Closed fspc closed 9 months ago
pbiering
commented
9 months ago Thank you for the hint, will investigate extension with V2Invisible and V3.
Regarding conditional template code for django/contrib/admin/templates/admin/login.html Any clue how to toggle this by using config value CAPTCHA_SERVICE or at least honor a new variable set in the related Python code to hide for V2Invisible and V3?
fspc
commented
9 months ago Regarding conditional template code for django/contrib/admin/templates/admin/login.html Any clue how to toggle this by using config value CAPTCHA_SERVICE or at least honor a new variable set in the related Python code to hide for V2Invisible and V3?
There is an extensive conversation at https://stackoverflow.com/questions/433162/can-i-access-constants-in-settings-py-from-templates-in-django , which presents many approaches.
For simplicity, the interesting solution that catches my attention is the django-settings-export app.
Alternatively, in the code, itself, I am thinking django/contrib/admin/templatetags/admin_{list|url}.py may be one likely place with custom template tags to reference the settings constants or a new file could be created, however, with the app you could avoid having to make those changes.
pbiering
commented
9 months ago @fspc : while working on implementation, can it be that https://pypi.org/project/django-recaptcha/ 4.0.0 broke "v2 checkbox" and "v2 invisible" support? I've tested with 3.0.0 last time, had not tested 4.0.0 with reCaptcha so far.
Found related javascript in HTML but not displayed in browser. v3 is working fine.
Keysets for all variants generated and selected. No issue found with hCaptcha/FriendlyCaptcha/Turnstile
fspc
commented
9 months ago You are correct, with 4.0.0 the default "v2 checkbox" is not working, but v3 is working really well, and has completely stopped account creation spam. I never tested "v2 checkbox". We utilize the dockerized version of mailman where settings.py has to be configured differently with settings_local.py. I would be happy to include some documentation when you have the updated patches ready, or even if you decide not to update the patches.
pbiering
commented
9 months ago Thank you for confirmation that 4.0.0 has broken "v2 checkbox" (and imho also "v2 invisible"), will file a ticket there. And yes, I'm working already on new set of patches, potentially ready for preview tomorrow already.
pbiering
commented
9 months ago @fspc : I don't understand the request removing from django/contrib/admin/templates/admin/login.html, because if done, the admin portal login is without CAPTCHA protection.
<div class="form-row">
{{ form.captcha.errors }}
{{ form.captcha }}
</div>Were also able to repair Google's reCAPTCHA v2 "checkbox" and "hidden", looks like upstream broke something during 3.0.0 -> 4.0.0, had to fetch some changes from 4.0.0->4.1.0(upcoming) as well revert some 3.0.0->4.0.0
pbiering
commented
9 months ago V3 is not default, but now supported, see here https://github.com/pbiering/mailman3-rpm/releases/tag/3.3.9-26
fspc
commented
9 months ago @fspc : I don't understand the request removing from django/contrib/admin/templates/admin/login.html, because if done, the admin portal login is without CAPTCHA protection.
<div class="form-row"> {{ form.captcha.errors }} {{ form.captcha }} </div>
You can safely ignore this request. I like the new django_multi_captcha_support.py, and cleaned up patches with the widget support. The lack of widget support was the main cause of the errors I experienced with the earlier patches, as well as the 4.0.0 buginess.
Thank-you for providing the captcha patches.
reCAPTCHA v3 is a nice alternative to v2, but the default behavior of your captcha patches is to provide a field for v2.
With a simple code change in the patches, v3 could become the default behavior when CAPTCHA_SERVICE = 'recaptcha':
UNDER
from django_recaptcha.fields import ReCaptchaFieldADDfrom django_recaptcha.widgets import ReCaptchaV3For each instance of
CHANGE TO
In the file django/contrib/admin/templates/admin/login.html DO NOT SHOW this code when recaptcha is chosen as the service
Obviously, an alternative would be to provide two settings for recaptcha (recaptchaV2 and recaptchaV3). If recaptchaV2 is chosen, then the form-row code would be shown, and the widget not used.