annotate MoinMoin/security/textcha.py @ 6128:561b7a9c2bd9

fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 01 Nov 2016 17:56:32 +0100
parents 500f68d3e2fd
children
rev   line source
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
2 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
3 MoinMoin - Text CAPTCHAs
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
4
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
5 This is just asking some (admin configured) questions and
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
6 checking if the answer is as expected. It is up to the wiki
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
7 admin to setup questions that a bot can not easily answer, but
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
8 humans can. It is recommended to setup SITE SPECIFIC questions
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
9 and not to share the questions with other sites (if everyone
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
10 asks the same questions / expects the same answers, spammers
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
11 could adapt to that).
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
12
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
13 TODO:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
14 * roundtrip the question in some other way:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
15 * make sure a q/a pair in the POST is for the q in the GET before
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
16 * make some nice CSS
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
17 * make similar changes to GUI editor
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
18
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
19 @copyright: 2007 by MoinMoin:ThomasWaldmann
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
20 @license: GNU GPL, see COPYING for details.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
21 """
6128
561b7a9c2bd9 fix wrong digestmod of hmac.new calls
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 6103
diff changeset
22 import hmac, hashlib
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
23 import re
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
24 import random
3107
c6e39279f83b refactor logging usage
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3070
diff changeset
25
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
26 from time import time
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
27
3110
a48929a5036c logging: make it work correctly by doing logging configuration very early
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3107
diff changeset
28 from MoinMoin import log
a48929a5036c logging: make it work correctly by doing logging configuration very early
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3107
diff changeset
29 logging = log.getLogger(__name__)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
30
5904
3a1b92276377 reorder imports, so that MoinMoin.support is already in sys.path
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5902
diff changeset
31 from MoinMoin import wikiutil
5902
840ebd16ddd9 use a constant time str comparison function to prevent timing attacks
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5835
diff changeset
32 from werkzeug.security import safe_str_cmp as safe_str_equal
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
33
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
34 SHA1_LEN = 40 # length of hexdigest
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
35 TIMESTAMP_LEN = 10 # length of timestamp
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
36
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
37 class TextCha(object):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
38 """ Text CAPTCHA support """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
39
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
40 def __init__(self, request, question=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
41 """ Initialize the TextCha.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
42
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
43 @param request: the request object
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
44 @param question: see _init_qa()
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
45 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
46 self.request = request
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
47 self.user_info = request.user.valid and request.user.name or request.remote_addr
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
48 self.textchas = self._get_textchas()
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
49 if self.textchas:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
50 self.secret = request.cfg.secrets["security/textcha"]
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
51 self.expiry_time = request.cfg.textchas_expiry_time
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
52 self._init_qa(question)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
53
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
54 def _get_textchas(self):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
55 """ get textchas from the wiki config for the user's language (or default_language or en) """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
56 request = self.request
4822
d44a9c23438c Groups2009: script.migration.wikiutil160a and security.textcha work with the new groups code.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4424
diff changeset
57 groups = request.groups
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
58 cfg = request.cfg
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
59 user = request.user
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
60 disabled_group = cfg.textchas_disabled_group
4829
9d510417add0 Groups2009: Instead of checking that some group is defined in a request.groups and then check that some member is in that group request.groups.get method is used.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4822
diff changeset
61 if disabled_group and user.name and user.name in groups.get(disabled_group, []):
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
62 return None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
63 textchas = cfg.textchas
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
64 if textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
65 lang = user.language or request.lang
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
66 logging.debug(u"TextCha: user.language == '%s'." % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
67 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
68 lang = cfg.language_default
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
69 logging.debug(u"TextCha: fallback to language_default == '%s'." % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
70 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
71 logging.error(u"TextCha: The textchas do not have content for language_default == '%s'! Falling back to English." % lang)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
72 lang = 'en'
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
73 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
74 logging.error(u"TextCha: The textchas do not have content for 'en', auto-disabling textchas!")
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
75 cfg.textchas = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
76 lang = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
77 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
78 lang = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
79 if lang is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
80 return None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
81 else:
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
82 logging.debug(u"TextCha: using lang = '%s'" % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
83 return textchas[lang]
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
84
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
85 def _compute_signature(self, question, timestamp):
5835
1ddf7d88c53d fix issue with non-ascii textchas, hmac_new only takes str, not unicode
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5751
diff changeset
86 signature = u"%s%d" % (question, timestamp)
6128
561b7a9c2bd9 fix wrong digestmod of hmac.new calls
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 6103
diff changeset
87 return hmac.new(self.secret, signature.encode('utf-8'), digestmod=hashlib.sha1).hexdigest()
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
88
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
89 def _init_qa(self, question=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
90 """ Initialize the question / answer.
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
91
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
92 @param question: If given, the given question will be used.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
93 If None, a new question will be generated.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
94 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
95 if self.is_enabled():
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
96 if question is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
97 self.question = random.choice(self.textchas.keys())
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
98 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
99 self.question = question
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
100 try:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
101 self.answer_regex = self.textchas[self.question]
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
102 self.answer_re = re.compile(self.answer_regex, re.U|re.I)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
103 except KeyError:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
104 # this question does not exist, thus there is no answer
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
105 self.answer_regex = ur"[Never match for cheaters]"
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
106 self.answer_re = None
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
107 logging.warning(u"TextCha: Non-existing question '%s'. User '%s' trying to cheat?" % (
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
108 self.question, self.user_info))
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
109 except re.error:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
110 logging.error(u"TextCha: Invalid regex in answer for question '%s'" % self.question)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
111 self._init_qa()
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
112
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
113 def is_enabled(self):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
114 """ check if textchas are enabled.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
115
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
116 They can be disabled for all languages if you use textchas = None or = {},
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
117 also they can be disabled for some specific language, like:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
118 textchas = {
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
119 'en': {
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
120 'some question': 'some answer',
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
121 # ...
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
122 },
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
123 'de': {}, # having no questions for 'de' means disabling textchas for 'de'
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
124 # ...
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
125 }
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
126 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
127 return not not self.textchas # we don't want to return the dict
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
128
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
129 def check_answer(self, given_answer, timestamp, signature):
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
130 """ check if the given answer to the question is correct and within the correct timeframe"""
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
131 if self.is_enabled():
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
132 reason = 'ok'
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
133 if self.answer_re is not None:
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
134 success = self.answer_re.match(given_answer.strip()) is not None
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
135 if not success:
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
136 reason = 'answer_re did not match'
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
137 else:
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
138 # someone trying to cheat!?
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
139 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
140 reason = 'answer_re is None'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
141 if not timestamp or timestamp + self.expiry_time < time():
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
142 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
143 reason = 'textcha expired'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
144 try:
5902
840ebd16ddd9 use a constant time str comparison function to prevent timing attacks
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5835
diff changeset
145 if not safe_str_equal(self._compute_signature(self.question, timestamp), signature):
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
146 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
147 reason = 'signature mismatch'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
148 except TypeError:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
149 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
150 reason = 'TypeError during signature check'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
151
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
152 success_status = success and u"success" or u"failure"
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
153 logging.info(u"TextCha: %s (u='%s', a='%s', re='%s', q='%s', rsn='%s')" % (
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
154 success_status,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
155 self.user_info,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
156 given_answer,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
157 self.answer_regex,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
158 self.question,
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
159 reason,
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
160 ))
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
161 return success
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
162 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
163 return True
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
164
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
165 def _make_form_values(self, question, given_answer):
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
166 timestamp = time()
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
167 question_form = "%s %d%s" % (
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
168 wikiutil.escape(question, True),
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
169 timestamp,
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
170 self._compute_signature(question, timestamp)
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
171 )
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
172 given_answer_form = wikiutil.escape(given_answer, True)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
173 return question_form, given_answer_form
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
174
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
175 def _extract_form_values(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
176 if form is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
177 form = self.request.form
4424
5ad5753ae311 pre-1.9: request.form has qs args and post data, 1.9: .form only post data, .args only qs args, .values both
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4358
diff changeset
178 question = form.get('textcha-question')
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
179 signature = None
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
180 timestamp = None
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
181 if question:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
182 # the signature is the last SHA1_LEN bytes of the question
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
183 signature = question[-SHA1_LEN:]
5751
e4479bf1c820 Fix 'trailing blanks' warnings in source code
pavel_vinogradov
parents: 5749
diff changeset
184
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
185 # operate on the remainder
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
186 question = question[:-SHA1_LEN]
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
187 try:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
188 # the timestamp is the next TIMESTAMP_LEN bytes
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
189 timestamp = int(question[-TIMESTAMP_LEN:])
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
190 except ValueError:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
191 pass
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
192 # there is a space between the timestamp and the question, so take away 1
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
193 question = question[:-TIMESTAMP_LEN - 1]
4424
5ad5753ae311 pre-1.9: request.form has qs args and post data, 1.9: .form only post data, .args only qs args, .values both
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4358
diff changeset
194 given_answer = form.get('textcha-answer', u'')
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
195 return question, given_answer, timestamp, signature
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
196
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
197 def render(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
198 """ Checks if textchas are enabled and returns HTML for one,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
199 or an empty string if they are not enabled.
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
200
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
201 @return: unicode result html
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
202 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
203 if self.is_enabled():
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
204 question, given_answer, timestamp, signature = self._extract_form_values(form)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
205 if question is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
206 question = self.question
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
207 question_form, given_answer_form = self._make_form_values(question, given_answer)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
208 result = u"""
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
209 <div id="textcha">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
210 <span id="textcha-question">%s</span>
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
211 <input type="hidden" name="textcha-question" value="%s">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
212 <input id="textcha-answer" type="text" name="textcha-answer" value="%s" size="20" maxlength="80">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
213 </div>
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
214 """ % (wikiutil.escape(question), question_form, given_answer_form)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
215 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
216 result = u''
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
217 return result
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
218
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
219 def check_answer_from_form(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
220 if self.is_enabled():
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
221 question, given_answer, timestamp, signature = self._extract_form_values(form)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
222 self._init_qa(question)
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
223 return self.check_answer(given_answer, timestamp, signature)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
224 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
225 return True
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
226