Topics

Anahita Project

Anahita Project's Topics

Rastin Mehr

Rastin Mehr

2 weeks ago

Developing a Google reCaptcha Plugin

I was thinking it would be useful to have google reCaptcha implemented as a package for Anahita in the next maintenance release. The invisible reCaptcha is particularly useful and minimal. Anyone interested to lend a hand?  

#reCaptcha

How would the captcha be added to the registration/login form? Through a template override? Or would it be a core plugin that just adds the fields when enabled?
template overwrite and a system plugin to capture the the token and make an API call to reCaptcha for verification. I am going to implement it for the next release. We can also add it to the add group form.
I can knock it out if you like.
Rastin Mehr liked this
This is a green light🚦
Do a proof of concept first. It's ok if you hardcode the needed js code in the layouts for now. The system plugin can catch the post value and check with recaptcha api. If it isn't successful, just throw an unauthorized 403 error. That way even if they disable the javascript, they won't be able to login.
Came across a bug while testing account creation. https://github.com/anahitasocial/anahita/pull/448
Rastin Mehr liked this
Merged, thank you Nick!
Got it, thank you again 🙂
Are you using a system plugin or user plugin? I think a system plugin would be more appropriate.
A user plugin. How would a system plugin respond to user events like onBeforeUserSave and onLoginPerson?
2 people liked this
You are right, ignore what I said
Here's the recaptcha plugin. https://github.com/anahitasocial/anahita/pull/450

I left out the onLoginPerson check because after looking, the event supplied doesn't include the request so there's no access to the recaptcha response. Plus, I think preventing bots from registering is really most the battle.

Would you wanna leave it like this or would you want me to get the response with something like KRequest for the login event? Let me know what you think.
2 people liked this
Excellent job Nick. Please allow me sometime to review and test the code before merging it. I'll make sure to do it this long weekend.
Nick, the basic idea works. I created a system plugin and want to see if I can make the code more abstract and more DRY. Please give me some time to improve this. I'm working on this branch: https://github.com/anahitasocial/anahita/tree/feature/451-recaptcha
What's the benefit of using system plugin over a user plugin for this?
We can capture all the post requests and then stop the login, registration, and add group cases before even dispatching any of the components.
I know. I want to see if I can create a behaviour and js code that does that. The idea is to make the plugin as generic as possible. The native form validation should still work also.
Here is the system plugin https://github.com/anahitasocial/anahita/blob/feature/451-recaptcha/packages/reCaptcha/src/plugins/system/recaptcha.php

Next we need a behaviour to add reCaptcha to the forms (login, registration, and add group)
I also fixed a bug which was preventing all system plugins to load properly.

Powered by Anahita