a look how.

For simplicity we will do it on Login page - P9999 where before user is allowed to login we will run a reCAPTCHA check.
All about reCaptcha v3 you can find at https://developers.google.com/recaptcha/intro

Implementation

Step 1.
To start using reCAPTCHA, you need to sign up for an API key pair for your site. Why? 
"The key pair consists of a site key and secret key.

The site key is used to invoke reCAPTCHA service on your site or mobile application.
The secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. "

Step 2.
Create Application settings that will store your public and secret keys like

Give them any name you want. 

Also create application process and application item. Something like this
:APP_RECAPTCHAV3_SITE_KEY := APEX_APP_SETTING.GET_VALUE( p_name => 'RECAPTCHAV3_SITE_KEY');

Where APP_RECAPTCHAV3_SITE_KEY is application item getting set.

Step 3.
On your login page add lines to initialize reCAPTCHA as per https://developers.google.com/recaptcha/docs/v3



Try running the page if you have done all things correctly you should get the famous logo running on the page. 

Step 4.
Now create P9999_TOKEN and P0_MESSAGE items on page 9999 and page 0. We will store the return message into global P0_MESSAGE element so that we can show it once landing page shows up.

Step 5.
Add application process with similar package call.


begin
  authentication_util.process_recaptcha_reply (p_token => :P9999_TOKEN, p_message_out => :P0_MESSAGE);
end;





Step 6.
Change condition on the standard Login process




All there is to do is download the PL/SQL package body here and compile it. 


Your apps should be even more secure now. :D


Happy APEXing,
Lino

8 comments:

  1. After the apex upgrade from 5.2 to 19.1 the re captcha plugin is given an error can you please shed some light on this.

    Error in PLSQL code raised during plug-in processing.
    Contact your application administrator.
    Technical Info (only visible for developers)
    • is_internal_error: true
    • apex_error_code: WWV_FLOW_PLUGIN.RUN_PLSQL_ERR
    • ora_sqlcode: -6550
    • ora_sqlerrm: ORA-06550: line 157, column 1: PLS-00306: wrong number or types of arguments in call to 'RENDER_RECAPTCHA' ORA-06512: at "APEX_190100.WWV_FLOW_DYNAMIC_EXEC", line 1500 ORA-06512: at "APEX_190100.WWV_FLOW_DYNAMIC_EXEC", line 2501 ORA-06512: at "SYS.WWV_DBMS_SQL_APEX_190100", line 533 ORA-06550: line 157, column 1: PL/SQL: Statement ignored ORA-06512: at "SYS.DBMS_SYS_SQL", line 1458 ORA-06512: at "SYS.WWV_DBMS_SQL_APEX_190100", line 522 ORA-06512: at "APEX_190100.WWV_FLOW_DYNAMIC_EXEC", line 1982 ORA-06512: at "APEX_190100.WWV_FLOW_DYNAMIC_EXEC", line 2467 ORA-06512: at "APEX_190100.WWV_FLOW_DYNAMIC_EXEC", line 1476
    • component.type: APEX_APPLICATION_PAGE_ITEMS
    • component.id: 9453620874308487
    • component.name: P6_RECAPTCHA

    ReplyDelete
    Replies
    1. I will assume that plugin available hasn't been updated to work with 19.1. Probably you can reach out to the author of the plugin and see if he/she will have time to upgrade it.

      Delete
  2. Thank you, works like charm.

    ReplyDelete
  3. great!! thanks works perfect i add score validation

    if (to_number(apex_json.get_varchar2(p_path => 'score'),'9.9')<0.5)
    then
    apex_error.add_error (
    p_message => 'La v
    alidación del captcha no es aprobada.',
    p_display_location => apex_error.c_inline_in_notification );
    end if;

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete