# Ticket #2707 (new enhancement)

Opened 5 years ago

Reported by: Assigned to: ghaering hasienda normal AccountManagerPlugin normal SPAM captcha prevention register mmitar@gmail.com 0.11

### Description

Despite having the AccountManager plugin installed, my Trac was getting spammed.

So I added support for requiring a captcha when registering a new account.

I'm attaching my current code. If you're interested, I can clean it up and add documentation for a better patch :-)

## Change History

### 04/07/08 05:07:03 changed by league@contrapunctus.net

• release changed from 0.10 to 0.11.

This appeared to work very well for me so far, with just some documentation caveats: (1) it's a patch against trunk/ (0.11), not 0.10. And (2), the python recaptcha interface I found (1.0.1) was broken and wouldn't import. To fix that, add "recaptcha" before "recaptcha.client" to the package list in its setup.py. I recommend merging this into trunk.

### 06/17/08 11:44:10 changed by tekknokrat

works for me too, all you need for this patch working in account-manager is

1. apply the patch and install account-manager

3. extract somewhere and change the import rules like posted above

4. install with python setup.py install; bdist_egg wont work ootb; reload apache2

5. adapt the config in account-manager

[account-manager]


(you need to sign-on at http://recaptcha.net for getting the keys)

hope this helps someone

### 08/05/09 22:04:52 changed by anonymous

Fix the way the patch raises errors.

### (in reply to: ↑ description ) 10/04/10 20:37:58 changed by hasienda

• owner changed from mgood to hasienda.

[...] I'm attaching my current code. If you're interested, I can clean it up and add documentation for a better patch :-)

Thanks for your contribution. Sadly, it turned out to be a victim of missing plugin maintenance here.

Now I've taken over maintainer role, but with the burden of nearly 100 open tickets. As this is improving slightly by constant work on all sort of things, I hope to do more than just saying sorry for previous lack of attention (still due to lack of time, certainly not interest as well).

I'm interested and will come back later and have a closer look in good time. As there is now #2897 as well, I'll aim at a concurrent implementation with that other captcha support.

### (follow-up: ↓ 5 ) 02/10/11 15:10:08 changed by mitar

• cc set to mmitar@gmail.com.

### (in reply to: ↑ 4 ; follow-up: ↓ 10 ) 02/12/11 00:16:19 changed by hasienda

Nothing, as long as there is a maintainer. OTOH, it might be advantageous to at least bundle useful plugins together. But there is still nothing decided here.

### (follow-up: ↓ 7 ) 02/12/11 00:47:52 changed by mitar

So we just need a maintainer? I have already started a fork of it some time ago. ;-)

### (in reply to: ↑ 6 ) 02/12/11 01:15:26 changed by rjollos

So we just need a maintainer? I have already started a fork of it some time ago. ;-)

I would like to get that into the repos if possible, comment:1:ticket:5726.

### 08/10/12 00:06:25 changed by hasienda

(In [11917]) AccountManagerPlugin: Add interface for configurable user registration procedure, refs #874, #2707, #2897, #4651, #5295, #7577, #8076.

The current user registration process lacks flexibility, as can be witnessed by the history of one of the oldest still pending tickets for this plugin: #874.

### 08/11/12 00:34:20 changed by hasienda

(In [11923]) AccountManagerPlugin: Finish registration check rewrite, refs #874, #2707, #2897, #4651, #5295, #7577, #8076.

Now moving check execution into AccountManager, and _create_user() is gone, replaced by more clearly structured and modularized code.

Registration checking for requests from the admin panel is re-activated and minor improvements related to RegistrationError? processing done too.

Note: The test, that detected admin requests to skip additional checking of existing permissions for each new username, has been done differently. In the future each check has to decide on its own, like this is done in the UsernamePermCheck now.

### (in reply to: ↑ 5 ) 09/15/12 15:33:06 changed by hasienda

Nothing, as long as there is a maintainer. OTOH, it might be advantageous to at least bundle useful plugins together. But there is still nothing decided here.

I have to correct my earlier statement: The current license, GPL prevents RecaptchaRegisterPlugin code from ever joining the more liberal (libre, not free) AcctMgr code base. Better stay with it's state, even more as the new registration contributor interface actively encourages such modular extensions. Note, that the plugin is useless these days without #7298 being fixed.

So the patches still form a valid approach to provide a build-in captcha solution. And it might even provide the most appropriate one, if other alternatives fail to adapt to the current registration code over the coming months.