How easy would it be to implement Cloudflare Turnstile free Captcha?

[ukclearance]

Cloudflare have released a free to implement Captcha alternative called Turnstile, which according to their blog can be implement in minutes with a just few changes of code can replace Google Captcha.

https://blog.cloudflare.com/turnstile-private-captcha-alternative/

I currently use the No Captcha reCAPTCHA Module to stop contact form spam but would much prefer a none Google alternative such as the Cloudflare one.

There is already a Prestashop module for Cloudflare Turnstile here https://github.com/Pixel-Open/prestashop-cloudflare-turnstile but it requires PS 1.7.6 or greater

If someone with more knowledge that I could look at what is involved to adapt that current module to use on 30bees or how much work would be involved to implement it with the current No captch recaptch module id be very grateful.

[wakabayashi]

Interesting! I will look into it, cause I also don't like google too much anymore. I will try to get rid off all their tools (which have direct access on my site)...

[wakabayashi]

I coded in the night and it looks promising. I believe, that I found a solution for contact form, that needs no override and no file changes at all. 

Is there any need for something else than contact form?

But I am little confused, how complex the ps-module and the nocaptcharecaptcha are working. @datakick My approach is like this:

1. Register hookActionFrontControllerSetMedia (Hint: I am missing a hook like actionFrontControllerInit)
2. Check if controller is instanceOf ContactController
3. If yes, check if Tools::isSubmit('submitMessage') is true
4. If yes, validate captcha
5. If NOT valide I just unset($_POST[$submitToCheck]);

Looks quite simple to me. Do you see any problem with it?

 

 

Edited January 14 by wakabayashi

[datakick]

That sounds like a good approach. Of course, it is tied very closely to contact controller, but that's probably ok.

I think that we could implement some new hook in core to hide this dependency a bit. Contact controller could call hook 'actionValidateContactMessage($message, $email, ...)'. Your module would only have to implement this hook, and return true on success, or array of error strings on validation error.

[wakabayashi]

On 1/15/2023 at 8:39 AM, datakick said:

That sounds like a good approach.

Great 😎

On 1/15/2023 at 8:39 AM, datakick said:

Of course, it is tied very closely to contact controller, but that's probably ok.

While it sounds like it, IMO that's not really true. I have added to the AuthController now, which took me 30 seconds and it seems to work: https://github.com/eschiendorfer/genzo_turnstile/blob/master/genzo_turnstile.php#L167-L173

In general this approach is so simple, that I am not sure, if we really need a new sepecific hook. Actually that hook would be tied very closely ☺️ 

If you have a few free minutes, maybe you can evaluate, if nocaptcharecaptcha module would work with my approach to. I personally will switch to cloudflare...

 

@ukclearance My module is open source: https://github.com/eschiendorfer/genzo_turnstile/. Only thing missing is actually the settings on which controller you want to use the captcha. The rest is working for me. Maybe you can check it out!?

 

 

[datakick]

3 hours ago, wakabayashi said:

Great 😎

While it sounds like it, IMO that's not really true. I have added to the AuthController now, which took me 30 seconds and it seems to work: https://github.com/eschiendorfer/genzo_turnstile/blob/master/genzo_turnstile.php#L167-L173

In general this approach is so simple, that I am not sure, if we really need a new sepecific hook. Actually that hook would be tied very closely ☺️ 

There is still explicit dependency. This captcha would not work unless your module knows about the front office page.

For example, imagine that somebody uses third party OPC module. This module calls all the hooks, so the captcha would be displayed correctly. However, your module will not be able to validate it, because the front controller is not the standard one. 

[wakabayashi]

Yeah, I know that. But that is with all current modules the same, isnt it?

I mean I could implement customController rules. Like https://github.com/Pixel-Open/prestashop-cloudflare-turnstile does.

I have thought now a bit about it. IMO a perfect solution would be like this:

1. We implement a new Subclass CaptchaModule (similar to PaymentModule or so).
2. The core and any third party module call a hookRegisterFormCaptcha($controllerName, $submitName). 
3. The merchants goes to AdminMetaController and selects all wished forms, that that have been registered in step 2.
4. All active forms (selected in step 3) are handled by the Captcha Module (like my module does it).

Do you like this idea? Or is it overcomplicate? IMO this would allow a merchant to install ONE captcha module and he can handle all his forms. If all captcha can work like mine, no override is involved. I see only advantages, but I might be wrong 😅

Edited January 16 by wakabayashi

[ukclearance]

On 1/16/2023 at 3:55 PM, wakabayashi said:

@ukclearance My module is open source: https://github.com/eschiendorfer/genzo_turnstile/. Only thing missing is actually the settings on which controller you want to use the captcha. The rest is working for me. Maybe you can check it out!?

Thanks for creating something so fast, I was not expecting something so quickly.
How do i install your module on my store to test it? I downloaded the files from Github and tried to upload it as a zip through the add new modules from the admin interface and also manually copied the folder to the modules directory of my 30bees install but it nothings show up in the modules list in the admin area either way. What am i doing wrong

[datakick]

7 hours ago, ukclearance said:

Thanks for creating something so fast, I was not expecting something so quickly.
How do i install your module on my store to test it? I downloaded the files from Github and tried to upload it as a zip through the add new modules from the admin interface and also manually copied the folder to the modules directory of my 30bees install but it nothings show up in the modules list in the admin area either way. What am i doing wrong

When you download 'code' from gihub as zip file, and then extract it, it creates directory named after branch. In this case, the directory is 'genzo_turnstile-master'. You need to rename this directory to 'genzo_turnstile'. Then you can either zip this directory and upload it via back office, or you can upload this directly into /modules/ using ftp.

[ukclearance]

I have installed the Turnstile module correctly now thanks to the advise of datakick , had to do a bit of troubleshooting as it was giving me a 500 error at first. But once i enabled debugging I could see i needed to install the php-curl module - which was missing from my server - after doing that i could send myself a test messages via the contact form with Turnstile enabled and the verification completed and it would refuse to send if Turnstile verification was not done.

For info I am running it on on TB 1.4.0, PHP 7.2 and Ubuntu 18.04 using the community theme.

The next step is to see how effective the Cloudflare Turnstile service is at keeping the spammers out. As at the moment after ive verified i am human even if i open my stores contact form in a incognito browser window, Turnstile doesn't challenge to prove i am human again so not sure how well it will work against keeping the spammers out compared to Googles Re-captcha  🤞

Thank you wakabayashi for your work in getting this module working so quickly 👍

[wakabayashi]

@ukclearance what is your expierence? I have now updated the module. I recommend you to use the new version. It allows a bit more settings:

Note: custom submits is a VERY basic implementation. If turnstile turns out to be effective. I can improve this module in the future.

From today I use it on my live shop too... I am bored of this shitty spam emails (even with google captcha) 🥵