Add ReCAPTCHA support to password reset form

pkp / pkp-lib

The library used by PKP's applications OJS, OMP and OPS, open source software for scholarly publishing.

https://pkp.sfu.ca

GNU General Public License v3.0

297 stars 443 forks source link

Add ReCAPTCHA support to password reset form #6984

Open asmecher opened 3 years ago

asmecher commented 3 years ago

The password reset form can generate unwanted emails if abused. Add ReCAPTCHA support to the password reset form.

NateWr commented 3 years ago

Since ReCAPTCHA is not available in China, can/should we do some basic rate limiting? If we log the reset request, we should be able to not send another reset request until the last one expires?

henriqueramos commented 3 years ago

As mentioned on Slack channel, we could use the hCaptcha instead reCaptcha.

mfelczak commented 1 year ago

Just wanted to add a +1 for rate limiting the password reset form.

LuisLepidus commented 2 months ago

henriqueramos commented 2 months ago

@asmecher This feature its on dev roadmap? If not, I will spend some time creating this as a package.

asmecher commented 2 months ago

@henriqueramos, it hasn't yet been prioritized against a specific release, but I'd be happy to get a pull request reviewed!