Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verification mechanism on registrations #4698

Closed
cristianourban opened this issue Nov 11, 2020 · 3 comments · Fixed by #5400
Closed

Verification mechanism on registrations #4698

cristianourban opened this issue Nov 11, 2020 · 3 comments · Fixed by #5400
Projects
Milestone

Comments

@cristianourban
Copy link

Hi,
I would like to ask you if there is the possibility to introduce a verification mechanism (like captcha codes, for example) for both account registrations and event registrations in Indico.

This feature would be really appreciated for research institutions that lean on an internal mail server in order to avoid several issues related to submissions coming from fake email accounts.

Thank you in advance for your time.

Best regards,

@ThiefMaster ThiefMaster added this to To do in Release 3.2 via automation Sep 30, 2021
@ThiefMaster ThiefMaster added this to the v3.2 milestone Sep 30, 2021
@elvirus-dlr
Copy link

We would also love to use this software but in order to secure event registrations from fake accounts and bots we would love to have this captcha feature as well. Is it possible to implement it into the registration process? Maybe as a form element? The I would be able to drag a new "captcha" form element into the registration form if I want to have it.

The second security related feature request would be a double opt in. If I am not mistaken, then everybody could impersonate any other person with registration in public events because there is no e-mail opt-in. Say, f. i. I could register as some other guy I know the name and mail address of. I am immediately registered. But for security reasons, I should confirm the registration by clicking on a confirm link sent via e-mail.

Is here anyone reading this to help me out with some info? Can those features be implemented into the application or am I even able to it myself by developing a plugin?

I would love to hear some response!

Best regards,
elvirus

@ThiefMaster
Copy link
Member

(Only commenting on the event registration part since account creation should be a separate issue anyway as these two things are not related at all)

In 3.2 one could indeed write a plugin to add a captcha field! Not sure if this should be a plugin though, I think we should include this in the core...

Just wondering, how much would settings like this already help?

  • "Only allow your own emails" - this would turn the email field in a dropdown where you can only select emails from your Indico account (which are already known to be verified)
  • Require email verification - this would require any new email address (ie one that's not on your own Indico account) to be verified before you can submit your registration (so basically what you call "double opt in")

IMHO this would actually be more user-friendly than a CAPTCHA:

  • Everyone hates CAPTCHAs
  • Bots are getting quite good at breaking most CAPTCHAs
  • The halfway decent CAPTCHAs require you to use third party companies (reCaptcha etc.) that collect data
  • Having a verified email is useful in general

@elvirus-dlr
Copy link

Thank you for your reply.

You got me with your list against captchas. I totally agree with you on your points. I personally hate them so much. Maybe this is just a requirements thing for the pm guys. It sounds nice if you could say "we are protected against bots with our captcha mechanism". But as for now, we have this requirement.

And also the double opt in.

All other requirements are met by Indico and we are on our way to using it if this "double opt in" thing would be incorporated. This is seen as a must have. I am working for the German Aerospace Center (DLR) and we would like to have it on board. I will clarify if the captchas are a must have. Maybe not. I will see.

The settings you proposed for event registration would help a lot and would totally suit our needs.

Best regards,
elvirus

@ThiefMaster ThiefMaster linked a pull request Aug 9, 2022 that will close this issue
4 tasks
Release 3.2 automation moved this from To do to Done Aug 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

Successfully merging a pull request may close this issue.

3 participants