add recaptcha verification to the login

[romanchyla]

bbb contacts api/accounts/user

https://github.com/adsabs/adsws/blob/master/adsws/accounts/views.py#L377

it sends user and password + csrf token; for an unknown reason, we never put in the recaptcha - which is present in the registration; we should add it, that requires changes in the class referenced above + change in bbb

https://github.com/adsabs/adsws/blob/master/adsws/accounts/views.py#L499

and corresponding change in bbb, probably here:

https://github.com/adsabs/bumblebee/blob/master/src/js/widgets/authentication/widget.js

[marblestation]

Are we sure about this? It is not common to have captchas to login and it is very annoying when for some non-obvious reason (e.g., you are behind a proxy and there are too many requests) suddenly you have to find cars on an image (or similar tests), wouldn't the current rate limit be enough?

[romanchyla]

i find the "i'm not a robot" captcha (so called 'no captcha recaptcha) to be very simple, it only requires a click - i don't know how google decides to present a challenge, but i think it is not as simple as just too many reqs; and when i tried to script the login i was consistently being failed on a captcha - as a user, i get to see it very rarely but i searched what internet thinks and i might be indeed over-zealous: https://security.stackexchange.com/questions/93912/is-it-helpful-to-have-a-captcha-on-a-login-screen

…

On Fri, Mar 16, 2018 at 7:45 PM, Sergi Blanco-Cuaresma < ***@***.***> wrote: Are we sure about this? It is not common to have captchas to login and it is very annoying when for some non-obvious reason (e.g., you are behind a proxy and there are too many requests) suddenly you have to find cars on an image (or similar tests), wouldn't the current rate limit be enough? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#142 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAZIklJLdJ7l2jv5dlDxaya8c9hcv_hoks5tfE6wgaJpZM4Ssk9S> .