annotate MoinMoin/security/textcha.py @ 6057:e1e9c0f9d7dd

textcha failures: log reason
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Thu, 04 Sep 2014 14:12:27 +0200
parents 3a1b92276377
children 500f68d3e2fd
rev   line source
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
2 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
3 MoinMoin - Text CAPTCHAs
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
4
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
5 This is just asking some (admin configured) questions and
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
6 checking if the answer is as expected. It is up to the wiki
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
7 admin to setup questions that a bot can not easily answer, but
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
8 humans can. It is recommended to setup SITE SPECIFIC questions
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
9 and not to share the questions with other sites (if everyone
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
10 asks the same questions / expects the same answers, spammers
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
11 could adapt to that).
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
12
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
13 TODO:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
14 * roundtrip the question in some other way:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
15 * make sure a q/a pair in the POST is for the q in the GET before
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
16 * make some nice CSS
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
17 * make similar changes to GUI editor
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
18
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
19 @copyright: 2007 by MoinMoin:ThomasWaldmann
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
20 @license: GNU GPL, see COPYING for details.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
21 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
22
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
23 import re
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
24 import random
3107
c6e39279f83b refactor logging usage
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3070
diff changeset
25
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
26 from time import time
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
27
3110
a48929a5036c logging: make it work correctly by doing logging configuration very early
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3107
diff changeset
28 from MoinMoin import log
a48929a5036c logging: make it work correctly by doing logging configuration very early
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3107
diff changeset
29 logging = log.getLogger(__name__)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
30
5904
3a1b92276377 reorder imports, so that MoinMoin.support is already in sys.path
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5902
diff changeset
31 from MoinMoin import wikiutil
5902
840ebd16ddd9 use a constant time str comparison function to prevent timing attacks
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5835
diff changeset
32 from werkzeug.security import safe_str_cmp as safe_str_equal
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
33 from MoinMoin.support.python_compatibility import hmac_new
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
34
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
35 SHA1_LEN = 40 # length of hexdigest
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
36 TIMESTAMP_LEN = 10 # length of timestamp
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
37
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
38 class TextCha(object):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
39 """ Text CAPTCHA support """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
40
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
41 def __init__(self, request, question=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
42 """ Initialize the TextCha.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
43
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
44 @param request: the request object
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
45 @param question: see _init_qa()
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
46 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
47 self.request = request
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
48 self.user_info = request.user.valid and request.user.name or request.remote_addr
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
49 self.textchas = self._get_textchas()
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
50 if self.textchas:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
51 self.secret = request.cfg.secrets["security/textcha"]
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
52 self.expiry_time = request.cfg.textchas_expiry_time
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
53 self._init_qa(question)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
54
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
55 def _get_textchas(self):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
56 """ get textchas from the wiki config for the user's language (or default_language or en) """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
57 request = self.request
4822
d44a9c23438c Groups2009: script.migration.wikiutil160a and security.textcha work with the new groups code.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4424
diff changeset
58 groups = request.groups
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
59 cfg = request.cfg
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
60 user = request.user
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
61 disabled_group = cfg.textchas_disabled_group
4829
9d510417add0 Groups2009: Instead of checking that some group is defined in a request.groups and then check that some member is in that group request.groups.get method is used.
Dmitrijs Milajevs <dimazest@gmail.com>
parents: 4822
diff changeset
62 if disabled_group and user.name and user.name in groups.get(disabled_group, []):
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
63 return None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
64 textchas = cfg.textchas
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
65 if textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
66 lang = user.language or request.lang
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
67 logging.debug(u"TextCha: user.language == '%s'." % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
68 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
69 lang = cfg.language_default
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
70 logging.debug(u"TextCha: fallback to language_default == '%s'." % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
71 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
72 logging.error(u"TextCha: The textchas do not have content for language_default == '%s'! Falling back to English." % lang)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
73 lang = 'en'
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
74 if lang not in textchas:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
75 logging.error(u"TextCha: The textchas do not have content for 'en', auto-disabling textchas!")
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
76 cfg.textchas = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
77 lang = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
78 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
79 lang = None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
80 if lang is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
81 return None
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
82 else:
3159
915a431b663c logging: security package refactored, moved frozenset to python_compatibility
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3110
diff changeset
83 logging.debug(u"TextCha: using lang = '%s'" % lang)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
84 return textchas[lang]
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
85
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
86 def _compute_signature(self, question, timestamp):
5835
1ddf7d88c53d fix issue with non-ascii textchas, hmac_new only takes str, not unicode
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5751
diff changeset
87 signature = u"%s%d" % (question, timestamp)
1ddf7d88c53d fix issue with non-ascii textchas, hmac_new only takes str, not unicode
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5751
diff changeset
88 return hmac_new(self.secret, signature.encode('utf-8')).hexdigest()
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
89
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
90 def _init_qa(self, question=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
91 """ Initialize the question / answer.
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
92
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
93 @param question: If given, the given question will be used.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
94 If None, a new question will be generated.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
95 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
96 if self.is_enabled():
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
97 if question is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
98 self.question = random.choice(self.textchas.keys())
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
99 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
100 self.question = question
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
101 try:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
102 self.answer_regex = self.textchas[self.question]
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
103 self.answer_re = re.compile(self.answer_regex, re.U|re.I)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
104 except KeyError:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
105 # this question does not exist, thus there is no answer
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
106 self.answer_regex = ur"[Never match for cheaters]"
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
107 self.answer_re = None
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
108 logging.warning(u"TextCha: Non-existing question '%s'. User '%s' trying to cheat?" % (
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
109 self.question, self.user_info))
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
110 except re.error:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
111 logging.error(u"TextCha: Invalid regex in answer for question '%s'" % self.question)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
112 self._init_qa()
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
113
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
114 def is_enabled(self):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
115 """ check if textchas are enabled.
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
116
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
117 They can be disabled for all languages if you use textchas = None or = {},
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
118 also they can be disabled for some specific language, like:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
119 textchas = {
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
120 'en': {
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
121 'some question': 'some answer',
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
122 # ...
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
123 },
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
124 'de': {}, # having no questions for 'de' means disabling textchas for 'de'
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
125 # ...
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
126 }
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
127 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
128 return not not self.textchas # we don't want to return the dict
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
129
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
130 def check_answer(self, given_answer, timestamp, signature):
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
131 """ check if the given answer to the question is correct and within the correct timeframe"""
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
132 if self.is_enabled():
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
133 reason = 'ok'
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
134 if self.answer_re is not None:
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
135 success = self.answer_re.match(given_answer.strip()) is not None
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
136 if not success:
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
137 reason = 'answer_re did not match'
4358
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
138 else:
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
139 # someone trying to cheat!?
a952d07dea69 TextChas: fix treatment of unknown keys
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3159
diff changeset
140 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
141 reason = 'answer_re is None'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
142 if not timestamp or timestamp + self.expiry_time < time():
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
143 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
144 reason = 'textcha expired'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
145 try:
5902
840ebd16ddd9 use a constant time str comparison function to prevent timing attacks
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5835
diff changeset
146 if not safe_str_equal(self._compute_signature(self.question, timestamp), signature):
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
147 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
148 reason = 'signature mismatch'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
149 except TypeError:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
150 success = False
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
151 reason = 'TypeError during signature check'
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
152
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
153 success_status = success and u"success" or u"failure"
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
154 logging.info(u"TextCha: %s (u='%s', a='%s', re='%s', q='%s', rsn='%s')" % (
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
155 success_status,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
156 self.user_info,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
157 given_answer,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
158 self.answer_regex,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
159 self.question,
6057
e1e9c0f9d7dd textcha failures: log reason
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5904
diff changeset
160 reason,
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
161 ))
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
162 return success
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
163 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
164 return True
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
165
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
166 def _make_form_values(self, question, given_answer):
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
167 timestamp = time()
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
168 question_form = "%s %d%s" % (
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
169 wikiutil.escape(question, True),
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
170 timestamp,
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
171 self._compute_signature(question, timestamp)
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
172 )
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
173 given_answer_form = wikiutil.escape(given_answer, True)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
174 return question_form, given_answer_form
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
175
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
176 def _extract_form_values(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
177 if form is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
178 form = self.request.form
4424
5ad5753ae311 pre-1.9: request.form has qs args and post data, 1.9: .form only post data, .args only qs args, .values both
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4358
diff changeset
179 question = form.get('textcha-question')
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
180 signature = None
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
181 timestamp = None
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
182 if question:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
183 # the signature is the last SHA1_LEN bytes of the question
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
184 signature = question[-SHA1_LEN:]
5751
e4479bf1c820 Fix 'trailing blanks' warnings in source code
pavel_vinogradov
parents: 5749
diff changeset
185
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
186 # operate on the remainder
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
187 question = question[:-SHA1_LEN]
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
188 try:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
189 # the timestamp is the next TIMESTAMP_LEN bytes
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
190 timestamp = int(question[-TIMESTAMP_LEN:])
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
191 except ValueError:
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
192 pass
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
193 # there is a space between the timestamp and the question, so take away 1
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
194 question = question[:-TIMESTAMP_LEN - 1]
4424
5ad5753ae311 pre-1.9: request.form has qs args and post data, 1.9: .form only post data, .args only qs args, .values both
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4358
diff changeset
195 given_answer = form.get('textcha-answer', u'')
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
196 return question, given_answer, timestamp, signature
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
197
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
198 def render(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
199 """ Checks if textchas are enabled and returns HTML for one,
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
200 or an empty string if they are not enabled.
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
201
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
202 @return: unicode result html
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
203 """
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
204 if self.is_enabled():
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
205 question, given_answer, timestamp, signature = self._extract_form_values(form)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
206 if question is None:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
207 question = self.question
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
208 question_form, given_answer_form = self._make_form_values(question, given_answer)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
209 result = u"""
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
210 <div id="textcha">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
211 <span id="textcha-question">%s</span>
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
212 <input type="hidden" name="textcha-question" value="%s">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
213 <input id="textcha-answer" type="text" name="textcha-answer" value="%s" size="20" maxlength="80">
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
214 </div>
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
215 """ % (wikiutil.escape(question), question_form, given_answer_form)
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
216 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
217 result = u''
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
218 return result
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
219
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
220 def check_answer_from_form(self, form=None):
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
221 if self.is_enabled():
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
222 question, given_answer, timestamp, signature = self._extract_form_values(form)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
223 self._init_qa(question)
5749
5d5ec86e40a2 improve textcha security (thanks to rfw, GCI 2010)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4829
diff changeset
224 return self.check_answer(given_answer, timestamp, signature)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
225 else:
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
226 return True
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2983
diff changeset
227