search

fossasia / open-event-server

The Open Event Organizer Server to Manage Events https://test-api.eventyay.com
https://api.eventyay.com
GNU General Public License v3.0
2.98k stars 1.89k forks source link

Implementation ReCaptcha for Sensitive Activities #6036

Closed kushthedude closed 2 years ago

kushthedude commented 5 years ago

Please See https://github.com/fossasia/open-event-frontend/issues/3129

kushthedude commented 5 years ago

@iamareebjamal Can you please help, How do I integrate the following reCAPTCHA with server, I already read docs of ember-g-reCAPTCHA, didn't find much about server integration, And after reading the integration of reCAPTCHA with flask, They provide the method to integrate with WTForms and we are not using WTF anywhere except for login validators.

iamareebjamal commented 5 years ago

https://codelabs.developers.google.com/codelabs/reCAPTCHA/index.html#6

mrsaicharan1 commented 5 years ago

@uds5501 Would you like to take this up?

kushthedude commented 5 years ago

Yeah it would be great if someone could help with Server side , I have already done the FE using ember g captcha on the local

On Tue, 23 Jul, 2019, 21:48 Saicharan Reddy, notifications@github.com wrote:

@uds5501 https://github.com/uds5501 Would you like to take this up?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/fossasia/open-event-server/issues/6036?email_source=notifications&email_token=AKQMTLWZ6CEHBSBROSL6CZ3QA4VNNA5CNFSM4HXJLXY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2TU6HY#issuecomment-514281247, or mute the thread https://github.com/notifications/unsubscribe-auth/AKQMTLRSYYVTBXW6I22PACDQA4VNNANCNFSM4HXJLXYQ .

uds5501 commented 5 years ago

@kushthedude I don't think ember g captcha is gonna cut it. Please take a look at the link @iamareebjamal provided and check if we can merge the steps given in this resource.

kushthedude commented 5 years ago

@uds5501 Implementing manual scripts on FE as done for omise will break our structure of code, I will strongly suggest to use some already developed module or package, manually implementing reCAPTCHA would take time.

On Tue, 23 Jul, 2019, 22:25 Uddeshya Singh, notifications@github.com wrote:

@kushthedude https://github.com/kushthedude I don't think ember g captcha is gonna cut it. Please take a look at the link @iamareebjamal https://github.com/iamareebjamal provided and check if we can merge the steps given in this resource.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fossasia/open-event-server/issues/6036?email_source=notifications&email_token=AKQMTLS2DR2L3HVR5M4NF2TQA4ZWTA5CNFSM4HXJLXY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2TYIDI#issuecomment-514294797, or mute the thread https://github.com/notifications/unsubscribe-auth/AKQMTLTXI4LBLDBZAX5M7ILQA4ZWTANCNFSM4HXJLXYQ .

iamareebjamal commented 5 years ago

@kushthedude What manual scripts? This is the way captcha is implemented everywhere. Either find a way ember captcha works with backend integration, or find an ember package that does, or write your own. Writing vanilla javascript is bad, since when? If you only want to use ember package, and there is no such package available, write one yourself.

All these packages are written by humans only and in vanilla javascript. They are not forged by magic.

Also, heavily relying on frameworks have only hurt our flow, not improved it. Trust me. Flask was used in backend to be flexible for us to do what we wanted even if a package wasn't available for it, because it was a microframework. A lot of functionality implemented in our backend has been written by ourselves and later replaced with packages when they were at par with our specification. This would not be possible for frameworks like Django as they take away control from your hand.

Ember in frontend has been completely opposite choice to flask. It is more than Django of frontend because the choice of ember in FE has influenced the implementation of backend. Where for using ember data, we used JSONAPI spec, but no developer implements new endpoints using it correctly. Similarly, OAuth and Payment integrations are so tightly coupled with ember that they are unusable in mobile and hence, there is a need to implement duplicate endpoints each for mobile and FE. So, it has made it easy for FE, but harder for server and mobile.

There needs to be a single implementation in backend which both mobile and FE can use. It may mean there is no compatible package in ember for that, so let's write a custom one as server and mobile already do. Or find one which can work in a compatible flow with mobile and server

iamareebjamal commented 5 years ago

And you think manually implementing captcha will take time as you have to implement the whole captcha recognition system yourself. We have to literally use a library Google provides and hence has already made the process extremely easy. Let's not be spoilt developers who can only add a feature if there's a package for it

mariobehling commented 2 years ago

There are already some Captcha areas and we will re-approach this question when we move to the next version with React. Therefore closing this.