Implement hCaptcha in anonymous login

princekhunt / privateping

PrivatePing is a secure messaging application built on Python's Django framework, providing end-to-end encryption for messages exchanged between users.

https://privateping.bytespot.tech

MIT License

124 stars 30 forks source link

Implement hCaptcha in anonymous login #30

Closed princekhunt closed 1 week ago

princekhunt commented 2 weeks ago

Is your feature request related to a problem? Please describe. A user can create an anonymous account, by just one click. To prevent bots doing that, I propose to add captcha. User has to pass through human verification.

Describe the solution you'd like Privateping is privacy oriented application, hence it's decided to use hcaptcha service. When user clicks on Anonymous Direct Login Button, currently we move them to/AnonymousDirectLogin and perform mouse hover check. Now we will replace it with the captcha. and on successful captcha verification, user should be able to create an anonymous account.

Mayureshd-18 commented 2 weeks ago

We can use google recaptacha or a basic django-simpel-captcha. If you prefer to use google recaptcha, I would need the keys from the recaptcha website. Else we can directly use simple django captcha like the image below

princekhunt commented 2 weeks ago

Can't we use hCaptcha ?

Mayureshd-18 commented 2 weeks ago

Ya sure that would work too. If you can assign it, I will be able to see the best possible way and start working on it.

princekhunt commented 2 weeks ago

Alright. Go on.

Mayureshd-18 commented 1 week ago

@princekhunt Hello. I have the prototype ready. Just a few tweaks are remaining. Please review the attached image and confirm whether anything more is needed.

Also, it would be better if you could provide me with the keys needed for hCaptcha as it would keep things under your control. If you can't share them here, you can share them on LinkedIn or mail me.

Regards.

princekhunt commented 1 week ago

That is not how it works.

define required keys in PrivatePing/settings/.env, and then define both in development.py, and then import keys, to views.py.

For the production, I'll update keys from my end.

Checkout how environment variables works on the internet if needed.

Mayureshd-18 commented 1 week ago

Yeah already done that. I was just asking if I should replace my keys or you would. Thank you. Just replace the keys before deploying to production.

Regards

princekhunt commented 1 week ago

Yes, will update in prod, kindly make pr. will test the functionality and design before heading.