Introduction

Invisible reCAPTCHA Form Element Plugin is used to protect forms developed in Joget DX from spams or abuse from malicious automated bots that are programmed to enter false or irrelevant information into a form, while being as transparent as possible to legitimate users of the platform.

About reCAPTCHA

  • reCAPTCHA is a free Google service with the acronym of "Completely Automated Public Turing test to tell Computers and Humans Apart".
  • It can identify whether a form is submitted by a real human or a bot.
  • For more information about reCAPTCHA, see: https://www.google.com/recaptcha/about/.

Installing the plugin in Joget DX

You can follow the steps below, or refer to Manage Plugins to read more about managing plugins:

  1. Download plugin's jar file from https://github.com/jogetoss/invisible-recaptcha-field/releases into your computer
  2. In the Joget DX platform, go to System Settings > Manage Plugins > Upload Plugin
  3. Click on Choose File, select the .jar file you just downloaded, and click Upload

Using the plugin in a Form

In the Form Builder, open up any Form that you wish to implement this feature for.

Search the Form Element Palette for the Invisible reCAPTCHA element under the Marketplace section.

Drag and drop this element into your Form.

Click on the element in your Form and the Edit Invisible reCAPTCHA panel appears (on the right hand side).

In the Edit Invisible reCAPTCHA configuration, you are required to insert the information for the following fields:

  • ID
  • reCAPTCHA site key
  • reCAPTCHA secret key

Your ID can be any meaningful name you want (e.g. invisible_recaptcha).

Generating important keys for the plugin will explain how to generate the required reCAPTCHA site key and reCAPTCHA secret key for this plugin.

Generating important keys for the plugin

You can follow the steps below, or refer to this related guide online:

  1. Go to https://www.google.com/recaptcha/about/
  2. Click on v3 Admin Console at the navigation bar

  3. Give your Label a meaningful name (e.g. recaptcha_test)

  4. For the reCAPTCHA Type, select reCAPTCHA v2 > Invisible reCAPTCHA badge

  5. Under Domains, put the domain name that your Joget DX instance is hosted on.

    Setting a domain name

    If you are using Joget DX on a local computer for development purposes, you can put "localhost" as your domain name.

  6. Tick Accept the reCAPTCHA Terms of Service
  7. Click Submit

Copy the generated reCAPTCHA site keys and reCAPTCHA secret keys, and paste them into their respective fields in the Edit Invisible reCAPTCHA configuration.

Remember to click Apply Change and save the form.

Important reCAPTCHA keys

  • Site keys can actually be shown publicly, but it is censored in this example.
  • Secret keys must never be shown or shared with anyone, because the server uses it to verify reCAPTCHA responses upon form submission.

Testing out the plugin

Try submitting the form where you added the Invisible reCAPTCHA plugin.

If the bottom right corner of your form shows the protected by reCAPTCHA, it means that the Invisible reCAPTCHA plugin is working as intended.

You can seek help from Plugin Error Troubleshooting if the Invisible reCAPTCHA plugin is not working as intended.

Plugin Error Troubleshooting

There are two types of error that may occur when using the Invisible reCAPTCHA plugin:

  • reCAPTCHA widget error
  • Plugin validation error

What is a reCAPTCHA widget error?

reCAPTCHA widget error occurs when the widget on the frontend is unable to function properly.

For example, you may have chosen the v2 tickbox option instead of the v2 invisible option.

Remember to choose the v2 invisible option, so that the reCAPTCHA site key is enabled for the Invisible reCAPTCHA.

This is how a reCAPTCHA widget error looks like.

Because of this error, the form will not be submitted.

What is a Plugin validation error?

This error occurs when the reCAPTCHA plugin is unable to perform backend validation to verify the user that has submitted the form.

For example, to simply replicate a Plugin validation error, you only have to provide an invalid reCAPTCHA secret key.

You can change a letter to a different letter or simply make up a reCAPTCHA secret key that does not exist.

For now, let's see what will happen if we do not add a Custom error text and we disable the Debug mode.

Following the configurations demonstrated, the Plugin validation error has been replicated:

  • "Validation Error" is printed out to show app designers that the validation has failed
  • "reCAPTCHA error" is a default error text printed out if no Custom error text is added
  • protected by reCAPTCHA widget does not show an red error message like what happened in What is a reCAPTCHA widget error?

In this case, Debug mode is disabled, so you will see the default error text.

But note that if Debug mode is enabled, you will see neither default error text or Custom error text (even if you have added it).

Read more on Custom error text and Debug mode in Custom error text & Debug mode.

Custom error text & Debug mode

  • Custom error text is printed out to app designers only when there is a Plugin validation error
  • Debug mode helps app designers indicate the error text or message

What is Custom error text for?

To demonstrate what the Custom error text and Debug mode are used for, once again the reCAPTCHA secret key is made invalid to replicate the Plugin validation error.

In this example, the Custom error text is set as "Invalid reCAPTCHA secret key: Please ensure you secret key is valid!".

The Debug mode needs to be disabled for now in order to show the Custom error text on the top left corner of the Form.

Remember to click Apply Change and save the form.

Now you are able to see how Custom error text works.

Instead of printing out the default error text, the Custom error text is printed out.

You see "Invalid reCAPTCHA secret key: Please ensure you secret key is valid!" instead of "reCAPTCHA error".

Now that we have seen how Custom error text works, the next section explains Debug mode.

About custom and default error text

Some app designers may want to come out with their own error text instead of using the default error text "reCAPTCHA error".

Feel free to provide a meaningful error text message.

With Custom error text, app designers can decide what message they want to display to end users.

What is Debug mode for?

With the same invalid reCAPTCHA secret key and Custom error text, but this time Debug mode is enabled.

Remember to click Apply Change and save the form.

Notice that enabling Debug mode results in the Custom error text not being printed out, even though the Custom error text is being added.

Instead, the top left corner of the Form shows two error messages:

  • "[reCAPTCHA DEBUG MODE ENABLED!]" states that Debug mode is enabled, to warn app designers that additional error info are available in the server log
  • "reCAPTCHA error: invalid-input-secret" states that the reCAPTCHA secret key is invalid

Availability of the plugin

The Invisible reCAPTCHA plugin will only work in some situations.
See table below:

Normal Form

Only a single plugin can exist and work as intended.

Multiple plugins can be loaded into a single Normal Form, but only the first plugin will be functioning.

Sub-Form

A plugin cannot work as intended in a Sub-Form, but it can work in the Base Form.

CRUD Datalist "New"

Has identical performance and outcomes with the Normal Form and Sub-Form:

  • The Normal Form that CRUD Datalist represents only allows a single plugin to work in it, even though multiple plugins can still be loaded into it
  • The Sub-Form that CRUD Datalist represents only allows the plugin to work in its Base Form

CRUD Datalist "Edit"




  • No labels