dudel icon indicating copy to clipboard operation
dudel copied to clipboard

Published 20 hours ago verified publisher icon opatut

Provide an option to disable ReCaptcha

Open RalfJung opened this issue 9 years ago • 6 comments

Please provide an option to disable ReCaptcha (or switch to other CAPTCHAs). Not every site admin is happy to support this data collection of Google.

RalfJung avatar Mar 21 '15 17:03 RalfJung

Thanks for your suggestion.

This requires a plugin system so we can have different captcha modules to handle the logic. A plugin system will be built shortly.

opatut avatar Mar 21 '15 17:03 opatut

I found some code that tests for "RECAPTCHA_PUBLIC_KEY" in app.config. However, despite me removing (or rather, commenting out) all RECAPTCHA-related options, I still get an error displayed in the form for comments saying "Error: Invalid Key".

RalfJung avatar Mar 21 '15 17:03 RalfJung

It's not enough to comment out those options. The forms will still try to display the captcha, and fail at doing so. See forms.py. As I said, we need some kind of architecture to switch between captchas, and I guess it'll be best to use the already-planned plugin system for this.

However, if you want to get going in the meantime without a captcha, try commenting out the corresponding lines in forms.py, as well as in the templates that render those captchas.

opatut avatar Mar 21 '15 17:03 opatut

I would suggest getting rid of recaptcha alltogether. The only reason I introduced it in 3d6049fae1bd1800985acb24f93f761578235aad was that I wanted to stop an ongoing spam wave immediately and using the built-in WTForms recaptcha support seemed like the quickest way. I think that (at least until dudel becomes a lot more popular than it is now) a simple math captcha or something similar would suffice. Or maybe we could have a look at https://github.com/agoravoting/flask-captcha.

femtobit avatar Mar 21 '15 17:03 femtobit

I'd be fine with quickly changing it to something easy and later adding options. I have to admit, I like the "I'm no robot" captchas ;) (because of the magic behind it, you know)

opatut avatar Mar 21 '15 17:03 opatut

However, if you want to get going in the meantime without a captcha, try commenting out the corresponding lines in forms.py, as well as in the templates that render those captchas.

That worked for now, thanks.

I agree that a locally-admin-configurable question would probably provide a pretty strong (sufficiently strong, for most small installations) protection already.

RalfJung avatar Mar 21 '15 17:03 RalfJung