Directories prod and preprod
contain a dotenv file that you need to fill up with the right configuration.
Objective: Goal is to secure all authentication-related form using a captcha after a certain amount of failures, to protect the website against bruteforce-aware attacks (credentials stuffing, dictionary attacks, user enumerations...).
-
You should go to: https://www.google.com/recaptcha/admin#list.
-
Click "+" button
-
You should create a "reCAPTCHA v2" of the kind "I am not a robot". You cannot set another type because current implementation won't support it. Then, fill up the form and click "Create".
-
That's the credentials rendered in the next page that will be used in the project configuration.
-
GOOGLE_RECAPTCHA_SITE_KEYshould contain your recaptcha key -
GOOGLE_RECAPTCHA_SECRETshould contain your recaptcha secret