A captcha implemention for flask using flask-session and captcha packages. Each captcha challenge answer is saved in the server side session of the challenged client. Support for different types of captchas such as numeric/letter/symbol captchas.
- Flask
- flask-session with packages depending on which SESSION_TYPE you use. E.g. sqlalchemy requires flask-sqlalchemy.
- captcha
- 1.5.0 - adds two new methods
revoke_answer
andset_answer
to pluginFlaskSessionCaptcha
class. Removesset_in_session
method. - 1.4.2 - Bump pillow from 10.2.0 to 10.3.0 by @dependabot in #49
- 1.4.1 - Fix error thrown when flask-session-captcha is init-ed without a Flask app object. Rename CAPTCHA_LOG environment variable to CAPTCHA_DEBUG_LOG.
- 1.4.0 - Migrated from
flask-sessionstore
toflask-session
. Added functionality for alphabetic and punctuation characters to be included in the captcha (thanks @alisharify7). Support moved to python 3.8, 3.9, 3.10, 3.11.
import uuid
import logging
from flask import Flask, request, render_template
from flask_session import Session
from flask_session_captcha import FlaskSessionCaptcha
app = Flask(__name__)
app.config["SECRET_KEY"] = uuid.uuid4().hex
# captcha configs:
app.config['CAPTCHA_ENABLE'] = True
app.config['CAPTCHA_LENGTH'] = 5
app.config['CAPTCHA_WIDTH'] = 200
app.config['CAPTCHA_HEIGHT'] = 160
# app.config['CAPTCHA_LOG'] = False # log information to terminal
# app.config['CAPTCHA_INCLUDE_ALPHABET'] = False
# app.config['CAPTCHA_INCLUDE_NUMERIC'] = True
# app.config['CAPTCHA_INCLUDE_PUNCTUATION'] = False
# app.config['CAPTCHA_SESSION_KEY'] = 'captcha_image' # In case you want to use another key in your session to store the captcha
# session config
app.config['SESSION_TYPE'] = 'redis' # or other type of drivers for session, see https://flask-session.readthedocs.io/en/latest/
Session(app)
captcha = FlaskSessionCaptcha(app)
@app.route('/', methods=['POST','GET'])
def some_route():
if request.method == "POST":
if captcha.validate():
return "captcha validated successfully"
else:
return "invalid captcha/answer"
return render_template("form.html")
if __name__ == "__main__":
app.run(debug=True)
Template can look as follows. captcha.validate()
will be default try to validate against a form input with name "captcha".
<form method="POST">
{{ captcha() }} <!-- This renders an <img> tag with the captcha img. -->
<input type="text" name="captcha">
<input type="submit">
</form>
It can also take a css_class
argument to add classes to the generated DOM:
<form method="POST">
{{ captcha(css_class="captcha") }}
<input type="text" name="captcha">
<input type="submit">
</form>
You can also override settings for the captcha contents itself, via include_alphabet
, include_numeric
and include_punctuation
.
Like so:
<form method="POST">
{{ captcha(include_alphabet=True) }}
<input type="text" name="captcha">
<input type="submit">
</form>