Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement an optional captcha #1867

Merged
merged 1 commit into from
Dec 6, 2021
Merged

Implement an optional captcha #1867

merged 1 commit into from
Dec 6, 2021

Conversation

Martii
Copy link
Member

@Martii Martii commented Dec 6, 2021
edited
Loading

Post #944

NOTE(s):

  • Android Fx mobile doesn't appear to load but not clean profile... will reinstall without addons... reinstalled with default settings 👍
  • Android Chrome mobile... 👍
  • Linux Chromium 👍
  • Linux Basilisk/Palemoon 👍
  • Linux SeaMonkey 👍
  • Linux Fx 👍
  • Linux Brave 👍
  • macOS Safari ... (pending update... so hours ;) 👍
  • macOS Chrome 👍
  • macOS Fx 👍
  • Windows Edge 👍
  • Windows Fx 👍
  • Windows Chrome 👍
  • Windows IE 11 👍 (shocking I know)

e5ee238...7fe567b

@Martii
Implement an optional captcha
bad97d6 
* We'll try this.
* Will need further followup to split up auth routine for optimization. This was mentioned in private to/from the establishing owner.
* Fork of *hcaptcha* needs to be used for an implementation issue with *express*. See vastus/express-hcaptcha#7 (comment) and OpenUserJS/express-hcaptcha@93fb71d

Post OpenUserJS#944
@Martii Martii added enhancement Something we do have implemented already but needs improvement upon to the best of knowledge. UI Pertains inclusively to the User Interface. CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. needs mitigation Needs additional followup. labels Dec 6, 2021
@Martii Martii merged commit 9f5adb0 into OpenUserJS:master Dec 6, 2021
@Martii Martii deleted the Issue-944captcha branch December 6, 2021 22:19
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 7, 2021
@Martii
Inline scripts CSP for login
c92f016 
* Protect the login page a little bit more

Post OpenUserJS#944 OpenUserJS#1867
@Martii Martii mentioned this pull request Dec 7, 2021
Merged
Martii added a commit that referenced this pull request Dec 7, 2021
@Martii
Inline scripts CSP for login (#1871)
0ad21d8 
* Protect the login page a little bit more

Post #944 #1867

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 8, 2021
@Martii
Partial refactor of auth
e899c44 
* Fix attach strategy broken from OpenUserJS#1867
* Fix missing redirect QSP ... long time foo.
* Prep for request callback verify... split out what can be in auth. Indention is a placeholder for next phase of this and intentional.
* Remove and add some duplicate *(but needed duplicate for next phase)* code.
* More comments! :)

Post OpenUserJS#944

NOTE(s):
* This is one of the most complicated routines in the code and took quite a while to match logic *(with a few fixes)*. :P"
* Checked for accidental privilege escalation with alter "User" account... none detected on dev.
@Martii Martii mentioned this pull request Dec 8, 2021
Merged
Martii added a commit that referenced this pull request Dec 8, 2021
@Martii
Partial refactor of auth (#1872)
2352b94 
* Fix attach strategy broken from #1867
* Fix missing redirect QSP ... long time foo.
* Prep for request callback verify... split out what can be in auth. Indention is a placeholder for next phase of this and intentional.
* Remove and add some duplicate *(but needed duplicate for next phase)* code.
* More comments! :)

Post #944

NOTE(s):
* This is one of the most complicated routines in the code and took quite a while to match logic *(with a few fixes)*. :P"
* Checked for accidental privilege escalation with alter "User" account... none detected on dev.

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 8, 2021
@Martii
Modified our fork a bit
3f48b3f 
* Whoops... verify happens in parent dep of our fork... so no need to do this in our code. Ahh more time spent learning the hard way. LOL
* Modified fork to accept `SITEKEY` because we expect that to go that way.
* Consolidated the `sessionauth` since that's going to be a future thing with code migration.
* We have the ability to send the IP to them but need to query the establishing owner first.

Post OpenUserJS#944 OpenUserJS#1867
@Martii Martii mentioned this pull request Dec 8, 2021
Merged
Martii added a commit that referenced this pull request Dec 8, 2021
@Martii
Modified our fork a bit (#1873)
e04e822 
* Whoops... verify happens in parent dep of our fork... so no need to do this in our code. Ahh more time spent learning the hard way. LOL
* Modified fork to accept `SITEKEY` because we expect that to go that way.
* Consolidated the `sessionauth` since that's going to be a future thing with code migration.
* We have the ability to send the IP to them but need to query the establishing owner first.

Post #944 #1867

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 8, 2021
@Martii
Scoot some code around
99a4983 
Post OpenUserJS#944 OpenUserJS#1867 OpenUserJS#430
@Martii Martii mentioned this pull request Dec 8, 2021
Merged
Martii added a commit that referenced this pull request Dec 8, 2021
@Martii
Scoot some code around (#1875)
8c7fd98 
Post #944 #1867 #430

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 8, 2021
@Martii
Cleanup
2fba341 
* Move generated data from captcha to session if available.
* Completed a few WARNINGs ... tired of looking at those. ;) :)

Post OpenUserJS#944 OpenUserJS#1867 OpenUserJS#37
@Martii Martii mentioned this pull request Dec 8, 2021
Merged
Martii added a commit that referenced this pull request Dec 8, 2021
@Martii
Cleanup (#1876)
71fd157 
* Move generated data from captcha to session if available.
* Completed a few WARNINGs ... tired of looking at those. ;) :)

Post #944 #1867 #37

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 9, 2021
@Martii
Plug a hole
ba8f9dd 
* If not running captcha it's still there *(even prior to the refactor... saw it in a .user.js a while back)*
* Fix non-captcha'd site forks
* Refocus on SITEKEY instead of SECRET ... don't want accidental exposure from other devs.

Post OpenUserJS#944 OpenUserJS#1867

NOTE:
* Special thanks to datinginfos *(a spammer)* for confirming. ;) :)
@Martii Martii mentioned this pull request Dec 9, 2021
Merged
Martii added a commit that referenced this pull request Dec 9, 2021
@Martii
Plug a hole (#1881)
d5c8610 
* If not running captcha it's still there *(even prior to the refactor... saw it in a .user.js a while back)*
* Fix non-captcha'd site forks
* Refocus on SITEKEY instead of SECRET ... don't want accidental exposure from other devs.

Post #944 #1867

NOTE:
* Special thanks to datinginfos *(a spammer)* for confirming. ;) :)

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 9, 2021
@Martii
Typo and some cleanup
e8a9760 
Post OpenUserJS#944 OpenUserJS#1867 OpenUserJS#1881
@Martii Martii mentioned this pull request Dec 9, 2021
Merged
Martii added a commit that referenced this pull request Dec 9, 2021
@Martii
Typo and some cleanup (#1882)
589698f 
Post #944 #1867 #1881

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 9, 2021
@Martii
Catch a late binding forgery
eaa2513 
Post OpenUserJS#944 OpenUserJS#1867
@Martii Martii mentioned this pull request Dec 9, 2021
Merged
Martii added a commit that referenced this pull request Dec 9, 2021
@Martii
Catch a late binding forgery (#1883)
b4553ce 
Post #944 #1867

Auto-merge
@Martii Martii removed the needs mitigation Needs additional followup. label Dec 10, 2021
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 20, 2021
@Martii
Additional check
fd61b70 
Post OpenUserJS#1867 OpenUserJS#1883 and applies to OpenUserJS#944 OpenUserJS#609

NOTE:
* Tried new account on dev.
@Martii Martii mentioned this pull request Dec 20, 2021
Merged
Martii added a commit that referenced this pull request Dec 20, 2021
@Martii
Additional check (#1891)
cc50a76 
Post #1867 #1883 and applies to #944 #609

NOTE:
* Tried new account on dev.

Auto-merge
Martii added a commit to Martii/OpenUserJS.org that referenced this pull request Dec 21, 2021
@Martii
More twiddles
5cae42b 
* Make these sections a tougher meal.

Post OpenUserJS#944 OpenUserJS#1867 *(not optional atm)*
@Martii Martii mentioned this pull request Dec 21, 2021
Merged
Martii added a commit that referenced this pull request Dec 21, 2021
@Martii
More twiddles (#1892)
2ebbf90 
* Make these sections a tougher meal.

Post #944 #1867 *(not optional atm)*

Auto-merge
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
CODE Some other Code related issue and it should clearly describe what it is affecting in a comment. enhancement Something we do have implemented already but needs improvement upon to the best of knowledge. UI Pertains inclusively to the User Interface.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Martii