search

P4-Games / ChatterPay

Hackathon Ethereum 2024 - ChatterPay: A wallet for WhatsApp that integrates AI and Account Abstraction, enabling any user to easily and securely use blockchain without technical knowledge.
https://chatterpay.net
1 stars 0 forks source link

Add recaptcha in login #56

Closed dappsar closed 1 week ago

dappsar commented 4 weeks ago

Description:

Acceptance Criteria:

  1. The reCAPTCHA must appear after a configurable number of failed attempts to enter the phone number or verification code.
  2. The reCAPTCHA should not appear when the user enters the phone number correctly on the first attempt.
  3. If the reCAPTCHA is not completed correctly, the user should not be able to proceed with the WhatsApp code validation.
  4. The reCAPTCHA should integrate without affecting the user experience for those who complete the login process correctly.
  5. If the reCAPTCHA is solved correctly, the user should receive their verification code via WhatsApp to continue with the login.
  6. The system must log and limit the number of failed attempts to prevent abuse.

Test Cases:

  1. Show reCAPTCHA after several failed phone number attempts:

    • Scenario: The user enters an incorrect phone number multiple times.
    • Input Data: Incorrect number, +11234567890.
    • Expected Result: The reCAPTCHA is displayed after 3 failed attempts.

  2. Do not show reCAPTCHA on the first attempt with the correct number:

    • Scenario: The user enters their phone number correctly on the first attempt.
    • Input Data: +11234567890.
    • Expected Result: The reCAPTCHA is not shown and the code is sent via WhatsApp.

  3. Show reCAPTCHA after several failed verification code attempts:

    • Scenario: The user enters the correct phone number but fails multiple times to enter the verification code.
    • Input Data: +11234567890, Incorrect code.
    • Expected Result: The reCAPTCHA is displayed after 3 failed attempts with the verification code.

  4. Failure to resolve reCAPTCHA:

    • Scenario: The user fails to resolve the reCAPTCHA correctly after several failed attempts.
    • Input Data: Correct number, Incorrect code, incorrect reCAPTCHA.
    • Expected Result: The user cannot proceed and an error message is displayed.

  5. Successfully resolve reCAPTCHA and receive the WhatsApp code:

    • Scenario: The user completes the reCAPTCHA correctly after several failed verification code attempts.
    • Input Data: +11234567890, Correct code, correct reCAPTCHA.
    • Expected Result: The system validates the WhatsApp code and the user can log in.

Technical Validation Points:

  1. Verify that the reCAPTCHA is integrated correctly into the phone number and verification code authentication flow.
  2. Ensure that the reCAPTCHA validation is performed both on the frontend and backend.
  3. Configure the thresholds for failed attempts before showing the reCAPTCHA to be adjustable.
  4. Verify the security of reCAPTCHA keys and their storage.
  5. Ensure that the reCAPTCHA does not negatively impact performance or user experience for those entering valid credentials.

ToDo

dappsar commented 1 week ago

I+D: