Added turnstile to forms that previously used captcha. Removed captch…

…a from codebase. Updated tests to correctly handle Turnstile. Fixed issue with caching and tests that only appeared when running tests multiple times in the same environment more often than once per hour. Updated docs to include Turnstile info
LibraryOfCongress · Aug 27, 2024 · f00a7e0 · f00a7e0
1 parent 5e96310
commit f00a7e0
Show file tree

Hide file tree

Showing 15 changed files with 459 additions and 557 deletions.
diff --git a/Pipfile b/Pipfile
@@ -12,7 +12,6 @@ requests = "*"
 Django = ">=4.2.14, <5.0"
 bagit = "*"
 django-registration = "*"
-django-simple-captcha = "*"
 django-tinymce = "*"
 elasticsearch = "<7.14.0"
 django-elasticsearch-dsl = "==7.3"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/concordia/settings_local_test.py b/concordia/settings_local_test.py
@@ -1,3 +1,5 @@
+import os
+
 from .settings_template import *  # NOQA ignore=F405
 from .settings_template import DATABASES
 
@@ -21,3 +23,17 @@
         "CONFIG": {"hosts": [("localhost", 63791)]},
     }
 }
+
+# Turnstile settings
+TURNSTILE_JS_API_URL = os.environ.get(
+    "TURNSTILE_JS_API_URL", "https://challenges.cloudflare.com/turnstile/v0/api.js"
+)
+TURNSTILE_VERIFY_URL = os.environ.get(
+    "TURNSTILE_VERIFY_URL", "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+)
+TURNSTILE_SITEKEY = os.environ.get(
+    "TURNSTILE_SITEKEY", "1x00000000000000000000BB"
+)  # Always pass, invisible
+TURNSTILE_SECRET = os.environ.get(
+    "TURNSTILE_SECRET", "1x0000000000000000000000000000000AA"
+)  # Always pass
diff --git a/concordia/settings_template.py b/concordia/settings_template.py
@@ -114,7 +114,6 @@
     "concordia.apps.ConcordiaAppConfig",
     "exporter",
     "importer",
-    "captcha",
     "prometheus_metrics.apps.PrometheusMetricsConfig",
     "robots",
     "django_celery_beat",
@@ -327,13 +326,6 @@
 TURNSTILE_DEFAULT_CONFIG = os.environ.get("TURNSTILE_DEFAULT_CONFIG", {})
 TURNSTILE_PROXIES = os.environ.get("TURNSTILE_PROXIES", {})
 
-CAPTCHA_CHALLENGE_FUNCT = "captcha.helpers.random_char_challenge"
-#: Anonymous sessions require captcha validation every day by default:
-ANONYMOUS_CAPTCHA_VALIDATION_INTERVAL = 86400
-
-CAPTCHA_IMAGE_SIZE = [150, 100]
-CAPTCHA_FONT_SIZE = 40
-
 STORAGES = {
     "default": {
         "BACKEND": "django.core.files.storage.FileSystemStorage",

diff --git a/concordia/settings_test.py b/concordia/settings_test.py
@@ -1,3 +1,5 @@
+import os
+
 from .settings_template import *  # NOQA ignore=F405
 from .settings_template import DATABASES
 
@@ -21,3 +23,17 @@
         "CONFIG": {"hosts": [("localhost", 6379)]},
     }
 }
+
+# Turnstile settings
+TURNSTILE_JS_API_URL = os.environ.get(
+    "TURNSTILE_JS_API_URL", "https://challenges.cloudflare.com/turnstile/v0/api.js"
+)
+TURNSTILE_VERIFY_URL = os.environ.get(
+    "TURNSTILE_VERIFY_URL", "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+)
+TURNSTILE_SITEKEY = os.environ.get(
+    "TURNSTILE_SITEKEY", "1x00000000000000000000BB"
+)  # Always pass, invisible
+TURNSTILE_SECRET = os.environ.get(
+    "TURNSTILE_SECRET", "1x0000000000000000000000000000000AA"
+)  # Always pass
diff --git a/concordia/static/js/src/contribute.js b/concordia/static/js/src/contribute.js
@@ -60,40 +60,6 @@ $(document).on('keydown', function (event) {
 });
 
 function setupPage() {
-    var $captchaModal = $('#captcha-modal');
-    var $triggeringCaptchaForm = false;
-    var $captchaForm = $captchaModal
-        .find('form')
-        .on('submit', function (event) {
-            event.preventDefault();
-
-            var formData = $captchaForm.serializeArray();
-
-            $.ajax({
-                url: $captchaForm.attr('action'),
-                method: 'POST',
-                dataType: 'json',
-                data: $.param(formData),
-            })
-                .done(function () {
-                    $captchaModal.modal('hide');
-                    if ($triggeringCaptchaForm) {
-                        $triggeringCaptchaForm.submit();
-                    }
-                    $triggeringCaptchaForm = false;
-                })
-                .fail(function (jqXHR) {
-                    if (jqXHR.status == 401) {
-                        $captchaModal
-                            .find('[name=key]')
-                            .val(jqXHR.responseJSON.key);
-                        $captchaModal
-                            .find('#captcha-image')
-                            .attr('src', jqXHR.responseJSON.image);
-                    }
-                });
-        });
-
     $('form.ajax-submission').each(function (index, formElement) {
         /*
         Generic AJAX submission logic which takes a form and POSTs its data to the
@@ -147,27 +113,16 @@ function setupPage() {
                     }
                 })
                 .fail(function (jqXHR, textStatus, errorThrown) {
-                    if (jqXHR.status == 401) {
-                        $captchaModal
-                            .find('[name=key]')
-                            .val(jqXHR.responseJSON.key);
-                        $captchaModal
-                            .find('#captcha-image')
-                            .attr('src', jqXHR.responseJSON.image);
-                        $triggeringCaptchaForm = $form;
-                        $captchaModal.modal();
-                    } else {
-                        $form.trigger('form-submit-failure', {
-                            textStatus: textStatus,
-                            errorThrown: errorThrown,
-                            requestData: formData,
-                            $form: $form,
-                            jqXHR: jqXHR,
-                        });
-                        unlockControls($form);
-                        if (eventData.lockElement) {
-                            unlockControls($(eventData.lockElement));
-                        }
+                    $form.trigger('form-submit-failure', {
+                        textStatus: textStatus,
+                        errorThrown: errorThrown,
+                        requestData: formData,
+                        $form: $form,
+                        jqXHR: jqXHR,
+                    });
+                    unlockControls($form);
+                    if (eventData.lockElement) {
+                        unlockControls($(eventData.lockElement));
                     }
                 });
 
@@ -515,6 +470,11 @@ function setupPage() {
             url: url,
             method: 'POST',
             dataType: 'json',
+            data: {
+                'cf-turnstile-response': $transcriptionEditor
+                    .find('input[name="cf-turnstile-response"]')
+                    .val(),
+            },
         })
             .done(function (responseData) {
                 displayMessage(

diff --git a/concordia/templates/registration/login.html b/concordia/templates/registration/login.html
@@ -5,6 +5,7 @@
 {% block head_content %}
     <meta name="robots" content="noindex">
     {{ block.super }}
+    <script module src="{{ TURNSTILE_JS_API_URL }}"></script>
 {% endblock head_content %}
 
 {% block title %}Login{% endblock title %}
@@ -23,6 +24,7 @@ <h2 id="dialog-title" class="text-center">Welcome back!</h2>
                     {% endif %}
 
                     {% bootstrap_form form %}
+                    <div class="w-100 text-center mt-0 mb-3">{{ turnstile_form.turnstile }}</div>
                     <p>
                         By using this system, you agree to comply with
                         <a href="https://www.loc.gov/legal/" target="_blank">the Library's

diff --git a/concordia/templates/transcriptions/asset_detail.html b/concordia/templates/transcriptions/asset_detail.html
@@ -116,9 +116,6 @@
         <div id="review-accepted-modal" class="modal" tabindex="-1" role="dialog">
             {% include "transcriptions/asset_detail/review_accepted_modal.html" %}
         </div>
-        <div id="captcha-modal" class="modal" tabindex="-1" role="alertdialog" aria-labeledby="captcha-modal-title" aria-describedby="captcha-modal-description">
-            {% include "transcriptions/asset_detail/captcha_modal.html" %}
-        </div>
         <div id="ocr-transcription-modal" class="modal" tabindex="-1" role="dialog">
             {% include "transcriptions/asset_detail/ocr_transcription_modal.html" %}
         </div>

diff --git a/concordia/templates/transcriptions/asset_detail/captcha_modal.html b/concordia/templates/transcriptions/asset_detail/captcha_modal.html
diff --git a/concordia/templates/transcriptions/asset_detail/editor.html b/concordia/templates/transcriptions/asset_detail/editor.html
@@ -86,6 +86,8 @@ <h2 id="message-contributors" {% if transcription_status == 'not_started' %}hidd
                         </a>
                     </div>
 
+                    <div class="w-100 text-center mt-0 mb-3">{{ turnstile_form.turnstile }}</div>
+
                     <button id="save-transcription-button" disabled type="submit" class="btn btn-primary mx-1" title="Save the text you entered above">
                         Save
                     </button>
@@ -118,6 +120,5 @@ <h2 id="message-contributors" {% if transcription_status == 'not_started' %}hidd
                 {% endif %}
             </div>
         {% endspaceless %}
-        {{ turnstile_form.turnstile }}
     </form>
 </div>