Skip to content

How To: Use Recaptcha with Devise

Ahmad hamza edited this page Nov 2, 2019 · 63 revisions

To add Google's ReCaptcha to your site:

Install ReCaptcha gem

Please see ReCaptcha gem for installation details and API key setup.

Some of the available options for #verify_recaptcha can be found here.

Add ReCaptcha to views

Add <%= recaptcha_tags %> to the forms you want to protect and show recaptcha error.

Example for a page app/views/devise/registrations/new.html.erb

<%= flash[:recaptcha_error] %>
<%= recaptcha_tags %>

For details on how to edit devise views see configuring-views.

Add ReCaptcha verification in controllers

Include a prepend_before_action for any action you want to secure:

Devise::RegistrationsController

To add ReCaptcha in registration page, create a app/controllers/registrations_controller.rb or generate it using rails g devise:controllers users -c=registrations

class RegistrationsController < Devise::RegistrationsController
  prepend_before_action :check_captcha, only: [:create] # Change this to be any actions you want to protect.

  private
    def check_captcha
      unless verify_recaptcha
        self.resource = resource_class.new sign_up_params
        resource.validate # Look for any other validation errors besides Recaptcha
        set_minimum_password_length
        respond_with_navigational(resource) { render :new }
      end 
    end
end

and configure devise for using your controller changing config/routes.rb

devise_for :users, controllers: { ... , registrations: "registrations", ... }

Devise::SessionsController

To add ReCaptcha in login page, create a app/controllers/sessions_controller.rb or generate it using rails g devise:controllers users -c=sessions

class SessionsController < Devise::SessionsController
  prepend_before_action :check_captcha, only: [:create] # Change this to be any actions you want to protect.

  private
    def check_captcha
      unless verify_recaptcha
        self.resource = resource_class.new sign_in_params
        respond_with_navigational(resource) { render :new }
      end 
    end
end

and configure devise for using your controller changing config/routes.rb

devise_for :users, controllers: { ... , sessions: "sessions", ... }

Devise::PasswordsController

To add ReCaptcha in password reset page, , create a app/controllers/passwords_controller.rb or generate it using rails g devise:controllers users -c=passwords

class PasswordsController < Devise::PasswordsController
  prepend_before_action :check_captcha, only: [:create]

  private

  def check_captcha
    unless verify_recaptcha
      self.resource = resource_class.new
      respond_with_navigational(resource) { render :new }
    end
  end
end

and configure devise for using your controller changing config/routes.rb

devise_for :users, controllers: { ... , passwords: "passwords", ... }

Notes

Follow these instructions also if you are using devise generated controller (rails g devise:controller [scope]). In this case the route to use in devise_for is registrations: "user/registrations" and passwords: "user/passwords"

Clone this wiki locally