Recaptcha experiment #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Integrate Google's reCAPTCHA v3 into the OPAC user registration process for enhanced security. This implementation verifies user input through a new OpenSRF service and updates related configuration files. - Introduced `OpenILS::Application::Recaptcha` module for reCAPTCHA verification - Updated `opensrf.xml.example` and `opensrf_core.xml.example` to include `biblio.recaptcha` service - Added new script `recaptcha.tt2` and placeholder `recaptcha-placeholder.tt2` for reCAPTCHA integration in the frontend - Modified `register.tt2` to include the reCAPTCHA scripts and placeholders Release-Note: Add reCAPTCHA v3 to user registration for security enhancement Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Add functions to retrieve reCAPTCHA secret and site keys from library settings, ensuring the correct keys are used for verification and rendering on the client side. Enhance error logging for missing secret keys. Update HTML templates to dynamically use the configured site key. - Introduced `get_secret_key` function in `Recaptcha.pm` to fetch secret key. - Modified `send_recaptcha_request` to use the retrieved secret key, with error handling. - Updated `recaptcha.tt2` to obtain and utilize the site key setting. - Enhanced form handling to ensure dynamic key usage in `register.tt2`. Release-Note: Dynamic retrieval of reCAPTCHA keys from settings for improved security and configurability. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
- Deleted 'recaptcha-placeholder.tt2' as it's no longer needed - Updated 'recaptcha.tt2' to dynamically insert the reCAPTCHA container - Introduced defaults: action_name, submit_action, and target_element_id for flexibility - Enhanced form validation by attaching event listeners dynamically Release-Note: Remove obsolete reCAPTCHA placeholder and improve dynamic integration. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Included a header comment in the recaptcha.tt2 template to provide metadata about the module, author, and its purpose. This enhancement improves code readability and maintainability by documenting key information directly within the file. No functional changes were made to the existing template logic or layout. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Clean up unnecessary comments in the Recaptcha.pm file by removing redundant and superfluous lines. This enhances code readability by eliminating comments that do not provide additional value. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Improves the logic to initialize default values in the organization selector on the OPAC registration page. This update ensures the org selector uses `value` if available, or falls back to `ctx_org`. Release-Note: Improves organization selector initialization on registration. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
This commit updates the recaptcha_verify method to accept a hash argument containing a token and org_unit, instead of just the token. The OpenILS::Utils::CStoreEditor is initialized for better access to server-side utilities, and logging has been added throughout for improved diagnostics. - Adjusted get_secret_key to log retrieval operations. - Updated send_recaptcha_request to handle org_unit and log errors. - Enhanced process_recaptcha_response with error and success logs. - Updated OPAC templates to pass org_unit and improved console logging. Release-Note: Enhance reCAPTCHA verification with organization unit (org_unit) support and improved logging. Signed-off-by: IanSkelskey <ianskelskey@gmail.com>
- Integrated reCAPTCHA into the OPAC login form and modal. - Added conditional logic to check if reCAPTCHA is enabled for the organization unit. - Updated script dependencies and JS handling to inject reCAPTCHA dynamically. - Implemented reCAPTCHA validation and form submission handling. - Enhanced security through bot detection on login attempts. Release-Note: Add reCAPTCHA to OPAC login for enhanced security. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
This commit removes unnecessary console.log statements from the reCAPTCHA implementation in the OPAC templates, enhancing performance and user privacy. - Deleted debug logs for org_unit, site_key, action_name, submit_action, target_element_id, form, reCAPTCHA token, and verification requests - Retained essential logic for reCAPTCHA validation and form handling Release-Note: Remove debug logging from OPAC reCAPTCHA script to improve performance and security. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Implemented reCAPTCHA v3 verification in the Evergreen OPAC. This includes updates to the `OpenILS::Application::Recaptcha` module for streamlined token processing and enhanced logging. Adjusted templates to dynamically include reCAPTCHA scripts and handle token validation on form submission. - Simplified reCAPTCHA container creation and event handling in `recaptcha.tt2`. - Integrated reCAPTCHA into the search bar form via `searchbar.tt2`. - Improved user feedback by handling JSON parsing errors robustly. Release-Note: Integrate reCAPTCHA v3 for spam protection in OPAC Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
- Implement Google reCAPTCHA v3 within Evergreen ILS to enhance security by verifying user interactions. - Update configuration files (`opensrf.xml`, `opensrf_core.xml`) to include reCAPTCHA services. - Create a new Template Toolkit file (`recaptcha.tt2`) for reCAPTCHA form validation. - Modify existing templates to integrate reCAPTCHA. - Introduce a `gulpfile.js` for building and serving Antora documentation with live reload capabilities. - Add documentation navigation and `site-working.yml` required for Antora site generation. Release-Note: reCAPTCHA v3 integration and Antora doc build support added. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Added \"gulp\" and \"gulp-connect\" dependencies to the package.json file to support automated documentation tasks and live-reload functionality. Release-Note: Add gulp and gulp-connect to support automated tasks Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
- Centralized reCAPTCHA v3 logic into a new `recaptcha.js` module for streamlined verification across forms. - Corrected setting name for enabling reCAPTCHA: `recaptcha.enable` to `recaptcha.enabled`. - Refactored OPAC searchbar template to improve form submission handling and removed inline scripts. - Enhanced `recaptcha.js` with detailed logging for better debugging. - Updated documentation with comprehensive setup SQL and placeholder reCAPTCHA keys for security. Release-Note: Centralize reCAPTCHA v3 handling, improve form scripts, and update documentation. Testing Plan: - Verify reCAPTCHA appears on registration and search forms when enabled. - Confirm form submission is blocked on failed reCAPTCHA. - Check correct reCAPTCHA response logging in the console. Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
IanSkelskey
force-pushed
the
recaptcha-experiment
branch
from
8a4e8dd to
b059c7e
Compare
Corrected typo in the INSERT statement for the reCAPTCHA site key example within the documentation. - Original version had a misplaced quote character causing syntax errors. Release-Note: fix syntax error in reCAPTCHA configuration example Signed-off-by: Ian Skelskey <ianskelskey@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.