mekarpeles
commented
7 years ago I'm for this, cc: @bfalling
Closed skylerbunny closed 6 years ago
mekarpeles
commented
7 years ago I'm for this, cc: @bfalling
dvanduzer
commented
7 years ago via @skylerbunny in Slack, an adaptable version of recaptcha v2: https://github.com/adium/python-recaptcha/blob/master/recaptcha/client/captcha.py
hornc
commented
7 years ago The place to add this check to disable recaptcha if in a dev environment would be: https://github.com/internetarchive/openlibrary/blob/18c30c785efcc51aa24cfa80796c8470b48ae00c/openlibrary/plugins/upstream/addbook.py#L54
in recaptcha_exempt()
Is this entry in the config file,
https://github.com/internetarchive/openlibrary/blob/master/conf/openlibrary.yml#L62
#dev_instance: True
the appropriate config to check?
EDIT A bit of context for the recaptcha dev instructions above: I wrote those to help with setting up a working dev recaptcha environment to work specifically on recaptcha related features and behaviour testing. I agree that having instructions to bypass the errors if the recaptcha config is not correct is also a good idea!
sbshah97
commented
6 years ago @mekarpeles @hornc would #809 be sufficient to close this!
sbshah97
commented
6 years ago @mekarpeles ?
mekarpeles
commented
6 years ago Recaptcha v2 works fine if either you use the public development keys which google issues, or if you register your own keys and add them to openlibrary.yml
To develop with reCAPTCHA locally, for testing new user signups and edits that require a user to prove they are human, you will need to sign up for a reCAPTCHA API key pair from Google Developers (1)
If a developer wants to test anything with non-admin or anonymous user permissions, they have to create a reCAPTCHA pair to ultimately get to that point, requiring going to Google. This is a bit much to simply test out basics like non-admin record insertion when reCAPTCHA is irrelevant to the testing.
Can a simple flag be added to openlibrary.yml like 'use_recaptcha', enabled by default, that can be disabled? This at least makes it easy to turn off for simple testing, and would also open the door in future to (for example) do automated performance testing related to record adding.