Opened 11 years ago

Closed 11 years ago

#7158 closed enhancement (fixed)

SageNB -- Set up challenge-response, such as a CAPTCHA, for account registration

Reported by: mpatel Owned by: boothby
Priority: minor Milestone: sage-4.2
Component: notebook Keywords: sagenb captcha
Cc: timdumol, was Merged in:
Authors: Mitesh Patel Reviewers: wstein
Report Upstream: Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

See

for descriptions and examples.

Attachments (3)

trac_7158-captcha.patch (39.5 KB) - added by mpatel 11 years ago.
Add challenge-response to notebook registration page. Depends on #7110.
trac_7158-captcha_v2.patch (39.3 KB) - added by mpatel 11 years ago.
Rebased for #7196. Added regexp test for simple challenge. Apply only this patch.
trac_7158-captcha_v2-REFEREE.patch (7.2 KB) - added by was 11 years ago.
apply this *after* applying trac_7158-captcha_v2.patch; it just makes a few minor changes I made during refereeing

Download all attachments as: .zip

Change History (9)

Changed 11 years ago by mpatel

Add challenge-response to notebook registration page. Depends on #7110.

comment:1 Changed 11 years ago by mpatel

  • Status changed from new to needs_review

The attached patch, which depends "somewhat" (twist.py) on #7110, adds two challenge-response methods for new user registration:

  • Simple question and answer, e.g., "How many bits are in one byte?"
  • reCAPTCHA.

The code for both is in the new file sagenb.notebook.challenge.py. I've also

  • Rewritten twist.RegistrationPage for linearity.
  • Modified registration.html and added the template recaptcha.html.
  • Added several options to sagenb.notebook.server_conf.defaults:
    defaults = {
                 [...]
                 'email': True,
                 'challenge': True,
                 'challenge_type': 'simple',
    #             'challenge_type': 'recaptcha',
                 'recaptcha_public_key': '',
                 'recaptcha_private_key': '',
                }
    

One way to test the "simple" challenge, after applying the patch:

  • Backup ~/.sage
  • Delete ~/.sage
  • sage
  • sage: import sagenb.notebook.notebook_object as n; n.notebook(accounts=True)
  • Enter admin's password twice.
  • Browse to http://localhost:8000
  • Log out, if necessary, and click on "Sign up for a new Sage Notebook account".
  • Try to sign up for new accounts.

To test the "recaptcha" challenge, sign up for a reCAPTCHA key, update server_conf.py, and follow the steps above.

comment:2 Changed 11 years ago by mpatel

To do

  • Add the new challenge module to the reference manual.

comment:3 Changed 11 years ago by mpatel

Reminder: Rebase against the outcome of #7196.

Changed 11 years ago by mpatel

Rebased for #7196. Added regexp test for simple challenge. Apply only this patch.

comment:4 Changed 11 years ago by mpatel

Patch v2:

  • Uses regular expressions to verify "simple" challenge responses.
  • Rebased against #7196.

As before, please edit sagenb.notebook.server_conf.py to set up and enable the new feature.

comment:5 Changed 11 years ago by mpatel

Reminder: Fix doctests, e.g.,

sage: tmp = tmp_dir() 
sage: import sagenb.notebook.notebook as n 
sage: nb = n.Notebook(tmp) 

broken by the new .sagenb directory name requirement(?).

Changed 11 years ago by was

apply this *after* applying trac_7158-captcha_v2.patch; it just makes a few minor changes I made during refereeing

comment:6 Changed 11 years ago by was

  • Resolution set to fixed
  • Reviewers set to wstein
  • Status changed from needs_review to closed

I refereed this. All of it completely works precisely as advertised. I fixed all the doctests as mentioned above in the "broken by the new .sagenb directory name" remark. I also made the default dumb questions dumber, so as not to discourage new users by default. In my experience any measure at all is enough to prevent spammers, but one will definitely use real reCaptcha (which is easy to setup and works well) in any serious setting. Very nice! I love how this patch really provides a solid mature feature to the notebook.

It's critically important that usage of this is documented and that we make a notebook server settings page that can configure all this stuff. I had no clue how to configure these things, except for the very helpful directions on this trac ticket (which were excellent).

This is merged into sagenb-0.3.2 as part of sage-4.2

Note: See TracTickets for help on using tickets.