Added RealDigits function to get the digits used to create a captcha.

dchest / captcha

Go package captcha implements generation and verification of image and audio CAPTCHAs.

godoc.org/github.com/dchest/captcha

MIT License

1.92k stars 293 forks source link

Added RealDigits function to get the digits used to create a captcha. #27

Closed KoryHunter37 closed 2 years ago

KoryHunter37 commented 4 years ago

This new function provides increased flexibility for the captcha system developer. They can see what the correct answer to a given captcha is supposed to be, exposing that information for use in other features, beyond just captcha.Verify(...)

dchest commented 4 years ago

Thanks for your PR! However, I don't understand what the use case for it? What's the use of the digits beyond Verify? Is this similar to https://github.com/dchest/captcha/pull/26 ?

KoryHunter37 commented 4 years ago

Thanks for your PR! However, I don't understand what the use case for it? What's the use of the digits beyond Verify? Is this similar to #26 ?

The catalyst for this PR:

Rather than typing what they see in the captcha image manually, I wanted users to select from a set of premade buttons, which display various number combinations. If they pick the correct button, they are verified. This is desirable because the captcha is not used in a system where I want to accept keyboard input.

However, I need to make sure one of those buttons actually displays the correct answer on it. So, I need to get the correct answer to solve the captcha from the id, and then display it on one of the buttons.

dchest commented 4 years ago

This looks reasonable to me. I'm still not sure if we should add this function, though, because I'm sure people will use it wrongly (as evidenced in #26) :-) What do you think about just using custom store like this for your project:

Some package-level variable for it:

var myStore = captcha.NewMemoryStore(captcha.CollectNum, captcha.Expiration)

Initialize:

captcha.SetCustomStore(myStore)

and then a function that you can use:

function NewCustomCaptcha() (id, solution string) {
   id = captcha.New()
   solution = string(myStore.Get(id, false))
   return
}

Then, instead of calling New and getting the id, you can this NewCustomCaptcha and get both id and the solution digits.

What do you think?

KoryHunter37 commented 4 years ago

Thanks for the detailed response, Dmitry.

I can certainly understand not wanting to directly expose the correct solution for that reason. Your proposed solution will work for the needs of my project. Infact, here is a picture of it working on my Telegram anti-bot manager. 😄

Thanks for making such a clear and functional package to solve my captcha needs.

Since the functionality is still there, just non-obvious, I don't think it would be too harmful to allow people easier access. We could probably document the change better in the readme.md, very clearly state the purpose, and call it something less ambiguous like CheckSolution. If you are open to it, I would be happy to try implementing that. If not, feel free to close the PR, no worries!

mh-cbon commented 4 years ago

i suggest to update the example at https://github.com/dchest/captcha/blob/master/capexample/main.go#L45

and add

// to use a custom store
// myStore := captcha.NewMemoryStore(captcha.CollectNum, captcha.Expiration)
// captcha.SetCustomStore(myStore)

best minimal change to get the relevant information to users in a hurry.