reCAPTCHA with Laravel

Sign in Get started

This episode is for members only

Sign up to access "reCAPTCHA with Laravel" right now.

Already a member? Sign in to continue

Playing

06. Throwing exceptions on reCAPTCHA failure

Episodes

0%

Your progress

Total: 49m
Played: 0m
Remaining: 49m

Join or sign in to track your progress

01. Introduction and demo

02. Alpine.js basics

03. Getting the reCAPTCHA token

04. Submitting the token to the server

05. Verifying the token with middleware

06. Throwing exceptions on reCAPTCHA failure

07. Refactoring to a Blade directive

08. Passing reCAPTCHA options

Transcript

00:00

OK, so let's work on these two failures, and really importantly, how we're going to handle them.

00:06

Now, the failure just here, whether this was successful or not, is not as important as the score, because this is more user facing. But if something does go wrong, we kind of

00:16

want to ask the user to try again. It could be that the Google API is having some sort of issue. So we want to handle both, really, and also show a message for both as well.

00:25

So what we're going to do inside of here is throw an exception, and then we're going to handle that in some way by redirecting the user back with a flash message to show over on the login form.

00:35

So let's go over here back to our login form, and let's figure this out. Now, luckily for us, over in the login form, we already have our session status just here.

00:47

Now, this will take anything that we flash to the session with the key of status, and it will put it into this component just here. This is just a blade component.

00:56

So if we open up that session status component, all this does is it checks if this exists, and it shows a message styled up with the status. Now, you might have something different in your own app,

01:07

so you might want to build your own. But if you are following along a simple if statement here to check this session value, we'll be good. So we're going to use this, and we're

01:16

going to use this status for the login page to handle this. So let's go ahead and throw an exception here. We can go ahead and make these on the command line. So let's go ahead and make an exception out.

01:27

And I already have this in here autocompleted, but we're going to create our request or recapture request failed. And let's put this in there properly,

01:38

and it's already there for me. So recapture request failed. This is the exception for if that request failed. And then we're going to have a recapture verification

01:48

failed for whether it doesn't meet the threshold. So let's start with the request failed, and we'll try and trigger this. So we're just going to throw a new recapture request failed,

02:01

and that's pretty much it. We're going to handle the redirection within the exception, or you can add this to your error handling.

02:08

But I'm going to show you a neat way that we can do this directly within our exception. OK, so let's go over and just try this out. But we need to kind of trigger this.

02:18

So what I'm going to do is just let's just comment this out and add in an incorrect key that should trigger that. So let's go and enter my details, and yeah, perfect. So we've got a recapture request failed exception being thrown.

02:36

Now we can choose what to do inside of there. So let's open this up, recapture request failed. Now inside of an exception within Laravel, what we can do is use a render method, which determines how

02:50

we render this exception out. And Laravel, as long as this method exists, we'll go ahead and do whatever you want inside of here. So if I die dump and say failed, and we try this again,

03:03

you can see it just die dumps failed. So the code inside of here is being run. So inside of here, what we can do is just about get away with redirecting the user directly

03:12

within here. I find this a bit neater because it means that we don't have to add this in our exception handler and write a bunch of additional code.

03:20

So in here, we're going to go ahead and redirect back to the last page. And with this, we can flash a message. So we can use the with method to flash the status.

03:29

And we'll just say, something went wrong. Please try again. And of course, come up with a better message if you want to. So when this exception gets thrown,

03:40

the render method will be called. We will be redirected back with that status, which we know gets picked up on the login page. Let's try it out.

03:49

So I'm going to go ahead and just refresh this, just so I don't have to put all those details in. And there we go. Something went wrong.

03:54

Please try again. So the user can try again. Or you can fix up the issue if it was your fault. OK, so let's go over to our middleware.

04:05

And let's get that secret back in there so we can deal with this one. It's pretty much going to be the same way that we've done this before.

04:13

So throw, new, recapture, verification failed. And if we head over to this, let's again go ahead and add in the render method, return, and redirect the user back

04:28

to where they just came from. Back is really important here, because of course, we don't want to redirect to a specific page because we can apply this middleware

04:35

functionality to any form. So we have to go back rather than to a specific route. And again, we're going to say with status. And let's just say recapture failed.

04:47

Try again, or something along those lines. Great. All right, so let's go over and try and fail this. We'll need to adjust the threshold for this.

04:57

So let's bump this up to 1. Of course, this will be configurable a little bit later. But let's see if this works.

05:04

And we're pretty much ready to go. Perfect. So the recapture failed. Try again.

05:08

The user knows this, because this is the more user-facing one. So at least they know why the login failed. OK, great.

05:14

I'm going to bump this threshold back down to 0.8. And of course, we'll just go ahead and try and log in one more time. And we are in.

05:23

So we've got a little bit further in the fact that we're actually showing the error message to the user now, rather than just dying and dumping, which is never a good idea in production.

05:32

And we can move on to look at creating that really nice snippet over in our login page. So we don't have to do this on every single form that we want this on.

Episode summary

In this episode, we focus on handling errors when reCAPTCHA fails in our login system. First up, we identify the two kinds of failures that can happen: either the request to the Google reCAPTCHA service itself fails (maybe due to connectivity issues or a bad secret key), or the verification doesn't pass the score threshold (meaning the system thinks you might be a bot).

To make things user-friendly, instead of letting errors just break the app or show a generic error page, we throw custom exceptions for each failure: RecaptchaRequestFailed and RecaptchaVerificationFailed. Laravel lets us define a render method right inside these exceptions—this is where we choose to redirect the user back to the login page and flash a helpful status message. The login form picks up this status and displays it nicely so the user knows what went wrong and can try again.

We walk through making these exceptions, triggering them (even faking a failure to see what happens), and customizing the error message. Finally, we make sure this works for both types of failures, so users always get a clear message—no more die dumps or unclear errors!

By the end of the episode, error reporting for failed reCAPTCHA checks is smooth, informative, and user-friendly, setting up a much better experience for anyone using your app.

Episode discussion

No comments, yet. Be the first!