Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various captcha changes #1144

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Various captcha changes #1144

wants to merge 2 commits into from

Conversation

discomrade
Copy link
Contributor

  • Adds captcha to the image upload form (either disabled, enabled for anon uploads only, or enabled for everyone)
  • generalises captcha code instead of hardcoding the options for captcha on anonymous comments
  • make the captcha for the signup page an option
  • enable signup and anon comment captchas by default

@shish
Copy link
Owner

shish commented May 4, 2024

Longer term I'd love to use User Classes for everything and get rid of the special cases for is_anonymous and is_logged_in - this PR is definitely a step forwards compared to where we are today, but I wonder if it is adding more dependencies on the older system that will need to be undone later 🤔

(though without a GUI editor, the user class system currently isn't very user friendly, so I can't confidently say "definitely use that system and avoid putting user-behaviour settings on the board config screen" ^^)

Specifically I'm imagining having something like $user->can(Permissions::SKIP_UPLOAD_CAPTCHA)... I'mma think for a bit and see if I can come up with a way to make it user-friendly and future-proof; if nothing comes to mind soon I'll merge this user-friendly approach and worry about the future in the future :)

@discomrade
Copy link
Contributor Author

I think you're right about this needing to be reworked later. Bypassing each captcha is better done at the permissions level (some boorus might only want staff to bypass, while others may want only anonymous users to be challenged and only for certain actions like commenting).

I think a GUI permissions editor is a good priority which would allow a lot more flexibility and remove assumptions. I am fine delaying and polishing this pull request until the permissions editor is in progress.

@discomrade
Copy link
Contributor Author

discomrade commented May 8, 2024
edited
Loading

Will revise this pull code once #1149 is merged, because the new captcha bypass permissions will then involve a database upgrade.
Will also try adding an on-focus trigger for the comment captcha to avoid unnecessary loading on every post page. [edit: I have made a rudimentary click-to-load captcha]

@crazy4cars69
Copy link

Add captcha for login but make it optional

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@discomrade @shish @crazy4cars69