From 53b7030c6af5d9073117e1759d9caca8f54e9b34 Mon Sep 17 00:00:00 2001 From: Graham Knop Date: Sat, 21 Dec 2024 13:53:28 +0100 Subject: [PATCH] remove captcha The captcha is being removed from the API because our identity providers already do enough checking for our purposes. --- app.psgi | 3 +- lib/MetaCPAN/Web/Authentication/User.pm | 7 ++-- .../Web/Controller/Account/Favorite.pm | 6 +--- lib/MetaCPAN/Web/Controller/Account/Turing.pm | 32 ------------------- lib/MetaCPAN/Web/Model/API/User.pm | 9 ------ metacpan_web.conf | 4 --- root/account/turing.tx | 24 -------------- root/base/account.tx | 5 --- root/static/js/cpan.js | 4 +-- root/static/js/main.mjs | 1 - root/static/js/recaptcha.mjs | 23 ------------- t/controller/account.t | 5 +-- t/html.t | 3 +- 13 files changed, 7 insertions(+), 119 deletions(-) delete mode 100644 lib/MetaCPAN/Web/Controller/Account/Turing.pm delete mode 100644 root/account/turing.tx delete mode 100644 root/static/js/recaptcha.mjs diff --git a/app.psgi b/app.psgi index 37fb6216a46..623f0811123 100644 --- a/app.psgi +++ b/app.psgi @@ -88,8 +88,7 @@ builder { "frame-ancestors 'self' *.metacpan.org", # temporary 'unsafe-eval' because root/static/js/jquery.tablesorter.js - "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/", - + "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.metacpan.org https://*.googletagmanager.com", ), 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block', diff --git a/lib/MetaCPAN/Web/Authentication/User.pm b/lib/MetaCPAN/Web/Authentication/User.pm index ea0f647288b..3ea1c595acb 100644 --- a/lib/MetaCPAN/Web/Authentication/User.pm +++ b/lib/MetaCPAN/Web/Authentication/User.pm @@ -42,10 +42,8 @@ sub BUILDARGS { sub for_session { $_[0]->token } -has id => ( is => 'ro' ); -has looks_human => ( is => 'ro' ); -has passed_captcha => ( is => 'ro' ); -has access_token => ( is => 'ro' ); +has id => ( is => 'ro' ); +has access_token => ( is => 'ro' ); has identity => ( is => 'ro', isa => HashRef->plus_coercions( ArrayToHash ['name'] ), @@ -70,7 +68,6 @@ for my $method ( qw( get_profile add_favorite remove_favorite - turing ) ) { no strict 'refs'; diff --git a/lib/MetaCPAN/Web/Controller/Account/Favorite.pm b/lib/MetaCPAN/Web/Controller/Account/Favorite.pm index 637999cf8c3..1dfbb21334b 100644 --- a/lib/MetaCPAN/Web/Controller/Account/Favorite.pm +++ b/lib/MetaCPAN/Web/Controller/Account/Favorite.pm @@ -32,11 +32,7 @@ sub add : Local : Args(0) { } } else { - $c->res->redirect( - $res->{error} - ? $c->uri_for('/account/turing/index') - : $c->req->referer - ); + $c->res->redirect( $c->req->referer ); } } diff --git a/lib/MetaCPAN/Web/Controller/Account/Turing.pm b/lib/MetaCPAN/Web/Controller/Account/Turing.pm deleted file mode 100644 index 1d3eeb158b1..00000000000 --- a/lib/MetaCPAN/Web/Controller/Account/Turing.pm +++ /dev/null @@ -1,32 +0,0 @@ -package MetaCPAN::Web::Controller::Account::Turing; - -use Moose; -BEGIN { extends 'MetaCPAN::Web::Controller' } - -has public_key => ( is => 'ro', required => 1 ); - -sub index : Path('') : Args(0) { - my ( $self, $c ) = @_; - my $user = $c->user - or $c->detach('/forbidden'); - - if ( $c->req->method eq 'POST' ) { - my $params = $c->req->params; - my $res = $user->turing( $params->{'g-recaptcha-response'} )->get; - $c->stash( { - success => $res->{looks_human}, - error => $res->{error}, - res => $res, - referer => $params->{r}, - } ); - } - $c->stash( { - template => 'account/turing.tx', - recaptcha_key => $self->public_key, - } ); - -} - -__PACKAGE__->meta->make_immutable; - -1; diff --git a/lib/MetaCPAN/Web/Model/API/User.pm b/lib/MetaCPAN/Web/Model/API/User.pm index 17e8c857812..5c2bf182fe0 100644 --- a/lib/MetaCPAN/Web/Model/API/User.pm +++ b/lib/MetaCPAN/Web/Model/API/User.pm @@ -86,15 +86,6 @@ sub remove_favorite { undef, { access_token => $token }, 'DELETE' ); } -sub turing { - my ( $self, $token, $answer ) = @_; - $self->request( - '/user/turing', - { answer => $answer }, - { access_token => $token }, - ); -} - __PACKAGE__->meta->make_immutable; 1; diff --git a/metacpan_web.conf b/metacpan_web.conf index d5ad3a0562d..c7eff8c1811 100644 --- a/metacpan_web.conf +++ b/metacpan_web.conf @@ -16,10 +16,6 @@ mark_unauthorized_releases = 0 cache = 1 - - public_key 6LeH2MsSAAAAANwz3AA73Gw5OjCVjT6I51Ev-ior - - object_type = author field_name = pauseid diff --git a/root/account/turing.tx b/root/account/turing.tx deleted file mode 100644 index ca29640c2b6..00000000000 --- a/root/account/turing.tx +++ /dev/null @@ -1,24 +0,0 @@ -%% cascade base::account -%% override content -> { - %% if $error { -
-

Error

- The answer was not correct. Please try again.. -
- %% } - %% if $success { -
-

Success

- Thank you. -
- Continue browsing - %% } - %% else { -
Verify Account -

Please solve the Captcha. This will allow you to ++ modules. You'll have to complete this test only once.


-
-
-
-
- %% } -%% } diff --git a/root/base/account.tx b/root/base/account.tx index 6dc339831dd..2c146f9c936 100644 --- a/root/base/account.tx +++ b/root/base/account.tx @@ -3,11 +3,6 @@ %% } %% override left_nav_classes -> { 'nav nav-pills nav-stacked' } %% override left_nav_content -> { -%% if !$user.looks_human { -
  • - Verify Account -
    • -%% }
  • Identities
    • diff --git a/root/static/js/cpan.js b/root/static/js/cpan.js index f3f3ee0b463..25a5144030c 100644 --- a/root/static/js/cpan.js +++ b/root/static/js/cpan.js @@ -236,9 +236,7 @@ for (const favForm of document.querySelectorAll('form[action="/account/favorite/ body: formData, }); if (!response.ok) { - if (confirm("You have to complete a Captcha in order to ++.")) { - document.location.href = "/account/turing"; - } + alert("Error adding favorite!"); } const button = favForm.querySelector('button'); diff --git a/root/static/js/main.mjs b/root/static/js/main.mjs index 764bf025559..4abdbbb2c1f 100644 --- a/root/static/js/main.mjs +++ b/root/static/js/main.mjs @@ -5,7 +5,6 @@ import './cpan.js'; import './github.js'; import './dropdown.js'; import './profile.js'; -import './recaptcha.mjs'; import './search.js'; import 'bootstrap/js/dropdown.js'; import 'bootstrap/js/collapse.js'; diff --git a/root/static/js/recaptcha.mjs b/root/static/js/recaptcha.mjs deleted file mode 100644 index 60d59d451ac..00000000000 --- a/root/static/js/recaptcha.mjs +++ /dev/null @@ -1,23 +0,0 @@ -function recaptcha_prepare() { - return new Promise((resolve, reject) => { - const recaptcha_script = document.createElement('script'); - recaptcha_script.setAttribute('async', ''); - recaptcha_script.setAttribute('defer', ''); - recaptcha_script.setAttribute('src', 'https://www.google.com/recaptcha/api.js?render=explicit'); - recaptcha_script.addEventListener('load', () => { - window.grecaptcha.ready(() => resolve(window.grecaptcha)); - }); - recaptcha_script.addEventListener('error', () => reject('Error loading reCAPTCHA')); - document.head.appendChild(recaptcha_script); - }); -} - -const recaptcha_div = document.querySelector('.g-recaptcha'); -if (recaptcha_div) { - const recaptcha_form = recaptcha_div.closest('form'); - - const grecaptcha = await recaptcha_prepare(); - grecaptcha.render(recaptcha_div, { - callback: () => recaptcha_form.submit() - }); -} diff --git a/t/controller/account.t b/t/controller/account.t index 607e390464c..cc4adcae237 100644 --- a/t/controller/account.t +++ b/t/controller/account.t @@ -85,10 +85,7 @@ test_psgi app, sub { }; # (we're always authenticated from now on) - $user_res = { - looks_human => \1, - id => '5', - }; + $user_res = { id => '5', }; subtest 'GET profile' => sub { $api_res = { error => 'broken' }; diff --git a/t/html.t b/t/html.t index bbb5d1f04f0..5d837ed3a84 100644 --- a/t/html.t +++ b/t/html.t @@ -9,8 +9,7 @@ use Path::Tiny qw( path ); # files that have inline