replace recaptcha with self-hosted captcha #281
Conversation
chappjc
force-pushed
the
captcha-self-hosted
branch
from
4c49f36 to
996f7bf
Compare
|
Force pushed 996f7bf. Tested and working. The pages don't look very pretty, but's that's about the best I can do. |
|
Currently it looks a bit like this (showing Password Reset page before solving captcha):
Sign up:
The idea is the forms protected by captcha don't show up until the captcha is solved. It's not just the forms are not there, of course, but that the POST handler that deals with the usual forms does not process the other non-captcha data. This is the purpose of the |
|
Setting the captcha length (now 6), characters (now just 10 numerals), captcha expiry (now 10 minutes), and other captcha parameters may be worth setting in the future. Although because of limitations in the captcha API, we may just want to fork the captcha repo. |
| session.Values["CaptchaDone"] = true | ||
| status = http.StatusFound | ||
| } else { | ||
| session.Values["CaptchaDone"] = false |
There was a problem hiding this comment.
Should probably do a session.AddFlash("Captcha verification failed. Try again.") here too
| "github.com/zenazn/goji/web" | ||
| ) | ||
|
|
||
| type CaptchaHandler struct { |
There was a problem hiding this comment.
I need to doc all these exported things. And copyright the file.
| @@ -5,6 +5,7 @@ import ( | |||
| "encoding/hex" | |||
| "errors" | |||
| "fmt" | |||
| "github.com/dchest/captcha" | |||
There was a problem hiding this comment.
This import should be with the other github imports, not with the std lib imports.
| @@ -145,6 +143,11 @@ func NewMainController(params *chaincfg.Params, adminIPs []string, | |||
| return nil, err | |||
| } | |||
|
|
|||
| ch := &CaptchaHandler{ | |||
| ImgHeight: 127, | |||
| ImgWidth: 257, | |||
There was a problem hiding this comment.
Pulled out of my ass and could be set in the config file, but that's not really needed now.
| if controller.smtpHost == "" { | ||
| c.Env["SMTPDisabled"] = true | ||
| } | ||
| c.Env["CaptchaID"] = captcha.New() |
There was a problem hiding this comment.
No reload button next to the captcha. To get a new one, all you have to do is reload the page with the protected forms.
| @@ -227,6 +227,10 @@ func runMain() int { | |||
| app.Get("/signup", application.Route(controller, "SignUp")) | |||
| app.Post("/signup", application.Route(controller, "SignUpPost")) | |||
|
|
|||
| // Captcha | |||
| app.Get("/captchas/*", controller.CaptchaServe) | |||
| app.Post("/verifyhuman", controller.CaptchaVerify) | |||
There was a problem hiding this comment.
The application.Route function is a shit show. Not using it.
| if err := saveSession(c, w, r); err != nil { | ||
| log.Errorf("Can't save session: %v", err) | ||
| } | ||
|
|
||
| if respHeader, exists := c.Env["ResponseHeaderMap"]; exists { |
There was a problem hiding this comment.
This was a relic from a much older feature that was partially ripped out.
chappjc
force-pushed
the
captcha-self-hosted
branch
from
05d7cb4 to
9f33e7f
Compare
|
Why to overcomplicate things? Recaptcha works great. |
|
@honeycrypto Please see #279 |
dajohi
changed the title
chappjc
changed the title
|
This branch works for me too. Under a local deployment I was able to sign up with the captcha image: I got the confirmation email and activated the account. Looking at the database I confirmed that the account got id no. 1 (configured as admin), and logging in I was indeed able to see the low-fee ticket page. (The local deployment consists of one dcrd instance, one dcrwallet for fees, two voting dcrwallet, two stakepoold, one dcrstakepool and one mysqld. To make all the daemons run in the same namespace without virtual machines nor containers, I changed the various listening ports in the daemons' configuration.) |
|
Thanks for the feedback @teknico. |
|
@chappjc please rebase on top of current master |
chappjc
force-pushed
the
captcha-self-hosted
branch
from
9f33e7f to
ed129c7
Compare
|
@dajohi rebased |
Create controllers/captcha.go, where the captcha GET and POST handlers are implemented for retrieving images and verifying responses. Create CaptchaHandler type with image size spec, and add it as a field of MainController. Create ApplyCaptcha captcha middleware. Add GET route for /captchas for serving the captcha images. Add POST route for /verifyhuman for verifying captcha responses and redirecting to the previous page with the session udpated. Modify http handlers to display new captcha: PasswordReset, SignIn, and Settings. Modify http handlers to check for captcha verification: PasswordResetPost, SignInPost, and SettingsPost. Unrelated: remove unused empty responseHeaderMap. Comment on how insane core/(*Application).Route is.
Remove the old config file stuff.
chappjc
force-pushed
the
captcha-self-hosted
branch
from
ed129c7 to
04cc822
Compare
|
@dajohi rebased again |
Add a flash message in the CaptchaVerify middleware.
* commit '9ec3776b1d9ed8f2a06d196ab072b8474e9bb6a9': replace recaptcha with self-hosted captcha (decred#281) # Conflicts: # controllers/main.go # views/settings.html
This replaces Google's reCAPTCHA with a self hosted captcha.
NOTE: This is needs review and testing. It works for me though.
Create controllers/captcha.go, where the captcha GET and POST handlers
are implemented for retrieving images and verifying responses.
Create
CaptchaHandlertype with image size spec, and add it as a fieldof
MainController.Create
ApplyCaptchacaptcha middleware.Add GET route for
/captchasfor serving the captcha images.Add POST route for
/verifyhumanfor verifying captcha responses andredirecting to the previous page with the session updated.
Modify http handlers to display new captcha:
PasswordReset,SignUp, andSettings.Modify http handlers to check for captcha verification:
PasswordResetPost,SignUpPost, andSettingsPost.Unrelated: remove unused empty
responseHeaderMap.Comment on how insane
core/(*Application).Routeis.