带ColdFusion的reCaptcha v3 [英] reCaptcha v3 with ColdFusion

问题描述

我正在尝试将reCaptcha（v3）集成到ColdFusion网站。我对CF语法不太热，目前看来服务器端的验证请求没有任何帮助。

I'm trying to integrate reCaptcha (v3) to a ColdFusion site. I'm not too hot on the CF syntax and currently I'm seemingly getting nothing back from the verify request on the server side.

有人可以看到明显错误的东西和/或将我指向正确的方向吗？

Can anyone see anything obviously wrong and/or point me in the right direction please?

客户端：

<script src='https://www.google.com/recaptcha/api.js?render=6..."></script>
<script>
    grecaptcha.ready(function() {
        grecaptcha.execute('6...', {action: 'contact'})
        .then(function(token) {
            $("#recaptchaToken").val(token);
        });
    });
</script>

我有一个隐藏字段 recaptchaToken 在我的表单中，我可以看到令牌的值。

I've got a hidden field recaptchaToken in my form and I can see the token value going in to it.

服务器端：

<cfhttp
  url="https://www.google.com/recaptcha/api/siteverify"
  method="POST"
  result="captchaResponse">
  <cfhttpparam
    type="formfield"
    name="secret"
    value='6...'
  />
  <cfhttpparam
    type="formfield"
    name="response"
    value='#form.recaptchaToken#'
  />
</cfhttp>

<cfdump var=#captchaResponse.filecontent# />

我得到一个红色框输出，标题为java.io的 object。 ByteArrayOutputStream

I'm getting a red box output titled object of java.io.ByteArrayOutputStream

我尝试转储 captchaResponse 和 captchaResponse.filecontent 无济于事。

I've tried to dump both captchaResponse and captchaResponse.filecontent to no avail.

我期望数据的形式为：

{
  "success": true|false,      // whether this request was a valid reCAPTCHA token for your site
  "score": number             // the score for this request (0.0 - 1.0)
  "action": string            // the action name for this request (important to verify)
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
}

更新

解决方案似乎与Alex所建议的一样

Update

The solution seems to be as Alex suggested below:

<cfdump var=#toString(captchaResponse.filecontent)# />

这为我提供了预期格式的JSON字符串，因此我可以将其转换为对象并完成

This gives me a JSON string in the format expected so I can convert this to an object and complete the verification.

推荐答案

每当 cfhttp 不确定如何处理响应时，原始内容保持不变，并保留为Byte数组。通常，这表明响应服务器未指定Content-Type标头，或者仅部分检索了内容。

Whenever cfhttp is not sure how to treat a response, the raw content stays untouched and is kept as Byte array. This usually indicates that the Content-Type header is not specified by the responding server or the content was only partially retrieved.

要强制使用内容的字符串表示，您可以使用 toString（） 转换原始字节数组，例如 toString（captchaResponse.filecontent）。该函数非常健壮，还可以处理已转换的字符串，因此通常可以安全使用。

To force a string representation of the content, you can use toString() to convert the raw Byte array, e.g. toString(captchaResponse.filecontent). The function is quite robust and can also handle already converted strings, so it is usually safe to use.

但是，这里还有其他需要注意的地方。当使用 cfhttp 而不将 throwOnError 属性设置为 true （默认值为 false ），失败的HTTP请求仍将返回结果，即残缺的结果。该结构将不包含 fileContent 键，因此会在运行时导致异常。如果 https://www.google.com/recaptcha/api/siteverify 无法访问或不支持接受的TLS协议，则可能要在此处添加错误处理由您的JRE。我们在SNI和TLS 1.2的旧版本ColdFusion（即8）中遇到了这个问题。请注意。

However, there is something else to be aware of here. When using cfhttp without setting the throwOnError attribute to true (the default value is false), failed HTTP requests will still return a result, a crippled result. The struct will not contain the fileContent key and thus cause an exception at runtime. You might want to add error handling here, in case https://www.google.com/recaptcha/api/siteverify is not reachable or the accepted TLS protocol is not supported by your JRE. We had this issue with SNI and TLS 1.2 with a former version of ColdFusion, namely 8. Be warned.

这篇关于带ColdFusion的reCaptcha v3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！