[Merge] lp:~dsieborger/mailman/recaptcha into lp:mailman/2.1

[David Siebörger]

David Siebörger has proposed merging lp:~dsieborger/mailman/recaptcha into lp:mailman/2.1.

Requested reviews:
  Mailman Coders (mailman-coders)

For more details, see:
https://code.launchpad.net/~dsieborger/mailman/recaptcha/+merge/336782

This adds support for using the Google reCAPTCHA service to protect the list subscription form from spam bots.  Our Mailman installation has been targeted by spam bots which are able to defeat the protection offered by SUBSCRIBE_FORM_SECRET and SUBSCRIBE_FORM_MIN_TIME, and they were sending invitations at a rate of ~10 per minute.

To enable this, sign up for the service at https://www.google.com/recaptcha to create a pair of keys for your site.  Once those keys are set as the configuration variables RECAPTCHA_SECRET_KEY and RECAPTCHA_SITE_KEY, Mailman/Cgi/listinfo.py will show the reCAPTCHA interface on the list subscription form, and Mailman/Cgi/subscribe.py will verify that the captcha was correctly completed via a Google API.  I've avoided adding any text to the listinfo.html template as I wouldn't be able to translate it, but reCAPTCHA's UI does show the "I'm not a robot" prompt according to the browser's language preferences.

This was inspired by an existing patch[1] by Andrea Veri, but uses reCAPTCHA v2 as the reCAPTCHA v1 API is about to be discontinued.

[1] https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/

-- 
Your team Mailman Coders is requested to review the proposed merge of lp:~dsieborger/mailman/recaptcha into lp:mailman/2.1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 16412 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-coders/attachments/20180129/321241fb/attachment.diff>