Topics

Anahita Project

Anahita Project's Topics

Rastin Mehr

Rastin Mehr

October 03 2017

Developing a Google reCaptcha Plugin

I was thinking it would be useful to have google reCaptcha implemented as a package for Anahita in the next maintenance release. The invisible reCaptcha is particularly useful and minimal. Anyone interested to lend a hand?  

#reCaptcha

Nick Swinford
Nick Swinford
October 04 2017 Permalink
How would the captcha be added to the registration/login form? Through a template override? Or would it be a core plugin that just adds the fields when enabled?
Rastin Mehr
Rastin Mehr
October 05 2017 Permalink
template overwrite and a system plugin to capture the the token and make an API call to reCaptcha for verification. I am going to implement it for the next release. We can also add it to the add group form.
Nick Swinford
Nick Swinford
October 05 2017 Permalink
I can knock it out if you like.
Rastin Mehr liked this
Rastin Mehr
Rastin Mehr
October 05 2017 Permalink
This is a green light🚦
Do a proof of concept first. It's ok if you hardcode the needed js code in the layouts for now. The system plugin can catch the post value and check with recaptcha api. If it isn't successful, just throw an unauthorized 403 error. That way even if they disable the javascript, they won't be able to login.
Nick Swinford
Nick Swinford
October 06 2017 Permalink
Came across a bug while testing account creation. https://github.com/anahitasocial/anahita/pull/448
Rastin Mehr liked this
Rastin Mehr
Rastin Mehr
October 06 2017 Permalink
Merged, thank you Nick!
Nick Swinford
Nick Swinford
October 06 2017 Permalink
Rastin Mehr liked this
Rastin Mehr
Rastin Mehr
October 06 2017 Permalink
Got it, thank you again 🙂
Rastin Mehr
Rastin Mehr
October 06 2017 Permalink
Are you using a system plugin or user plugin? I think a system plugin would be more appropriate.
Nick Swinford
Nick Swinford
October 06 2017 Permalink
A user plugin. How would a system plugin respond to user events like onBeforeUserSave and onLoginPerson?
2 people liked this
Rastin Mehr
Rastin Mehr
October 06 2017 Permalink
You are right, ignore what I said
Nick Swinford
Nick Swinford
October 07 2017 Permalink
Here's the recaptcha plugin. https://github.com/anahitasocial/anahita/pull/450

I left out the onLoginPerson check because after looking, the event supplied doesn't include the request so there's no access to the recaptcha response. Plus, I think preventing bots from registering is really most the battle.

Would you wanna leave it like this or would you want me to get the response with something like KRequest for the login event? Let me know what you think.
2 people liked this
Rastin Mehr
Rastin Mehr
October 07 2017 Permalink
Excellent job Nick. Please allow me sometime to review and test the code before merging it. I'll make sure to do it this long weekend.
Rastin Mehr
Rastin Mehr
October 10 2017 Permalink
Nick, the basic idea works. I created a system plugin and want to see if I can make the code more abstract and more DRY. Please give me some time to improve this. I'm working on this branch: https://github.com/anahitasocial/anahita/tree/feature/451-recaptcha
Nick Swinford
Nick Swinford
October 10 2017 Permalink
What's the benefit of using system plugin over a user plugin for this?
Rastin Mehr
Rastin Mehr
October 10 2017 Permalink
We can capture all the post requests and then stop the login, registration, and add group cases before even dispatching any of the components.
Nick Swinford
Nick Swinford
October 10 2017 Permalink
We'd have to inject the div.g-recaptcha (https://github.com/anahitasocial/anahita/blob/feature/451-recaptcha/src/components/com_people/views/person/html/signup.php#L47) into each of those views for that to work.
Rastin Mehr
Rastin Mehr
October 11 2017 Permalink
I know. I want to see if I can create a behaviour and js code that does that. The idea is to make the plugin as generic as possible. The native form validation should still work also.
Rastin Mehr
Rastin Mehr
October 11 2017 Permalink
Here is the system plugin https://github.com/anahitasocial/anahita/blob/feature/451-recaptcha/packages/reCaptcha/src/plugins/system/recaptcha.php

Next we need a behaviour to add reCaptcha to the forms (login, registration, and add group)
Rastin Mehr
Rastin Mehr
October 11 2017 Permalink
I also fixed a bug which was preventing all system plugins to load properly.

Powered by Anahita