Forgot your password?
New user?
Document Actions
#222: Include Captcha Support
- Contents
- Proposed by
- Jon Stahl
- Seconded by
- Alexander Limi
- Proposal type
- Architecture
- State
- being-discussed
Definitions
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart. From Wikipedia:
A CAPTCHA (IPA: /ˈkæptʃə/) is a type of challenge-response test used in computing to determine whether the user is human. The process involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. A common type of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen.
Motivation
Plone sites that allow open registration are starting to occasionally see automated mass registration of users. While this doesn't seem to be readily abusable (if email-the-password is turned on), it's a disturbing annoyance, especially to new Plone site administrators.
Other common problems include comment spam (if anonymous commenting is enabled) and abuse of the "E-mail this page" and contact forms.
Fortunately, these problems can be easily addressed with a simple CAPTCHA.
Assumptions
Any captcha implementation must have strong accessibility for visually impaired users.
Captchas should be enabled by default, but there should be a control panel configlet with an option to disable the captchas. Captchas should be disabled by default on migrated sites, so as to avoid breaking validations of customized forms.
Captcha implementation should not depend on external webservices such as Captchas.net by default (though ideally a plugin system would make it possible to optionally switch to such services).
Proposal
We propose taking the following steps:
- Add captcha to the following forms:
- join_form
- contact-info
- comments
- sendto_form
- Standardize upon the interface of collective.captcha's @@captcha browser view as an interface which can be employed by other captcha products intending to replace collective.captcha. This browser view provides the following methods:
- image_tag - Returns the HTML img tag for the captcha.
- audio_url - Returns the URL for an audio version of the captcha.
- image - Renders the captcha image.
- audio - Renders the captcha audio.
- verify - Returns a boolean indicating whether user's input matched the captcha.
Implementation
Preferred implementation:
- Integrate Jarn's Collective.Captcha into the Plone core. It's a modern, Zope 3-style Product that provides:
A view to generate a captcha image and/or wav file, and to verify user input against it.
A cookie is used to transfer state from one request to the next. The state is used, together with a server-side secret, to create a random string of characters, which in turn is displayed as a captcha image, or transformed to an audio file. Verification happens case-insensitively.
Note that the captcha 'word' is only usable for 5-10 minutes, after which the view will not accept it any more. Moreover, a different word will be generated for a given session key every 5 minutes.
This makes these captchas replayable for up to 10 minutes if a determined user keeps sending the same session id. Because of the server-secret though, captchas are not transferrable between sites.
Pros:
- It exists, and it works.
- No dependency on an external service.
- Provides an audio version of the captcha.
Cons:
- SkimpyGimpy produces slightly ugly captcha images (but this can be somewhat mitigated by careful choice of font & configuration options).
Other possible implementations:
- We could use an alternative "mathemtical captcha" implementation, e.g. http://www.mysoftparade.com/blog/improved-mathematical-captcha/
- Pros: strong accessibility, lightweight (no images)
- Cons: ?
- We could write a PIL-powered image captcha. perhaps http://blog.objectgraph.com/2007/01/pil-on-captcha-transparency-and-masking.html would be a good example.
If we go with the preferred implementation, such alternative implementations could be swapped in by creating a product which overrides the @@captcha view in a browser layer.
Deliverables
- Move collective.captcha to the plone svn repository, rename it to plone.captcha.skimpygimpy, and ship it with Plone.
- Add a plone.captcha egg which has a view to generate the (i18nized) captcha field, and a captcha validator, both of which defer to the @@captcha view from plone.captcha.skimpygimpy for the actual logic.
- Modify the following forms in CMFPlone to use the field and validator from #2.
- join_form
- contact-info
- comments
- sendto_form
- Add an "Enable CAPTCHA for anonymous users" option to the Security configlet, which determines whether captcha is actually used on the forms in #3.
- Migration to ensure captcha is disabled by default for migrated sites.
- Unit and functional tests of all functionality.
- Documentation of how to swap in a different captcha service by overriding the @@captcha view.
Risks
- Captchas are inherently non-cachable, so we need to make sure that common Plone caching solutions don't try to cache any forms which include captcha.
- Collective.captcha does not currently generate captchas in non-Roman alphabets.
Progress log
Participants
David Glick (ONE/Northwest) [davisagli] -- I can do the implementation work if we have consensus on this.
I like recaptcha!
If Collective.Captcha truly is pluggable, then perhaps a couple of simple plugin options might be all we need.
captcha skimpyGimpy
So we are planning to use collective.captcha. I believe you can change the font in skimpyGimpy so it isn't quite so ugly, you can also tune the speckle. Additionally it does audio, which is huge for 508 compliance.
I packaged skimpyGimpy as an egg and sent the change to the email at sourceforge... nothing but crickets so far. I have been pulled onto another project and haven't tested if the egg works, but it should. I don't have anywhere to upload it as my personal server just died. I have a replacement, but not the time to set it up as of currently.
I left the original authors info in setup, and haven't looked at licensing...
in the cheeseshop
eggs =
...
skimpyGimpy
...
implementing captcha
Unfortunately the doco that comes with collective.captcha is very brief and we're struggling to work out how to implement it on the join_form. if any one has any more verbose instructions on their own form we'd be happy to see them !
-i
Shipping with critical systems
1) The Promotion of OpenID so there is less need to 'register' in the first place. I'd rather be using my OpenID to post this message in the first place, but alas I can not.
2) A suitable *INTERNAL* Captchas system for those who choose *NOT* to use OpenID, and have it on by default.
At the moment I'm having a hairy-scary fit trying to get 'some' variant of Captchas working among the half-dozen non-working options out there. I would suggest some form of Captchas is pretty basic to protecting new installers and promoting the long term growth of Plone.
Easy-to-install my patooie... you WROTE the thing, of COURSE it's easy for YOU to install! "Just add a collective.captcha.form.Captcha field to your scheme..." Eh... WHAT?
PFG, too
>> Documentation of how to swap in a different captcha service by overriding the @@captcha view.
I think this is critical. Different sites are going to have widely varying captcha requirements, and no scheme's accessibility and esthetics are going to satisfy everyone.
re: PFG, too
David
reCaptcha
As far as I know, collective.captcha is pluggable, so including this as an option that can be enabled would be great.
http://recaptcha.net/