Merge lp:~bac/launchpad/bug-341935-captcha into lp:launchpad

= Summary =

Bug 341935 addresses the need to do *something* to disrupt the ability for bots to
trick Launchpad into sending registration email to unsuspecting people. It was
agreed to do a simple, text-based math problem captcha as a first step to try to
defeat the bots. While it would be trivial for bots to defeat this captcha (see the
pagetest!) it is our belief that we are not a real target so no one would invest in a
custom solution for use against Launchpad.

== Proposed fix ==

Add a simple captcha into the form.

== Pre-implementation notes ==

Discussions with Barry and Curtis.

== Implementation details ==

The view for the login page is a mess. It's not a LaunchpadFormView so the additions
were done 'by hand'.

In order to make it a low bar the math question is simple addition with the answer
being in the range [10, 20].

Screenshot at http://people.canonical.com/~bac/captcha.png

== Tests ==

bin/test xx-createaccount.txt

== Demo and Q/A ==

https://launchpad.dev/+login

= Launchpad lint =

Checking for conflicts. and issues in doctests and templates.
Running jslint, xmllint, pyflakes, and pylint.
Using normal rules.

Linting changed files:
  lib/canonical/launchpad/templates/launchpad-login.pt
  lib/lp/registry/stories/foaf/xx-createaccount.txt
  lib/canonical/launchpad/webapp/login.py

Hi Brad,

This looks good. I just have one minor comment.

merge-approved

-Edwin

>=== modified file 'lib/lp/registry/stories/foaf/xx-createaccount.txt'
>--- lib/lp/registry/stories/foaf/xx-createaccount.txt 2009-09-11 18:45:31 +0000
>+++ lib/lp/registry/stories/foaf/xx-createaccount.txt 2009-10-07 21:39:02 +0000
>@@ -21,12 +21,34 @@
> The email address you provided isn't valid. Please verify it and try
> again.
>
>-Jane tries again, providing a valid email address and asking to create a new
>-account.
>+Next she enters a valid email address but enters a wrong answer for
>+the incredibly trivial match captcha. She gets an error message.

Did you intend "math captcha" instead of "match captcha"?

> >>> browser.getControl(name='loginpage_email', index=1).value = (
> ... '<email address hidden>')
>- >>> browser.getControl('Register').click()
>+ >>> browser.getControl(name='loginpage_captcha_submission').value = '-1'
>+ >>> browser.getControl('Register').click()
>+ >>> print_feedback_messages(browser.contents)
>+ The answer to the simple math question was incorrect or missing.
>+ Please try again.
>+
>+Jane tries again, providing a the correct captcha answer. Her valid
>+email address from before has been retained in the form.
>+
>+ >>> import re
>+ >>> def get_captcha_answer(contents):
>+ ... expr = re.compile("What is (\d+ .{1} \d+)?")
>+ ... match = expr.search(contents)
>+ ... if match:
>+ ... question = match.group(1)
>+ ... answer = eval(question)
>+ ... return str(answer)
>+ ... return ''
>+
>+ >>> browser.getControl(name='loginpage_captcha_submission').value = (
>+ ... get_captcha_answer(browser.contents))
>+ >>> browser.getControl('Register').click()
>+ >>> print_feedback_messages(browser.contents)
> >>> print extract_text(find_main_content(browser.contents))
> Registration mail sent
> Instructions on completing your registration have been sent to
>@@ -36,7 +58,7 @@
> Launchpad sends Jane an email message containing a token she must use to
> complete the registration process.
>
>- >>> import email, re
>+ >>> import email
> >>> from lp.services.mail import stub
> >>> from canonical.launchpad.ftests.logintoken import (
> ... get_token_url_from_email)
>@@ -91,6 +113,8 @@
> >>> browser.open('http://launchpad.dev/+login')
> >>> browser.getControl(name='loginpage_email', index=1).value = (
> ... '<email address hidden>')
>+ >>> browser.getControl(name='loginpage_captcha_submission').value = (
>+ ... get_captcha_answer(browser.contents))
> >>> browser.getControl('Register').click()
>
> >>> from_addr, to_addrs, raw_msg = stub.test_emails.pop()
>

Hi bac,

Thanks for getting this done! Looks very straight-forward.

I've noticed that many sites have at least a casual explanation for why they're asking people to answer a maths question. Something like: "We like to make sure that you're not a bot." as a description for the form field, but I'm assuming you've made the decision that there's no benefit?

08:11 < beuno> noodles775, good morning
08:11 < noodles775> hi beuno
08:11 < beuno> noodles775, looking at the captcha review
08:12 < beuno> it's a great point about telling people why we ask that
08:12 < beuno> I wonder if we could have a (?) icon, that is clickable, and mrevell's help popup comes up
08:12 < beuno> so we don't have so much text on the page
08:12 < noodles775> Yeah, that'd be a good way to keep it minimal :)
08:13 < beuno> the other thing that came to mind was, maybe the field shouldn't be that length
08:13 < beuno> to make it distincctivly different than password
08:13 < beuno> if you don't read labels, it's easy to be fooled
08:16 < noodles775> yeah, true - I hadn't thought of that - mistaking it for a password field simply because it's following the email field.
08:16 < noodles775> I had a quick look at a few other sites (gmail signup and ubuntu forums) and both define a label like "Random question" or "Word
                    verification", and are visually quite different...
08:17 < beuno> right, you may also be able to get away with a very short description
08:17 < beuno> I think the key here is that it look visually different enough
08:17 < beuno> this is where "don't read the merge proposal" comes in useful :)
08:18 < noodles775> So, laying it out like the gmail signup:
08:19 < noodles775> hmm... not sure what we'd use for a label, but having the actual simple math question in the right section (ie. aligned with the inputs)
                    and the input below it could do that.
08:20 < beuno> yeap, that would work
08:21 < noodles775> perhaps the label could simply be 'Random question'.
08:21 < beuno> yeah, or "spam test"
08:21 < beuno> something that gets the message across
08:21 < noodles775> I'll play with it and do a diff.
08:21 < beuno> it's a great point that the label is not a good place to put the question

> Hi bac,
>
> Thanks for getting this done! Looks very straight-forward.
>
> I've noticed that many sites have at least a casual explanation for why
> they're asking people to answer a maths question. Something like: "We like to
> make sure that you're not a bot." as a description for the form field, but I'm
> assuming you've made the decision that there's no benefit?

I was just chatting with Martin, and a few things came out of it:

1. It would be good to ensure that the captcha field is visually different (it's possible that some people won't read the label but will simply type their password in there...being so used to entering their email followed by a password to create accounts etc.)
2. It might be good to have some indication of why we're asking for a maths question (as above) - but it doesn't need to be prominent.

So along those lines, here's two thoughts - see what you think:

1. http://people.canonical.com/~michaeln/tmp/captcha_eg1.png
This deals with (1) by giving the field a normal label and moving the question into the right-hand column (similar to what gmail does with their 'Word verification' when you try to register an account). That said, I don't particularly like the smaller input all on its own... so,

2. http://people.canonical.com/~michaeln/tmp/captcha_eg2.png
shows another idea - modifying the question to simply 8 + 8 = and having the input inline there. This looks much simpler to me and is very hard to mistake as a password field ;). I'll see what you guys think.

Note, in the second screenshot, you'll see that I also added the explanation of the random question to the steps above the fields - this seems like a good place to put it (as it is a required step) and it keeps the form clean. Another thought Martin had was to have a small '?' help link next to the question that would pop-up an explanation.

Anyway, let me know what you think.

Thanks for the review and suggestions Michael and Martin.

Michael I like your second screenshot and have implemented it. A new screenshot is at http://people.canonical.com/~bac/captcha-2.png and a diff of the changes at http://pastebin.ubuntu.com/288678/