Dnn.Platform
Dnn.Platform copied to clipboard
dnnsoftware
Replace CAPTCHA w/ Provider Model
Description of problem
We currently have an easy-to-use feature that empowers administrators to turn on CAPTCHA very easily and it mostly just works. However, this feature is almost as old as DNN and hasn't been improved over the years to implement newer standards. It also is not accessible and visitors who know how can easily get around it.
This issue was once in DNN's other issues trackers in the past, but I'd like to bring it back up for potentially being implemented in the future.
Description of solution
Replace the current CAPTCHA feature with a provider model. The providers available out-of-the-box should be this one (default) since it's super-simple to turn on and use, with ReCAPTCHA available as an alternative (requires sign-up and copying/pasting unique keys from another website).
This probably would be best implemented as a connector at this point.
Description of alternatives considered
We could just replace the current CAPTCHA with ReCAPTCHA, but with our ecosystem, people would be much happier if they had a choice on which provider to use, and having a provider model allows for new commercial and open-source extensions to be created for the ecosystem.
Additional context
This has been spoken about off and on for more than ten years now (since I worked at DNN Corp, for sure...). Here's the most recent forum post about this feature:
https://dnncommunity.org/forums/aft/1990
Past Issues:
https://dnntracker.atlassian.net/browse/DNN-6288
https://dnntracker.atlassian.net/browse/DNN-6385
https://dnntracker.atlassian.net/browse/DNN-6384
https://dnntracker.atlassian.net/browse/DNN-10177
https://dnntracker.atlassian.net/browse/DNN-9693
Affected browser(s)
- [x] Chrome
- [x] Firefox
- [x] Safari
- [x] Internet Explorer
- [x] Edge
I think this is a good idea, however, I'm not sure of the best model to make this a provider without limiting implementation options for the particular providers due to additional setup needed. Has anyone researched the effort to try and do this, while supporting ReCaptcha as an option?
We could use Connectors for the config of individual providers, and add a dropdown to the membership options to choose the active providers.
Has anyone tested it yet, I also want this feature in Core, now I have to use Recaptcha (not supported if serving the Chinese market), hCaptcha, and modifed dnn captcha In that ReCaptcha and hCaptcha have very similar APIs, so I think we should be the standard Provider Model hCaptcha / Recaptcha, and DnnCaptcha will be rewritten based on that model. How do you feel?
We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
We have detected this issue has not had any activity during the last 90 days. That could mean this issue is no longer relevant and/or nobody has found the necessary time to address the issue. We are trying to keep the list of open issues limited to those issues that are relevant to the majority and to close the ones that have become 'stale' (inactive). If no further activity is detected within the next 14 days, the issue will be closed automatically. If new comments are are posted and/or a solution (pull request) is submitted for review that references this issue, the issue will not be closed. Closed issues can be reopened at any time in the future. Please remember those participating in this open source project are volunteers trying to help others and creating a better DNN Platform for all. Thank you for your continued involvement and contributions!
Since this is an open-source project, it is maintained for free by developers that invest their free time generously.
We implemented stalebot to help us keep our backlog current, for bugs a simple mention that it is still reproducible on the latest version or ensuring there are very clear steps to reproduce is key to keeping the issue rolling.
For features and improvements, they will only happen if a developer decides to contribute the code change. For non-developers, one way to push such issues forward could be to sponsor a developer.
With this in mind, does anyone have the intention to work on this item in the next months?
I think this is getting more relevant as the current Captcha is broken.
If you activate it, there is nu captcha (cleared cache, restarted the app)
The work around is on https://dnncommunity.org/forums/Getting-Started/new-to-dnn/add-captcha-to-login-page/ but this is all SSMS and not the DNN UI
