1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00
phorge-phorge/externals
Austin Seipp ab923e0a75 Implement new reCAPTCHA interface
Summary:
Fixes T12195. For the past few years, Recaptcha (now part of Google) has supported
a new, "no captcha" one-click user interface. This new UI is stable, doesn't
require any typing or reading words, and can even work without JavaScript (if
the administrator enables it on the Recaptcha side).

Furthermore, the new Recaptcha has a completely trivial API that can be dealt
with in a few lines of code. Thus, the external `recaptcha` php library is now
gone.

This API is a complete replacement for the old one, and does not require any
upgrade path for users or Phabricator administrators - public and secret keys
for the "new" Recaptcha UI are the exact same as the "classic" Recaptcha. Any
old Recaptcha keys for a domain will continue to work.

Note that Google is currently testing Yet Another new Captcha API, called
"Invisible reCAPTCHA", that will not require user interaction at all. In fact,
the user will not even be aware there //is even a captcha form//, as far as I
understand. However, this new API is 1) in beta, 2) requires new Recaptcha keys
(so it cannot be a drop-in replacement), and 3) requires more drastic API
changes, as form submission buttons must instead invoke JavaScript code, rather
than a token being passed along with the form submission. This would require far
more extensive changes to the controllers. Maybe when it's several years old, it
can be considered.

Signed-off-by: Austin Seipp <aseipp@pobox.com>

Test Plan:
Created a brand-new Phabricator installation, saw the new Captcha UI
on administrator sign up. Logged out, made 5 invalid login attempts, and saw the
new Captcha UI. Reworked the conditional to invert the condition, etc to test
and make sure the API responded properly.

Reviewers: epriestley, #blessed_reviewers, chad

Reviewed By: epriestley, #blessed_reviewers

Subscribers: avivey, Korvin

Maniphest Tasks: T12195

Differential Revision: https://secure.phabricator.com/D17304
2017-02-03 20:06:29 +00:00
..
amazon-ses Improve Amazon SES code error handling behavior 2016-04-05 17:28:45 -07:00
cowsay Use PHP implementation of Cowsay for cowsay rule 2015-09-13 12:27:30 -07:00
diff_match_patch Phragment v0 2013-12-07 12:43:49 +11:00
figlet Include "Figlet" and PEAR "Text_Figlet" in externals 2015-09-13 12:30:48 -07:00
httpful Add Balanced Payments API 2013-04-25 09:47:30 -07:00
JsShrink Update JsShrink external library. 2014-06-07 11:26:20 -07:00
mimemailparser Backport fix from php-mime-mail-parser to fix attachment parsing 2016-09-21 15:04:20 -07:00
pear-figlet Use PEAR Text_Figlet to render figlet fonts 2015-09-13 12:31:07 -07:00
phpmailer Changed default timeout of smtp from 10s to 60s. 2014-04-24 04:59:22 -07:00
phpqrcode Quickly fix phpqrcode syntax 2015-08-31 14:05:51 -07:00
restful Add Balanced Payments API 2013-04-25 09:47:30 -07:00
stripe-php Update Stripe PHP API 2014-07-13 09:19:07 -07:00
twilio-php Remove some needless +x flags. 2014-05-17 15:41:12 -07:00
wepay Strip +x from some WePay files 2013-11-12 17:48:47 -08:00
wordlist Add a common password blacklist 2014-01-23 14:01:18 -08:00
xhprof Fix some issues caught by HipHop, and work around some issues 2011-02-26 21:01:42 -08:00