feat: add captcha protection to user-facing forms

[Ananya44444]

This PR adds CAPTCHA protection to 9 public-facing forms that were previously vulnerable to spam and automated bot submissions.

Forms Already having captcha

• UserRegistrationForm
• TeacherSignupForm
• TeachForm
• MessageTeacherForm
• FeedbackForm

Changes Made

Forms with CAPTCHA Added:

1. MemeForm - Prevents spam meme uploads
2. ReviewForm - Protects course review submissions
3. SuccessStoryForm - Prevents spam success stories
4. LearnForm - Protects waiting room/learning request creation
5. ForumTopicForm - Prevents spam forum topics
6. BlogPostForm - Protects blog post creation
7. StudyGroupForm - Prevents spam study group creation
8. VideoRequestForm - Protects video request submissions
9. SurveyForm - Prevents spam survey creation

Summary by CodeRabbit

• New Features

  • CAPTCHA verification now required for all user-submitted content forms (reviews, success stories, forum topics, blog posts, memes, study groups, video requests, surveys), with inline error display.

• UI

  • Improved image preview sizing on meme upload to provide consistent preview dimensions.

[coderabbitai]

Warning

Rate limit exceeded

@Ananya44444 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 23 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between cdcb7c5 and ce9242b.

📒 Files selected for processing (3)

• web/templates/add_meme.html
• web/templates/web/forum/create_topic.html
• web/templates/web/forum/edit_topic.html

Walkthrough

Added CAPTCHA fields to multiple form classes and updated several templates to render the new captcha inputs (plus an image preview size attribute in the meme form template). Changes are limited to form definitions and form templates for submission pages.

Changes

Cohort / File(s)	Summary
Form changes web/forms.py	Added captcha = CaptchaField(widget=TailwindCaptchaTextInput) to ReviewForm, SuccessStoryForm, LearnForm, ForumTopicForm, BlogPostForm, MemeForm, StudyGroupForm, VideoRequestForm, and SurveyForm.
Template updates web/templates/add_meme.html, web/templates/success_stories/create.html, web/templates/videos/submit_request.html, web/templates/web/forum/create_topic.html, web/templates/web/forum/edit_topic.html	Inserted rendering blocks for form.captcha and per-field error display into the listed templates. Also added explicit image preview width/height attributes in add_meme.html.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add captcha protection to user-facing forms' directly and accurately summarizes the main change in the pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@web/forms.py`:
- Around line 581-582: Several forms (ReviewForm, ForumTopicForm, BlogPostForm,
MemeForm, StudyGroupForm, SurveyForm) currently always include the captcha field
("captcha" / CaptchaField) causing friction for logged-in users; update each
form's __init__ to accept and pop a "user" kwarg, call super().__init__(*args,
**kwargs), then if user and user.is_authenticated remove the captcha field (del
self.fields["captcha"]) just like TeachForm and MessageTeacherForm do, leaving
captcha enabled only when no authenticated user is provided.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c94caf8 and f4bae4a.

📒 Files selected for processing (1)

• web/forms.py

[Copilot]

Pull request overview

This PR adds CAPTCHA protection to several user-facing Django forms to reduce spam and automated submissions across the platform.

Changes:

• Added CaptchaField(widget=TailwindCaptchaTextInput) to 9 forms in web/forms.py.
• Extended CAPTCHA coverage to content creation and request flows (reviews, waiting rooms, forum topics, blog posts, memes, study groups, video requests, surveys, success stories).

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@web/templates/add_meme.html`:
- Around line 77-81: Update the CAPTCHA label and error markup to use the
project's Tailwind form label and danger styles: replace the label's class
(currently "block mb-2 font-medium") with "block text-sm font-medium
text-gray-700 dark:text-gray-300" for form.captcha.id_for_label, and change the
error paragraph's classes (currently "text-red-500 text-sm mt-1") to the
project's danger classes that include dark-mode variants (e.g., use the
project's danger color plus a dark: prefixed alternative) for the element
rendering form.captcha.errors.0 so both the label and error follow form-label
and dark-mode conventions.

In `@web/templates/web/forum/create_topic.html`:
- Around line 89-90: The CAPTCHA label in the template uses classes "block
text-sm font-medium mb-2" but is missing the repository standard form label
color classes; update the label for="{{ form.captcha.id_for_label }}" (the
CAPTCHA label element) to include "text-gray-700 dark:text-gray-300" so it
matches the standard "block text-sm font-medium text-gray-700
dark:text-gray-300" form-label convention.

In `@web/templates/web/forum/edit_topic.html`:
- Around line 69-71: The CAPTCHA label element (label for="{{
form.captcha.id_for_label }}") is missing the standard Tailwind text color
classes; update its class attribute to use the project's form-label classes by
adding "text-gray-700 dark:text-gray-300" so the full class becomes "block
text-sm font-medium text-gray-700 dark:text-gray-300" to match other form
labels.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4bae4a and cdcb7c5.

📒 Files selected for processing (5)

• web/templates/add_meme.html
• web/templates/success_stories/create.html
• web/templates/videos/submit_request.html
• web/templates/web/forum/create_topic.html
• web/templates/web/forum/edit_topic.html