Registration captcha makes registration impossible (#1510)

Activities

Andrzej Wójcik (Tigase) opened 1 year ago

Registration captcha makes registration difficult for users not used to filling forms and required data. With our default authentication timeout of 120s, it is difficult to understand the form and fill it if CAPTCHA is enabled, as after 120s CAPTCH is invalidated (it is kept in XMPPResourceConnection instance that is destroyed after disconnection).

Additionally, some often used clients (ie. Gajim, Kaidan) are fetching form and disconnecting from the server and sending form on a subsequent connection to the server making impossible for those clients to register to our service. After a short research it looks like it is a common practice.

Solution both issues is to store CAPTCHA data in HMAC signed hidden field in form allowing it to be used even on subsequent connection to the servers for about 5 minutes since retrieval of the form.

Andrzej Wójcik (Tigase) changed state to 'In Progress' 1 year ago

Previous Value	Current Value
Open	In Progress

Referenced from commit 1 year ago

Improved implementation of CAPTCHA for in-band registration #1510

Andrzej Wójcik (Tigase) committed 1 year ago

a8345a40

Andrzej Wójcik (Tigase) changed state to 'In QA' 1 year ago

Previous Value	Current Value
In Progress	In QA

Andrzej Wójcik (Tigase) commented 1 year ago

I've implemented changes as discussed with @bmalkow.

Andrzej Wójcik (Tigase) changed fields 1 year ago

Name	Previous Value	Current Value
Assignee	andrzej.wojcik	andrzej.wojcik, bmalkow

wojciech.kapcia@tigase.net batch edited 6 months ago

Name	Previous Value	Current Value
Iterations	empty	tigase-server-8.4.0

wojciech.kapcia@tigase.net batch edited 6 months ago

Name	Previous Value	Current Value
Version	8.4.0	tigase-server-8.4.0

Andrzej Wójcik (Tigase) changed state to 'Closed' 6 months ago

Previous Value	Current Value
In QA	Closed

Referenced from commit 5 days ago

add team members, fix Task #1510 : Installer fixes

Wojciech Kapcia committed 1 decade ago

d672e4ea

Referenced from commit 5 days ago

Merge branch 'master' into jdk7

# By Eric Dziewa (8) and others
# Via Andrzej Wójcik (1) and Eric Dziewa (1)
* master:
  Fix #1518 Message carbon does not work with ACS
  change MySQL cluster table fields types to correctly handle data, fix #1501: JDBC exception in tigase cluster
  avoid generating ChangeLog under windows; include tigase-acs in distribution archives
  prepare for next development iteration
  prepare for next development iteration
  Update licence dependency to beta3.
  Fix a dependency.
  Update xmltools dependency.
  Update dependencies.
  Update dependencies to beta3 versions.
  Update dependencies to beta3 versions.
  include missing ACS depencency in distribution package; fix #1509: tigase-acs,jar is not installed to jars directory
  remove pack200 as it breaks package installation when conditions are used, fix #1511: HTTP API component breaks the installer
  include resources (scripts, config files, database schemas) from dependencies (HTTP API, MUC, socks5)
  add team members, fix Task #1510: Installer fixes
  fix checking for OSGi mode (#1508 - Cannot find TIGASE_HOME after installation)

Andrzej Wójcik committed 1 decade ago

bbbd8d6a

Type	Task
Priority	Normal
Assignee	Andrzej Wójcik (Tigase)
Version	tigase-server-8.4.0
Server Version	8.4.0
Target Release	1.1
Sprints	n/a
Customer	n/a

Iterations

tigase-server-8.4.0 Closed

Issue Votes (0)

Watchers (4)

Reference

tigase/_server/server-core#1510