From 4a3d72d531ab7de0ee8f7ba51e304555461f4956 Mon Sep 17 00:00:00 2001 From: Graham Knop Date: Sat, 21 Dec 2024 04:17:53 +0100 Subject: [PATCH] remove captcha The login providers we use already do their own validation of human users. --- cpanfile | 1 - cpanfile.snapshot | 9 ---- es/account/mapping.json | 7 --- lib/MetaCPAN/Model/User/Account.pm | 41 +------------- lib/MetaCPAN/Server/Controller/Login.pm | 3 +- .../Server/Controller/User/Favorite.pm | 12 ----- lib/MetaCPAN/Server/Controller/User/Turing.pm | 45 ---------------- metacpan_server.yaml | 4 -- metacpan_server_testing.yaml | 5 -- t/server/controller/user/favorite.t | 16 ------ t/server/controller/user/turing.t | 54 ------------------- t/testrules.yml | 6 --- 12 files changed, 2 insertions(+), 201 deletions(-) delete mode 100644 lib/MetaCPAN/Server/Controller/User/Turing.pm delete mode 100644 t/server/controller/user/turing.t diff --git a/cpanfile b/cpanfile index b43e9e9dd..523813a94 100644 --- a/cpanfile +++ b/cpanfile @@ -6,7 +6,6 @@ requires 'perl', '5.010'; requires 'Archive::Any', '0.0946'; requires 'Archive::Tar', '2.40'; requires 'Authen::SASL', '2.16'; # for Email::Sender::Transport::SMTP -requires 'Captcha::reCAPTCHA', '0.99'; requires 'Catalyst', '5.90128'; requires 'Catalyst::Action::RenderView', '0.16'; requires 'Catalyst::Controller::REST', '1.21'; diff --git a/cpanfile.snapshot b/cpanfile.snapshot index d489be81b..b9cf844c2 100644 --- a/cpanfile.snapshot +++ b/cpanfile.snapshot @@ -428,15 +428,6 @@ DISTRIBUTIONS Canary::Stability 2013 requirements: ExtUtils::MakeMaker 0 - Captcha-reCaptcha-0.99 - pathname: S/SU/SUNNYP/Captcha-reCaptcha-0.99.tar.gz - provides: - Captcha::reCAPTCHA 0.99 - requirements: - ExtUtils::MakeMaker 0 - HTML::Tiny 0.904 - LWP::UserAgent 0 - Test::More 0 Capture-Tiny-0.48 pathname: D/DA/DAGOLDEN/Capture-Tiny-0.48.tar.gz provides: diff --git a/es/account/mapping.json b/es/account/mapping.json index 5ddf17753..0b4e92567 100644 --- a/es/account/mapping.json +++ b/es/account/mapping.json @@ -40,13 +40,6 @@ "type": "string" } } - }, - "looks_human": { - "type": "boolean" - }, - "passed_captcha": { - "format": "strict_date_optional_time||epoch_millis", - "type": "date" } } } diff --git a/lib/MetaCPAN/Model/User/Account.pm b/lib/MetaCPAN/Model/User/Account.pm index 2f8f72ecd..c82fb433a 100644 --- a/lib/MetaCPAN/Model/User/Account.pm +++ b/lib/MetaCPAN/Model/User/Account.pm @@ -70,57 +70,18 @@ has access_token => ( handles => { add_access_token => 'push' }, ); -=head2 passed_captcha - -L when the user passed the captcha. - -=cut - -has passed_captcha => ( - is => 'ro', - isa => 'DateTime', - writer => '_set_passed_captcha', -); - -=head2 looks_human - -Certain features are disabled unless a user C. This attribute -is true if the user is connected to a PAUSE account or he L. - -=cut - -has looks_human => ( - required => 1, - is => 'ro', - isa => ESBool, - lazy => 1, - builder => '_build_looks_human', - clearer => 'clear_looks_human', -); - -sub _build_looks_human { - my $self = shift; - return ( - ( $self->has_identity('pause') || $self->passed_captcha ) - ? true - : false - ); -} - =head1 METHODS =head2 add_identity Adds an identity to L. If the identity is a PAUSE account, -the user ID is added to the corresponding L document -and L is updated. +the user ID is added to the corresponding L document. =cut after add_identity => sub { my ( $self, $identity ) = @_; if ( $identity->{name} eq 'pause' ) { - $self->clear_looks_human; my $profile = $self->index->model->doc('author')->get( $identity->{key} ); diff --git a/lib/MetaCPAN/Server/Controller/Login.pm b/lib/MetaCPAN/Server/Controller/Login.pm index 2cf718167..e224892b4 100644 --- a/lib/MetaCPAN/Server/Controller/Login.pm +++ b/lib/MetaCPAN/Server/Controller/Login.pm @@ -44,8 +44,7 @@ sub update_user { if ( $c->session->{__user} ); $user ||= $model->new_document; $user->add_identity( { name => $type, key => $id, extra => $data } ); - $user->clear_looks_human; # rebuild - $user->put( { refresh => true } ); + $user->put( { refresh => true } ); } $c->authenticate( { user => $user } ); diff --git a/lib/MetaCPAN/Server/Controller/User/Favorite.pm b/lib/MetaCPAN/Server/Controller/User/Favorite.pm index e8d4297c6..bf0aacdb0 100644 --- a/lib/MetaCPAN/Server/Controller/User/Favorite.pm +++ b/lib/MetaCPAN/Server/Controller/User/Favorite.pm @@ -8,18 +8,6 @@ use MetaCPAN::Util qw( true false ); BEGIN { extends 'Catalyst::Controller::REST' } -sub auto : Private { - my ( $self, $c ) = @_; - unless ( $c->user->looks_human ) { - $self->status_forbidden( $c, - message => 'please complete the turing test' ); - return 0; - } - else { - return 1; - } -} - sub index : Path : ActionClass('REST') { } diff --git a/lib/MetaCPAN/Server/Controller/User/Turing.pm b/lib/MetaCPAN/Server/Controller/User/Turing.pm deleted file mode 100644 index 790a69544..000000000 --- a/lib/MetaCPAN/Server/Controller/User/Turing.pm +++ /dev/null @@ -1,45 +0,0 @@ -package MetaCPAN::Server::Controller::User::Turing; - -use strict; -use warnings; - -use DateTime (); -use Moose; -use MetaCPAN::Util qw( true false ); - -BEGIN { extends 'Catalyst::Controller::REST' } - -has private_key => ( - is => 'ro', - required => 1, -); - -has captcha_class => ( - is => 'ro', - default => 'Captcha::reCAPTCHA', -); - -sub index : Path : ActionClass('REST') { -} - -sub index_POST { - my ( $self, $c ) = @_; - my $user = $c->user->obj; - my $captcha = $self->captcha_class->new; - my $result - = $captcha->check_answer_v2( $self->private_key, - $c->req->data->{answer}, - $c->req->address, ); - - if ( $result->{is_valid} ) { - $user->_set_passed_captcha( DateTime->now ); - $user->clear_looks_human; # rebuild - $user->put( { refresh => true } ); - $self->status_ok( $c, entity => $user->meta->get_data($user) ); - } - else { - $self->status_bad_request( $c, message => $result->{error} ); - } -} - -1; diff --git a/metacpan_server.yaml b/metacpan_server.yaml index 63fd7bed8..0d34cb7c1 100644 --- a/metacpan_server.yaml +++ b/metacpan_server.yaml @@ -15,10 +15,6 @@ logger: filename: ../var/log/metacpan.log syswrite: 1 -controller: - User::Turing: - private_key: 59125ffc09413eed3f2a2c07a37c7a44b95633e2 - smtp: host: smtp.fastmail.com port: 465 diff --git a/metacpan_server_testing.yaml b/metacpan_server_testing.yaml index 1d653cac2..8be9f6d77 100644 --- a/metacpan_server_testing.yaml +++ b/metacpan_server_testing.yaml @@ -12,11 +12,6 @@ logger: class: Log::Log4perl::Appender::Screen name: testing -controller: - User::Turing: - captcha_class: Captcha::Mock - private_key: testing - github_key: foo github_secret: bar diff --git a/t/server/controller/user/favorite.t b/t/server/controller/user/favorite.t index 3e4f06727..6aebeccad 100644 --- a/t/server/controller/user/favorite.t +++ b/t/server/controller/user/favorite.t @@ -59,22 +59,6 @@ test_psgi app, sub { ok( $user = $cb->( GET '/user?access_token=bot' ), 'get bot' ); is( $user->code, 200, 'code 200' ); - - $user = decode_json_ok($user); - ok( !$user->{looks_human}, 'user looks like a bot' ); - ok( - $res = $cb->( - POST '/user/favorite?access_token=bot', - Content => encode_json( { - distribution => 'Moose', - release => 'Moose-1.10', - author => 'DOY' - } ) - ), - 'POST favorite' - ); - decode_json_ok($res); - is( $res->code, 403, 'forbidden' ); }; done_testing; diff --git a/t/server/controller/user/turing.t b/t/server/controller/user/turing.t deleted file mode 100644 index d62602900..000000000 --- a/t/server/controller/user/turing.t +++ /dev/null @@ -1,54 +0,0 @@ -use strict; -use warnings; -use lib 't/lib'; - -{ - package ## no critic (Package) - Captcha::Mock; - - sub check_answer_v2 { - return { is_valid => $_[2], error => 'error' }; - } - - sub new { - bless {}, shift; - } -} - -use MetaCPAN::Server::Test qw( app POST test_psgi ); -use MetaCPAN::TestHelpers qw( decode_json_ok encode_json ); -use Test::More; - -test_psgi app, sub { - my $cb = shift; - ok( - my $res = $cb->( - POST '/user/turing?access_token=bot', - Content => encode_json( { - challenge => 'foo', - answer => 0 - } ) - ), - 'post challenge' - ); - is( $res->code, 400, 'bad request' ); - - ok( - $res = $cb->( - POST '/user/turing?access_token=bot', - Content => encode_json( { - challenge => 'foo', - answer => 1, - } ) - ), - 'post challenge' - ); - - is( $res->code, 200, 'successful request' ); - - my $user = decode_json_ok($res); - ok( $user->{looks_human}, 'looks human' ); - ok( $user->{passed_captcha}, 'passed captcha' ); -}; - -done_testing; diff --git a/t/testrules.yml b/t/testrules.yml index 77d108c0c..f5e59287f 100644 --- a/t/testrules.yml +++ b/t/testrules.yml @@ -3,13 +3,7 @@ seq: - seq: t/0*.t # ensure t/script/cover.t runs before t/server/controller/cover.t - - seq: t/script/cover.t - # If t/server/controller/user/favorite.t this runs too late then the - # looks_human test will fail. We should probably reset the user data, but - # this is a quicker fix for now. - - - seq: t/server/controller/user/favorite.t - par: - t/**.t