Modify

Opened 9 years ago

Last modified 6 months ago

#2707 new enhancement

[patch] Add captcha (ReCaptcha) support for new user registration

Reported by: Gerhard Häring Owned by:
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: SPAM captcha prevention register
Cc: Mitar Trac Release: 0.11

Description

Despite having the AccountManager plugin installed, my Trac was getting spammed.

So I added support for requiring a captcha when registering a new account.

I'm attaching my current code. If you're interested, I can clean it up and add documentation for a better patch :-)

Attachments (3)

recaptcha_patch.dif (2.6 KB) - added by Gerhard Häring 9 years ago.
Patch for adding ReCaptcha support
recaptcha.diff (2.5 KB) - added by anonymous 8 years ago.
Fix the way the patch raises errors.
recaptcha-0.4.4.diff (2.7 KB) - added by ngpitt@… 2 years ago.
Updated patch for AccountManager 0.4.4.

Download all attachments as: .zip

Change History (15)

Changed 9 years ago by Gerhard Häring

Attachment: recaptcha_patch.dif added

Patch for adding ReCaptcha support

comment:1 Changed 9 years ago by league@…

Trac Release: 0.100.11

This appeared to work very well for me so far, with just some documentation caveats: (1) it's a patch against trunk/ (0.11), not 0.10. And (2), the python recaptcha interface I found (1.0.1) was broken and wouldn't import. To fix that, add "recaptcha" before "recaptcha.client" to the package list in its setup.py. I recommend merging this into trunk.

comment:2 Changed 9 years ago by Gunnar Thielebein

works for me too, all you need for this patch working in account-manager is

  1. apply the patch and install account-manager
  1. download code part
  1. extract somewhere and change the import rules like posted above
  1. install with python setup.py install; bdist_egg wont work ootb; reload apache2
  1. adapt the config in account-manager
[account-manager]
use_recaptcha = true
recaptcha_public_key = 
recaptcha_private_key = 

(you need to sign-on at http://recaptcha.net for getting the keys)

hope this helps someone

Changed 8 years ago by anonymous

Attachment: recaptcha.diff added

Fix the way the patch raises errors.

comment:3 in reply to:  description Changed 7 years ago by Steffen Hoffmann

Keywords: SPAM prevention register added; spam removed
Owner: changed from Matt Good to Steffen Hoffmann
Summary: Patch for adding ReCaptcha support[patch] Add captcha (ReCaptcha) support for new user registration

Replying to ghaering:

![...] I'm attaching my current code. If you're interested, I can clean it up and add documentation for a better patch :-)

Thanks for your contribution. Sadly, it turned out to be a victim of missing plugin maintenance here.

Now I've taken over maintainer role, but with the burden of nearly 100 open tickets. As this is improving slightly by constant work on all sort of things, I hope to do more than just saying sorry for previous lack of attention (still due to lack of time, certainly not interest as well).

I'm interested and will come back later and have a closer look in good time. As there is now #2897 as well, I'll aim at a concurrent implementation with that other captcha support.

comment:4 Changed 6 years ago by Mitar

Cc: Mitar added; anonymous removed

What is wrong with [RecaptchaRegisterPlugin]?

comment:5 in reply to:  4 ; Changed 6 years ago by Steffen Hoffmann

Replying to mitar:

What is wrong with [RecaptchaRegisterPlugin]?

Nothing, as long as there is a maintainer. OTOH, it might be advantageous to at least bundle useful plugins together. But there is still nothing decided here.

comment:6 Changed 6 years ago by Mitar

So we just need a maintainer? I have already started a fork of it some time ago. ;-)

comment:7 in reply to:  6 Changed 6 years ago by Ryan J Ollos

Replying to mitar:

So we just need a maintainer? I have already started a fork of it some time ago. ;-)

I would like to get that into the repos if possible, comment:1:ticket:5726.

comment:8 Changed 5 years ago by Steffen Hoffmann

(In [11917]) AccountManagerPlugin: Add interface for configurable user registration procedure, refs #874, #2707, #2897, #4651, #5295, #7577, #8076.

The current user registration process lacks flexibility, as can be witnessed by the history of one of the oldest still pending tickets for this plugin: #874.

comment:9 Changed 5 years ago by Steffen Hoffmann

(In [11923]) AccountManagerPlugin: Finish registration check rewrite, refs #874, #2707, #2897, #4651, #5295, #7577, #8076.

Now moving check execution into AccountManager, and _create_user() is gone, replaced by more clearly structured and modularized code.

Registration checking for requests from the admin panel is re-activated and minor improvements related to RegistrationError processing done too.

Note: The test, that detected admin requests to skip additional checking of existing permissions for each new username, has been done differently. In the future each check has to decide on its own, like this is done in the UsernamePermCheck now.

comment:10 in reply to:  5 Changed 5 years ago by Steffen Hoffmann

Replying to hasienda:

Replying to mitar:

What is wrong with [RecaptchaRegisterPlugin]?

Nothing, as long as there is a maintainer. OTOH, it might be advantageous to at least bundle useful plugins together. But there is still nothing decided here.

I have to correct my earlier statement: The current license, GPL prevents RecaptchaRegisterPlugin code from ever joining the more liberal (libre, not free) AcctMgr code base. Better stay with it's state, even more as the new registration contributor interface actively encourages such modular extensions. Note, that the plugin is useless these days without #7298 being fixed.

So the patches still form a valid approach to provide a build-in captcha solution. And it might even provide the most appropriate one, if other alternatives fail to adapt to the current registration code over the coming months.

Changed 2 years ago by ngpitt@…

Attachment: recaptcha-0.4.4.diff added

Updated patch for AccountManager 0.4.4.

comment:11 Changed 2 years ago by Dirk Stöcker

I'd say close this ticket and suggest installing spamfilter instead. As we see here a t.h.o. (and my other Trac instances) a simple captcha checks is not enough for spam prevention. Captchas are solved automatically already.

comment:12 Changed 6 months ago by Ryan J Ollos

Owner: Steffen Hoffmann deleted

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.