Andrzej Wójcik (Tigase) opened 2 years ago
-
Previous Value Current Value Open
In Progress
-
Previous Value Current Value In Progress
In QA
-
Name Previous Value Current Value Assignee
andrzej.wojcik
andrzej.wojcik, bmalkow
-
Wojciech Kapcia (Tigase) batch edited 1 year ago
Name Previous Value Current Value Iterations
empty tigase-server-8.4.0
-
Name Previous Value Current Value Version
8.4.0
tigase-server-8.4.0
-
Previous Value Current Value In QA
Closed
| Type |
Task
|
| Priority |
Normal
|
| Assignee | |
| Version |
tigase-server-8.4.0
|
| Server Version |
8.4.0
|
| Target Release |
1.1
|
| Sprints |
n/a
|
| Customer |
n/a
|
Iterations
-
tigase-server-8.4.0 Closed
Issue Votes (0)
Watchers (4)
Registration captcha makes registration difficult for users not used to filling forms and required data. With our default authentication timeout of 120s, it is difficult to understand the form and fill it if CAPTCHA is enabled, as after 120s CAPTCH is invalidated (it is kept in
XMPPResourceConnectioninstance that is destroyed after disconnection).Additionally, some often used clients (ie. Gajim, Kaidan) are fetching form and disconnecting from the server and sending form on a subsequent connection to the server making impossible for those clients to register to our service. After a short research it looks like it is a common practice.
Solution both issues is to store CAPTCHA data in HMAC signed hidden field in form allowing it to be used even on subsequent connection to the servers for about 5 minutes since retrieval of the form.