Added self-hosted GDPR compliant captcha module #109
Conversation
| } | ||
|
|
||
| $request = Mage::app()->getRequest(); | ||
| if ($request->getActionName() == 'prelogin' || !$request->isPost()) { |
There was a problem hiding this comment.
I don't like this line...
|
Converted to draft because of altcha-org/altcha#92 |
|
I found a way to work around the limitation of a single captcha per page so I think this PR is testable |
|
As per https://altcha.org/docs/server-integration/
we have to create a database table to store solved challanges and a cleanup routing after a few days (I'd use 7) |
|
I'd added the challenge-log in the captcha_challenge table, with a cron based cleanup routine |
One thing I don't get is that the challenge expires in |
|
The thing that is worrying me is that the expire parameter doesn't seem to be baked into the challenge, i'm not sure about that |
It seems like it was, I watched the recaptcha widget re-spin on the frontend after around 30 seconds. It just seems to auto update if it knows it's expired. Also, this commit seems to break the admin login for me. I haven't investigated why yet. |
|
auch, i'll check out backend ASAP, thanks! |
This PR adds a new Maho_Captcha module, which implements self-hosted GDPR compliant captcha based on https://altcha.org. Research was done but Altcha seems to be the most active other open source PoW based captcha project.
At the moment the implementation is almost the same as my Turnstile module: https://github.com/fballiano/openmage-cloudflare-turnstile with a lot of observers and a "css selectors" settings that (IMHO) allows for maximum flexibility.
I called it Maho_Captcha cause I think Maho should provide a basic captcha module and, since this one doesn't rely on 3rd party services (like cloudflare/recaptcha) it seems the perfect candidate.
Questions:
maho_captcha.(xml|csv)naming instead of justcaptcha.(xml|csv)because I didn't want it to collide with the old Mage_Captcha. Is this a good choice?maho/captcha/footer.htmlas folder structure for templates. I don't like that it differs from maho_captcha but at the same time made more sense to have all modules under themaho/folder. Is this a good choice?Since the module positions the captcha widget "just before the ending" of theactivating the "floating" catpcha if works perfectlyform, this position may not be perfectly aligned, is this a dealbreaker? ideas on how to make it better?