Orchard.Captcha Module Uploaded

Topics: Announcements, Customizing Orchard, General, Writing modules
Mar 23, 2011 at 2:59 AM
Edited Mar 25, 2011 at 2:02 AM

Hello everyone:
I have uploaded the first version of my Orchard.Captcha module. You should now find it listed under the Developer area of Modules, or you can find it here:
http://orchardproject.net/gallery/List/Modules/Orchard.Module.Orchard.Captcha
I have also hosted the source code here http://orchardcaptcha.codeplex.com/

I've listed it as Orchard.Captcha as I don't currently have a legal entity to list it under, nor am I concerned about how it is used.
If I need to update it with any legal jargon, change the copyright info, or remove the name "Orchard" from the module title, please let me know and I'll get it all updated ASAP.
Definitely BETA, but seems to work well for me.

To configure it:
1) Install and enable the module
2) In Site Settings you will find a new Captcha area. Enter your public/private keys and theme choice.
    Valid themes are: red, white, blackglass, clean and custom
    Custom theme generates some basic HTML on your page that you cam apply your own css styles to.
3) Save your settings

To use it:
1) Reference the Orchard.Captcha module from any module where Captcha is needed.
2) Add ICaptchaService as a dependency on your controller constructor.
3) To generate the Captcha on your page you can get the Captcha markup by calling _captchaService.GenerateCaptcha();
    I currently assign this to ViewData["Captcha"] but you are free to apply it to your view via any MVC compliant way you need.
4) To validate the Captcha, on any HttpPost action that you need Captcha verification on you need to do this:
    if (_captchaService.IsCaptchaValid(form, Request.UserHostAddress)){ YOUR CODE HERE }

I will include this and other documentation in the module, on my next release, which should come a few days after any user feedback is submitted.

Hope you all find good use for it. Please submit any feature requests or feedback.
Thanks,
Will

EDIT 3-24-2011 -- Added some addional instructions to the "To use it:" section. I inadvertently left out the directions on generating the captcha markup for your view...

Coordinator
Mar 23, 2011 at 5:07 AM

Congratulations! Very excited to see this!

Mar 24, 2011 at 9:15 AM

websitewill, forgive me for the unsolicited solicitation, but if you have a free chance can you assist me on a matter? I am looking for feedback on OpenCaptcha at http://www.opencaptcha.org. Currently I've had 0 feedback. I'd like to know your thoughts, and particularly your concerns (other than your own time constraints) about the notion of your Orchard.Captcha conforming to my OpenCAPTCHA proposed specification.

Otherwise I may or may not create another captcha module one of these days (or months) with its own opencaptcha.org implementation.

Mar 24, 2011 at 7:43 PM

Hey Stimpy:

One of the things I would like to do in the future is expand the module to support more than just ReCaptcha. However, my current work load it tight right now.
I needed a module that allowed me to inject Captcha on a page with some limited control over styling and this serves the purpose well for me.
It has a few other bells and whistles that were implemented to serve my current needs.

As far as changing the module to adhere to your spec, I would be interested if you get support from others in the community for your design.
Maybe make it an optional thing so that people using the module can opt to use ReCaptcha, OpenCaptcha or whatever other service they want?

How are you handling the information like public/private key that ReCaptcha assigns to you? AFAIK, those are domain specific so you can't simply sign up for a single key pair and use them on any website.
Are you proposing that OpenCaptcha manage these keys for you? Or does OpenCaptcha not use ReCaptcha at all?

Will

 

Mar 24, 2011 at 8:08 PM

The draft spec proposed at OpenCaptcha.org is a tiered service model where there are up to three services (or servers) involved: one to come up with a human challenge/answer response pair, one to validate a human answer against a challenge (and to forget the challenge/answer response pair immediately after validation is attempted), and of course the web server to present the challenge to the human.

websitewill wrote:

As far as changing the module to adhere to your spec, I would be interested if you get support from others in the community for your design.
Maybe make it an optional thing so that people using the module can opt to use ReCaptcha, OpenCaptcha or whatever other service they want?

That in itself is the whole point of OpenCaptcha.org, to facilitiate some kind of "standard mechanism" that defines how multiple CAPTCHA services can be invokable.

OpenCaptcha.org does not use or identify ReCaptcha at all. The draft spec is rather short and not particularly "deep", so I could answer your specifics better but I'd just end up quoting a chunk from the draft spec. The spec is also not currently a service; it's a proposed paradigm and JSON/XML structure that, if the community adopts it, allows the implementors to come up with their own management of challenge/response pairs, such as whether to have a secure public/private key pair in the first place. The goal is to allow there to be multiple CAPTCHA services out there, like ReCaptcha, and the theory is that by increasing the footprint of CAPTCHA services the security footprint is also diluted and the hacking spammers can't keep up, while at the same time web site implementors can have some unique CAPTCHA options that they can control at any level.

The OpenCaptcha.org web site and its contents are old, but the idea never really died, and part of that is because I never really began to start asking the community to identify technical or other challenges and issues with it. I thought I'd bring it up with you before I go and try to create a competing Orchard module or something.

Mar 25, 2011 at 1:57 AM

No worries on competition from my end. As I said before, I created Orchard.Captcha to simply serve a need I had and since it was functionality that didn't currently exist for Orchard, and wasn't directly tied to my business domain, I decided to make it freely available. I am open to extending mine to work with your spec. I see no reason to have multiple captcha modules out there, especially if we can write one that is fully functional and lightweight.

Questions:
Do you have a list of spec compliant providers yet?
    I am looking on www.opencaptcha.net and there are currently none listed. I would need at least one to program against before I can begin.
    Is the assumption here that ReCaptcha would be a compliant provider?
    Or would someone have to stand up a server between my module and ReCaptcha as a sort of facade until ReCaptcha bends to the pressure of being compliant?
How is the actual captcha markup generated?
    Right now, the markup comes directly from ReCaptcha unless I specify a "custom" theme, in which case I create the markup myself.
    I assume that the challenge server would generate the markup (including things like the swf if one is used) to embed on your page and the markup must adhere to your captcha spec?
    I wonder if you can get the big names like ReCaptcha to adhere to your spec? Or would your spec mold to what ReCaptcha currently does and try to persuade others to adopt the pattern?
Have you had a chance to look through the minimal code in my orchard module? I'm curious on your thoughts as to what I would need to change to become compliant with your spec?

I have zero qualms with implementing to your spec as long as the module continues to provide the functionality that it does today.
If the end result is that the module makes it easier to swap out Captchas from other providers, with no extra overhead, then I think it would be something the Orchard community would appreciate.

I'd also like to see some other opinions, from people here, before going down this path.

Thanks,
Will

Mar 25, 2011 at 7:45 AM
Edited Mar 25, 2011 at 7:53 AM

Hi Will,

Just to be painfully honest, opencaptcha.org isn't a Big Organization (TM), nor am I an important figure, so it's cool if this stuff disinterests you. I like ReCAPTCHA, but I didn't like ReCaptcha getting "all the glory" of CAPTCHA services, as I figured if ReCaptcha can do CAPTCHA services, anybody can, and what if someone could integrate CAPTCHA with, say, some smart, effectual, and somehow non-annoying advertising? Make a decent business model out of introducing some innovative CAPTCHA strategies by getting web users to have fun filling out forms again? I've seen and/or heard of some really cool CAPTCHA ideas, too, like drag-and-drop the thingmajig to the correct hole, etc...

That said, ..
 

websitewill wrote:

Questions:
Do you have a list of spec compliant providers yet?
I am looking on www.opencaptcha.net and there are currently none listed. I would need at least one to program against before I can begin.




OpenCAPTCHA.net was going to be the list of spec compliant providers. The list being empty is truthful, unfortunately. :( This was a chicken-or-egg scenario, as there was no implementation of spec compliant consumers, either.

However, OpenCAPTCHA.org has a sample service pair that implement the spec. One can implement a spec consumer against this sample service. The sample service is listed on the main page there, but the URLs are:
http://opencaptcha.org/sample/0.1/challenge-answer/challengeanswer/
http://opencaptcha.org/sample/0.1/challenge/challenge/

Only one Q/A format is implemented. The web implementation of the sample is at:

http://opencaptcha.org/sample/0.1/website/

Yeah, I was going to look at building a proxy for ReCaptcha until they implemented it themselves. Still might. Until then, though, ReCaptcha doesn't play into OpenCaptcha.org/.net in any way whatsoever.

The Captcha question comes from the Captcha service, the format is defined by the allowed format(s) in the request and thus in the response. If it's "image", which would be the format one would normally use if implementing a warped-text CAPTCHA, then you just render the image as an <img> tag however you please. If it's "html" or "text", the question markup is just rendered inline. If the format is "htmlInput" / "html_input", the answer input is formatted, too, you just render everything inline. Otherwise, the container of the question and answer, and the answer itself, must be implemented by the client-side spec implementation--so, in other words, you generate that markup. The Captcha answer must be passed back. The markup for doing that would depend both on which type of service is used (Challenge or Challenge-Answer) and on the web platform (Javascript? ASP.NET? PHP? RoR? Python? Java? etc). In Orchard's case, the module and the template would have to manage all this. 

 I assume that the challenge server would generate the markup (including things like the swf if one is used) to embed on your page and the markup must adhere to your captcha spec?

No, the Captcha service provider must respect the web site's design and constraints. In the case of, say, swf, you would implement all the wrapper markup (I'd recommend swf-object). You'd only get a SWF URL from the service and perhaps some display options like width/height, otherwise you can specify those details yourself. 

I wonder if you can get the big names like ReCaptcha to adhere to your spec? Or would your spec mold to what ReCaptcha currently does and try to persuade others to adopt the pattern?

I haven't approached them yet.  I'm doubtful they'd even read my e-mail if I tried to contact them. :)  One must remember that the scope of their usage is worldwide and very heavy. Also, since they are so successful at an almost monopolistic level they might not want to participate with being "competition".  

Have you had a chance to look through the minimal code in my orchard module? I'm curious on your thoughts as to what I would need to change to become compliant with your spec?

That is a very fair notion and request. I owe it to you at this point to do that. I have not yet done that yet, though, no, and I do apologize that we got this far in this conversation without my doing my part in this dialogue. 

I'd also like to see some other opinions, from people here, before going down this path.

Fair enough, and likewise. :)

Jon

Mar 25, 2011 at 1:08 PM

Just so you know. I'm not disinterested in the idea. :) I would just like to see it more fleshed out.
I think your idea of integrating advertising with captcha is an interesting one, though I wonder how well it would be recieved by advertisers?
I vision captcha as something that is used very minimally on a site and if that site had already decided to host advertisements then it is likely the ads would be nicely (hopefully) integrated in the main flow.
I wonder how much interest you would get from advertisers who knows their ad will only be seen on the signup screen and possibly on screens that accept "potential spam" input?

I know this is but one small part of why you are working out this spec but it's an important one. :)

Will

 

Jun 28, 2011 at 6:31 PM

I have Ochard v.1.2.41 and after install the Settings -> General menu throws an exception(all other settings were fine just prior to installation). Is Captcha supported on this version?

Jul 4, 2011 at 2:49 PM
Hi plemon.

No, this module is currently not supported. I plan to update it but won't have time for a couple of weeks.

The code for it is hosted on codeproject. Feel free to give it a shot.

Thanks,
Will

Sent from my iPhone

On Jun 28, 2011, at 2:31 PM, "plemon" <notifications@codeplex.com> wrote:

From: plemon

I have Ochard v.1.2.41 and after install the Settings -> General menu throws an exception(all other settings were fine just prior to installation). Is Captcha supported on this version?

Mar 6, 2012 at 4:13 PM
Edited Mar 6, 2012 at 4:15 PM

Since this module no longer works and is no longer supported, I whipped up a work-around for using ReCaptcha and this thread:

http://www.outlooksharp.de/blog/how-to-integrate-recaptcha-in-orchard

I didn't want to edit the core so I created a new module to house our overrides, to which I added an override for the Comments driver and controller (using OrchardSuppressDependency), and then I dropped an alternate view in my theme.  After that, I basically followed the instructions in the above post.

I think when I get some free time I'm going to copy the comments module code into its own module and include recaptcha as an option in that.  For now, I hope someone can benefit from this as I've posted it...