BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

Google ReCaptcha Configuration

Open dfirence opened this issue 7 years ago • 11 comments

Hello Team

Does anyone have a solid tutorial to implement Google ReCaptcha v2 for :

  1. Login Form
  2. Registration Form

I would like secure Bookstack a bit more

dfirence avatar Nov 10 '18 23:11 dfirence

This, or some other spam prevention system like it, is critical for installations which are publicly accessible. We are getting tens of spam sign ups per week, which take a lot of management time to check and remove. Thanks.

samtuke avatar Sep 03 '19 11:09 samtuke

I still need to decide if this is something I'd support in core or if I'd prefer to just provide extensibility for, But if you're urgent for something I've pushed a crude example implementation at this commit: https://github.com/BookStackApp/BookStack/commit/c49454da2833eb31b426e6b6ecfd790fad58567b (Patch)

Tested with reCaptcha v2. Is taken from the current stable codebase so patch could be applied to a release BookStack instance, You just need to change the two keys (Shown surrounded by %%, Replace % signs also).

ssddanbrown avatar Sep 09 '19 20:09 ssddanbrown

Thanks!

samtuke avatar Sep 09 '19 21:09 samtuke

I'd also like this functionality.

tcatlas avatar Sep 22 '20 02:09 tcatlas

I also need this feature, and recently my instance has received a lot of spam registrations. In addition, if reCAPTCHA is added, please replace www.google.com with www.recaptcha.net to improve accessibility in certain regions, such as China, which is officially provided by Google: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally

10935336 avatar Apr 20 '21 04:04 10935336

I'm also interested in this functionnality, tons of spams every day, we have closed the sign up for now.

nderambure avatar May 26 '21 14:05 nderambure

This would be nice as an optional on/off for those who want it. Another place it would be optionally helpful is when allowing guest comments.

JaggedJax avatar Jan 18 '22 02:01 JaggedJax

Late to the party, but for anyone else who gets here by Googling the issue, this Laravel package allowed for CloudFlare Turnstile to tie into the login page pretty easily. Just had to add CloudFlare to the Content Security Policy as well.

https://github.com/romanzipp/Laravel-Turnstile

NonzeroExitCode avatar Dec 01 '22 03:12 NonzeroExitCode

I opened the registration and in 2 days I had dozens of fake accounts, can you add a captcha system or others, it's essential these days! thanks !

hregis avatar Mar 15 '24 01:03 hregis

the first request is in 2018 ! today... 2024 !

hregis avatar Mar 15 '24 01:03 hregis

working on features is good, but security is just as important! I'm also a developer, on the Dolibarr project and if we don't look at security it's hell! And another note, please add a mass deletion of users, because deleting fake accounts means opening each account to delete them, and it takes a long time! ;-) I thank you for your work! good job and have a good day...

hregis avatar Mar 15 '24 01:03 hregis