[Bug 1774826] [NEW] Feature request: simple captcha
Public bug reported: Suggest to include a simple captcha that (unlike reCAPTCHA) does not involve feeding data to the internet advertising and surveillance industry. This could be a simple arithmetic captcha entirely implemented in python without any contact to 3rd party servers. Such a mechanism should be sufficient to keep out ordinary spambots. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
** Changed in: mailman Importance: Undecided => Wishlist ** Changed in: mailman Status: New => Triaged -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
I have implemented such a simple CAPTCHA for Mailman 2 and described the patch at <https://www.ralfj.de/blog/2018/06/10/mailman-subscription- spam-continued.html>. If there is interest from the maintainers, I'd be happy to prepare a merge request for this. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
I have looked at your blog post describing the patch. It is interesting and to me it is quite reminiscent of the MoinMoin TextCHA feature. See https://moinmo.in/HelpOnSpam for a bit on that. I'd be interested in a merge request against the current HEAD, but it would need work. I think the display and verify functions should be in Mailman/Utils.py rather than a separate module. Also, I would like to see support for multiple languages as in the MoinMoin implementation, and I would like to see it done in such a way that one could set neither, one or both of CAPTCHAS and RECAPTCHA_SITE_KEY/RECAPTCHA_SECRET_KEY in mm_cfg.py and the right thing would be done in each case. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
I think the display and verify functions should be in Mailman/Utils.py rather than a separate module.
Absolutely, I just did that to keep the diff small and reduce the chance of conflicts.
I would like to see support for multiple languages as in the MoinMoin implementation
So, having an additional outer-level dictionary mapping languages to something like what I am using currently? Yes, I can do that. Technical question: Can I rely on the language being the same on the listinfo and the subscribe page, or do I have to put the language into the FORM_SECRET to be able to know which language was used?
and I would like to see it done in such a way that one could set neither, one or both of CAPTCHAS and RECAPTCHA_SITE_KEY/RECAPTCHA_SECRET_KEY in mm_cfg.py and the right thing would be done in each case
I definitely planned to implement it that way. Do you have any suggestions for the best way to test such a patch locally before submission? Is there a good way to run mailman from source? I guess I could copy-paste the changed files to one of my servers but that seems suboptimal. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
On 06/14/2018 12:27 AM, Ralf Jung wrote:
So, having an additional outer-level dictionary mapping languages to something like what I am using currently? Yes, I can do that.
My thought on languages is that the definition of CAPTCHAS to enable the feature would be something like: CAPTCHAS = {'en': [('english question one', 'regexp matching answers'), ('english question two', 'regexp matching answers'), ... ] 'l2': [('language2 question one', 'regexp matching answers'), ('language2 question two', 'regexp matching answers'), ... ] ... } Then the trigger would be something like: if isinstance(CAPTCHAS, dict) and 'en' in CAPTCHAS: And the idea being to look up the questions and answer regexps for the language in question and if not found, use the 'en' questions and answer regexps.
Technical question: Can I rely on the language being the same on the listinfo and the subscribe page, or do I have to put the language into the FORM_SECRET to be able to know which language was used?
No. you can't. The language that you will see when generating the question is the language selected with the "View this page in" button at the upper right of the listinfo page. The language passed to the subscribe CGI as the value of 'language' is the language selected at "Which language do you prefer to display your messages?" These are not necessarily the same as each other or as the list's or sites preferred language. So, yes, you have to pass bothe the language and the question index in the token.
Do you have any suggestions for the best way to test such a patch locally before submission? Is there a good way to run mailman from source? I guess I could copy-paste the changed files to one of my servers but that seems suboptimal.
It's easy enough. I actually have development environments on my local work stations, so I don't think much about how to set it up, but you basically need to have a development box that has a web server. For this, you don't need an MTA and you don't need to run Mailman as you're only testing CGIs and you can see from Mailman's logs and qfiles what happened beyond the web responses. You need to start with the source plus your changes, run configure with some local directory as --prefix. I use:
#! /bin/sh ./configure --prefix=/var/MM/21 --with-username=mark --with-groupname=mark --with-cgi-gid=www-data --with-mail-gid=mark --with-mailhost=msapiro.net --with-urlhost=msapiro.net
and then 'make install'. In my apache config I have
ScriptAlias /mailman/ /var/MM/21/cgi-bin/ Alias /pipermail/ /var/MM/21/archives/public/
AllowOverride None Options ExecCGI Require all granted </Directory>
Options +FollowSymLinks Require all granted </Directory>
You also have to create a list, and I think that's about it.
--
Mark Sapiro
All right, I finally got around to implement this. I submitted a merge request at https://code.launchpad.net/~ralfjung-e/mailman/2.1/+merge/368614. It took quite a while to figure out how to do that on Launchpad so I hope that's the right thing to do. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1774826 Title: Feature request: simple captcha To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1774826/+subscriptions
participants (4)
-
Launchpad Bug Tracker -
Mark Sapiro -
Oscar Racle
-
Ralf Jung