Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not require a captcha when using the API #931

Merged
merged 3 commits into from
Nov 24, 2021
Merged

Do not require a captcha when using the API #931

merged 3 commits into from
Nov 24, 2021

Conversation

almet
Copy link
Member

@almet almet commented Nov 22, 2021

This was trickier than expected, due to some side effects : when the
captcha is set to True via configuration, it doesn't change the
behavior directly of the ProjectForm class, but does so only when the
project form is used in the web.py module.

So, when just using the API (and not using the web.py module, for
instance during tests — manual or functional), no problem was shown,
and everything was working properly.

But at soon as somebody sees the "/" endpoint, the captcha was
required, by both the API and the web.py module.

This fixes it by adding a way to bypass the captcha with a new
bypass_captcha property on the form.

almet added 2 commits November 22, 2021 22:05
@almet
Do not require a captcha when using the API
8c005af 
This was trickier than expected, due to some side effects : when the
captcha is set to `True` via configuration, it doesn't change the
behavior directly of the ProjectForm class, but does so only when the
project form is used in the `web.py` module.

So, when just using the API (and not using the web.py module, for
instance during tests — manual or functional), no problem was shown,
and everything was working properly.

But at soon as somebody sees the "/" endpoint, the captcha was
required, by both the API and the `web.py` module.

This fixes it by adding a way to bypass the captcha with a new
`bypass_captcha` property on the form.
@almet
Black
a6bf81a
@zorun
Copy link
Collaborator

zorun commented Nov 22, 2021

Wow, this is a good heisenbug! Maybe we should get rid of that enable_captcha class method to avoid this kind of very subtle issues in the future? Isn't there another way to do this, maybe with form inheritance?

@almet
Copy link
Member Author

almet commented Nov 22, 2021

Hmm, that's correct. I believe we should merge this and change the way we handle this captcha thing in another pull request. I opened a new bug for this.

@almet almet mentioned this pull request Nov 22, 2021
Closed
@almet
Copy link
Member Author

almet commented Nov 23, 2021

Actually, I changed the way things were implemented for the Captcha. It's a lot more clear this way, thanks @zorun for the review 👍

@almet almet force-pushed the almet/fix-api-captcha branch from cf124fa to a043316 Compare November 23, 2021 18:22
@zorun
Copy link
Collaborator

zorun commented Nov 23, 2021

Great, thanks for the change, it looks good :) I think you just need to reformat

@almet almet force-pushed the almet/fix-api-captcha branch from a043316 to 856ced4 Compare November 23, 2021 20:33
@almet
Rework how captcha is handled in the form.
7072fb3 
Prior to this commit, things were done by activating or deactivating a
"captcha" property on the class on-the-fly, which caused side-effects.

This is now using subclasses, which makes the code simpler to
understand, and less prone to side-effects.

Thanks @zorun for the idea.
@almet almet force-pushed the almet/fix-api-captcha branch from 856ced4 to 7072fb3 Compare November 23, 2021 20:37
@almet almet merged commit 1698841 into master Nov 24, 2021
@almet almet deleted the almet/fix-api-captcha branch November 24, 2021 23:44
TomRoussel pushed a commit to TomRoussel/ihatemoney that referenced this pull request Mar 2, 2024
@almet
Do not require a captcha when using the API (spiral-project#931)
1eb9528 
* Do not require a captcha when using the API

This was trickier than expected, due to some side effects : when the
captcha is set to `True` via configuration, it doesn't change the
behavior directly of the ProjectForm class, but does so only when the
project form is used in the `web.py` module.

So, when just using the API (and not using the web.py module, for
instance during tests — manual or functional), no problem was shown,
and everything was working properly.

But at soon as somebody sees the "/" endpoint, the captcha was
required, by both the API and the `web.py` module.

This fixes it by adding a way to bypass the captcha with a new
`bypass_captcha` property on the form.

Prior to this commit, things were done by activating or deactivating a
"captcha" property on the class on-the-fly, which caused side-effects.

This is now using subclasses, which makes the code simpler to
understand, and less prone to side-effects.

Thanks @zorun for the idea.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@almet @zorun