Captcha before “Submit Vote” to avoid bot spam

[ggordn3r]

...pretty much as it sounds.

[proggeramlug]

This can be tested now!

[ggordn3r]

Unable to test--I don't see a captcha anywhere when I vote:

[proggeramlug]

Sorry, I had put it on the wrong page, corrected now (can test when I send the email in a minute)

[ggordn3r]

Update on this: I see the following error in the Captcha box. I'm assuming this is basically the same issue as OAuth--the domain we registered with is rankit.vote, not the staging URL.

"ERROR for site owner: Invalid domain for site key"

Can we avoid issues like this by changing our DNS settings to include rankit.skelpo.com as a new subdomain, e.g. "staging.rankit.vote"? Also notice "false" in the "Submit My Vote" button--not sure if that issue is dependent or independent of this one.

[proggeramlug]

Reload, this should work now.

We can, of course, change the staging URL, I just need to know how to change the DNS settings of the domain (not sure if it is included in firebase)

[ggordn3r]

I'm not sure either--probably a question for Stephen. Will test again after this call.

Trey Gordner Founder, Koios (803) 570-2144 Website https://www.koios.co | Twitter https://twitter.com/koioslib | Join our Newsletter https://www.koios.co/join-koios-newsletter/ Helping libraries show up online

On Thu, Apr 23, 2020 at 2:59 PM Ralph Küpper notifications@github.com wrote:

Reload, this should work now.

We can, of course, change the staging URL, I just need to know how to change the DNS settings of the domain (not sure if it is included in firebase)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/iambateman/RankIt/issues/109#issuecomment-618594440, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACNMYBAVWO7VSNN4ZTLK553ROCF2NANCNFSM4LDFO4YQ .

[proggeramlug]

Should work as expected now :)

[ggordn3r]

Hmm... still not seeing the captcha on a published poll and I can't vote either.

[proggeramlug]

Checking!

On Apr 24, 2020 at 5:15 PM, <Trey Gordner (mailto:notifications@github.com)> wrote:

Hmm... still not seeing the captcha on a published poll and I can't vote either.

(https://user-images.githubusercontent.com/10144772/80257548-28025000-864f-11ea-942d-e6d796e4edf8.png)

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub (https://github.com/iambateman/RankIt/issues/109#issuecomment-619241777), or unsubscribe (https://github.com/notifications/unsubscribe-auth/ACDURMCUKHIWXOE6MS4AQFLROH6PDANCNFSM4LDFO4YQ).

-- Skelpo - hot software.

www.reviewsender.com http://www.reviewsender.com

• Get new Amazon Review-Notifications!

  https://www.skelpo.com

www.skelpo.com https://www.skelpo.com info@skelpo.com mailto:info@skelpo.com

Skelpo Inc. 600 Third Ave 2nd Floor New York, NY 10016 USA Phone: + 1 213 233 9447

Skelpo UG (haftungsbeschränkt)

Bergstraße 5 D-58339 Breckerfeld Germany Phone: +49 2338 6171890

[proggeramlug]

Can you scroll down? The captcha is there for me ...

[ggordn3r]

Aha, I did see this once I scrolled down. Seems to work now. A couple of questions:

1) I think that (like me) some users could miss the captcha and be confused about why they can't vote. Is it possible to put the captcha on the fixed bottom section with the "submit my vote" button, as in my mockup below?

2) I'm seeing a purple hover state on the button even when it's disabled. Please turn that off so it stays grey when not clickable.

3) After the captcha showed a checkmark, it still took another 4-5 seconds before I could vote. Is there any way to speed that up?

[ggordn3r]

@proggeramlug update on the above--I still don't see the captcha appear when I attempt to vote a few seconds after publishing the poll. Notice the scroll bar--I'm definitely all the way to the bottom of the page in this one.

Update 2: 14 hours later (4/27 9:51am), the captcha is there--I'm not sure how long the lag is, but there is definitely a lag of at least a few minutes between creating the poll and the captcha appearing. Is there any way to speed it up?

https://rankit.skelpo.com/polls/ljiXWAJzyVmZAaBGPmYS

[proggeramlug]

Alright, this should work a whole lot better now - The captcha should be in the footer now and respond much better.

[ggordn3r]

Captcha looks great in the footer! It's still taking about 4-5 seconds after I see the green checkmark before the button is enabled, though. If there's no way to improve that, I'm wondering if we should also have a more explicit message on the disabled button like "Waiting for Captcha". @iambateman, thoughts?

Trey Gordner Founder, Koios (803) 570-2144 Website https://www.koios.co | Twitter https://twitter.com/koioslib | Join our Newsletter https://www.koios.co/join-koios-newsletter/ Helping libraries show up online

On Mon, Apr 27, 2020 at 1:21 PM Ralph Küpper notifications@github.com wrote:

Alright, this should work a whole lot better now - The captcha should be in the footer now and respond much better.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/iambateman/RankIt/issues/109#issuecomment-620121777, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACNMYBDWU42MBIVV4SHT5IDROW5LBANCNFSM4LDFO4YQ .

[ggordn3r]

@proggeramlug 2 improvements needed before I can close this issue:

1) The current lag between seeing the checkmark and being able to vote is still 4-5 seconds. I'd like it to be 3 seconds or less. That seems possible based on my experience with captchas on other websites--am I missing something?

2) When I create a new poll--even if I immediately publish it and set it to open--the captcha does not appear on the page for at least 15 minutes. This needs to be instant. Update: the Captcha does appear if I refresh the page. But if I click on "Vote in this Poll" again from the poll management page, the Captcha is gone again.

[proggeramlug]

1. The problem here is that the function we are using to verify the captcha response (google cloud function) can be kinda slow. A cold start (when not being used often) can be up to 5 seconds. Subsequent requests will be faster. One solution could be that we trigger the function pre-emptively and it is alive by the time you click the button. Not sure how much I like this solution though.

2. I cannot reproduce this, can you test again? When I create a poll it the captcha is right there even when coming from the management page.

[ggordn3r]

1. Hmm... I did notice that it started working faster after my first vote. However, most sessions will be 1 vote in 1 poll, so this will come up pretty often. Thinking out loud, could we have the "Submit my vote" start checking for a response more often once the voter ranks at least 1 choice? Or is that what you mean by "trigger the function preemptively"?

2. I think it has to do with the Publish Poll button and caching. When the poll is unpublished, the Captcha never appears, no matter how many times I refresh. If I publish the poll, the first time I click "Vote on this Poll" the Captcha doesn't appear, but if I refresh it, the Captcha appears. If I am right, this will be fixed after implementing #87, since the "Vote on this Poll" button will be disabled.

[proggeramlug]

1. That is what I meant. We are now preemptively calling the function every 5 seconds when you enter the page. I think that's fair and should not produce huge costs (but we should watch it). In fact I don't think it will hardly matter at all but I still want to mention it that we are of course calling the function and Google is charging for that.

2. Correct, should be resolved now.

Ready for you to test.

[ggordn3r]

Great, tested and confirmed.

I'm going to add a new "question" issue to the main release about whether there's a faster/cheaper way to handle the cloud function, so we remember to check the spend and performance one more time before declaring 2.0 done.

[proggeramlug]

reopened? why @ggordn3r ?

[ggordn3r]

@proggeramlug I just ran into that issue where the Captcha doesn't appear again.

Details

• I click "Vote on this Poll" from the poll management page and no Captcha appears on the vote page.
• If I refresh, the Captcha appears
• BUT, if I go back to the poll management page and click "Vote on this Poll", the Captcha is gone again. It only appears on refresh.

Important: This particular poll already had votes and was Open despite not being Published. I clicked "Publish" and experienced the above.

Three theories:

1) This account (curlytrey@gmail.com) is an admin and therefore is exempt from some rule or fix you added. 2) This is just a legacy issue from an old poll being both Open and Draft, which is now impossible. (no fix needed) 3) This is a real bug related to poll creators only, which is why you always see the Captcha on your side. (fix needed)

I didn't want to make any assumptions without you looking at it again, though, so I reopened the issue.

Settings on poll management page:

View without Captcha:

[ggordn3r]

@proggeramlug update on this: I have ruled out my first and second theories by triggering the error on a brand new poll in a non-admin account. I think this may be related to your fix to #83, preventing poll creators from voting more than once in their own polls.

I voted in this poll without issue as the poll creator. Then I went back to the poll management page and clicked "Vote on this Poll" again to test the repeat. The Vote page loaded without a Captcha.

Note that this poll may be odd because I unchecked these settings:

• Keep poll open until I close it
• Randomize Order
• Limit Repeat Voting

Thus, I was expecting it to allow me to vote multiple times as the poll creator because I unchecked "Limit Repeat Voting".

[proggeramlug]

Okay @ggordn3r I figured out the problem I think, should work as expected now!

[ggordn3r]

On mobile, my captcha overlaps with the button (see screenshot). I thought about stacking the Captcha on top of the button, but that is going to take up a lot of real estate. Thoughts on one of these options? I'm assuming there is no narrower captcha box we could use.

a) Place them in the same spot: Captcha appears first, then when the checkmark clears, it is replaced by the submit vote button b) Place the captcha on top of the submit vote button, but make submit vote 50% of its current height (or maybe 33%?) c) place captcha underneath the choices on the page itself (my least favorite)

[proggeramlug]

Done, check it out!