Captchas

[MehmetKay-sudo]

The aim in resolving this issue is to write a module for @karatekbot in telegram.

[KaratekHD]

I'm not sure wether you understood correctly what I was trying to say on Telegram. The goal is not exactly writing a module for the Bot, but to write a framework that can be implemented by bots, e.g. karatekbot. So my thought would be that you write a module for defrag / the API that generates a captcha image and the possibility to validate the users input regarding that image.

[MehmetKay-sudo]

ok, then i did not understand correctly. Thanks for explaining again.

[MehmetKay-sudo]

Just to get it right: with the API that generates the captcha image, we validate also if the user is no bot?

[MehmetKay-sudo]

but our bots in this framework communicate with the users

[why-not-try-calmer]

Just to get it right: with the API that generates the captcha image, we validate also if the user is no bot?

Your question is: "If a bot joins a chat, what should the captcha-bot do"? Jens is the expert on bots, so he should tell you. But if this is your question, I think the logic goes like this:

• if the entity is not a bot, start the captcha authentication flow; if failed, ban
• if the entity is a bot, check if the bot's id belongs to any any of the openSUSE's bots; if not, ban

In other words, you end up banning every entity that is either an unknown bot or a user who failed the captcha.

By the way there are 2 parts in this feature:

1. Generate a random captcha image.
2. Send the captcha, listen for the reply, and ban if failed.

(2) heavily depends on your knowledge of Matrix and Telegram's API (for the latter see: https://core.telegram.org/bots/api). (1) on the other hand can be done without any knowledge of these APIs.

[MehmetKay-sudo]

yes, i found the page: https://core.telegram.org/bots/api.

thanks!

[MehmetKay-sudo]

i have not deep knowledge of Matrix and Telegram API, so i'll find a way.

[why-not-try-calmer]

i have not deep knowledge of Matrix and Telegram API, so i'll find a way.

Then you can start with (1) :D

[KaratekHD]

So, let me make clear how I think is the best way for this to work.

1. User joins a chat
2. [bot] The bot of the platform the user is on reacts, maybe checks of it already knows the user from another chat and if not, proceeds
3. [bot] sends request to the defrag API and asks for a captcha
4. [API] generates a captcha image, together with an ID, and stores the solution for the captcha together with the ID. Returns ID and image to the bot.
5. [bot] sends the captcha image to the group. Keeps the message ID of the image associated with the captcha ID in memory.
6. [user] Sends solutions to the captcha. If not, [bot] bans user.
7. [bot] sends input to defrag, together with captcha ID
8. [API] validates input based on the stored solution associated with the captcha ID
9. [API] returns a boolean that includes wether the user completed the captcha correctly
10. [bot] If the boolean from 9. is true, delete the captcha image and allow the user to send messages, if it is false ban the user

So defrag must only implement what is done by the API, so everything that starts with [API]. The bot side of things can then be implemented by the bot developers, probably me, as I am planning to rewrite my bot to benefit from this API.

I hope this makes clear how I think it should be done. If you think another way is better, please tell me.

[KaratekHD]

@MehmetKay-sudo For generating captcha images, you can look at the (uncompleted) work I did on my telegram bot. Check the send_captcha() function in https://github.com/KaratekHD/Nemesis/blob/master/tg_bot/modules/welcome.py

It's not a good implementation, but should give you an idea how the captcha library works.

[MehmetKay-sudo]

Wow, your code looks amazing. I’ll check that.

Von meinem iPhone gesendet

Am 09.08.2021 um 10:15 schrieb Jens @.***>:

 Assigned #44 to @MehmetKay-sudo.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or unsubscribe.

[MehmetKay-sudo]

the step by step description helps me a lot, to understand the procedure.