Projects tigase _server server-core Issues #1510
Registration captcha makes registration impossible (#1510)
Andrzej Wójcik (Tigase) opened 1 year ago

Registration captcha makes registration difficult for users not used to filling forms and required data. With our default authentication timeout of 120s, it is difficult to understand the form and fill it if CAPTCHA is enabled, as after 120s CAPTCH is invalidated (it is kept in XMPPResourceConnection instance that is destroyed after disconnection).

Additionally, some often used clients (ie. Gajim, Kaidan) are fetching form and disconnecting from the server and sending form on a subsequent connection to the server making impossible for those clients to register to our service. After a short research it looks like it is a common practice.

Solution both issues is to store CAPTCHA data in HMAC signed hidden field in form allowing it to be used even on subsequent connection to the servers for about 5 minutes since retrieval of the form.

Andrzej Wójcik (Tigase) changed state to 'In Progress' 1 year ago
Previous Value Current Value
Open
In Progress
Referenced from commit 1 year ago
Andrzej Wójcik (Tigase) changed state to 'In QA' 1 year ago
Previous Value Current Value
In Progress
In QA
Andrzej Wójcik (Tigase) commented 1 year ago

I've implemented changes as discussed with @bmalkow.

Andrzej Wójcik (Tigase) changed fields 1 year ago
Name Previous Value Current Value
Assignee
andrzej.wojcik
andrzej.wojcik, bmalkow
wojciech.kapcia@tigase.net batch edited 7 months ago
Name Previous Value Current Value
Iterations
empty
tigase-server-8.4.0
wojciech.kapcia@tigase.net batch edited 7 months ago
Name Previous Value Current Value
Version
8.4.0
tigase-server-8.4.0
Andrzej Wójcik (Tigase) changed state to 'Closed' 7 months ago
Previous Value Current Value
In QA
Closed
Referenced from commit 1 month ago
Referenced from commit 1 month ago
Merge branch 'master' into jdk7
# By Eric Dziewa (8) and others
# Via Andrzej Wójcik (1) and Eric Dziewa (1)
* master:
  Fix #1518 Message carbon does not work with ACS
  change MySQL cluster table fields types to correctly handle data, fix #1501: JDBC exception in tigase cluster
  avoid generating ChangeLog under windows; include tigase-acs in distribution archives
  prepare for next development iteration
  prepare for next development iteration
  Update licence dependency to beta3.
  Fix a dependency.
  Update xmltools dependency.
  Update dependencies.
  Update dependencies to beta3 versions.
  Update dependencies to beta3 versions.
  include missing ACS depencency in distribution package; fix #1509: tigase-acs,jar is not installed to jars directory
  remove pack200 as it breaks package installation when conditions are used, fix #1511: HTTP API component breaks the installer
  include resources (scripts, config files, database schemas) from dependencies (HTTP API, MUC, socks5)
  add team members, fix Task #1510: Installer fixes
  fix checking for OSGi mode (#1508 - Cannot find TIGASE_HOME after installation)
Andrzej Wójcik committed 1 decade ago
issue 1 of 1
Type
Task
Priority
Normal
Assignee
Version
tigase-server-8.4.0
Server Version
8.4.0
Target Release
1.1
Sprints
n/a
Customer
n/a
Iterations
Issue Votes (0)
Watchers (4)
Reference
tigase/_server/server-core#1510
Please wait...
Page is in error, reload to recover