New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement reCAPTCHA for abuse prevention #311

Merged
merged 2 commits into from Jun 1, 2017

Conversation

Projects
None yet
5 participants
@chadwhitacre
Contributor

chadwhitacre commented May 27, 2017

Redux of #234. Initial rebase here drops some README changes in favor of HEAD, but otherwise should match 8330ac6.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 27, 2017

Contributor

Rebased again to drop the commits that add the dist directory to the repo: f5604a5 04d33c1. That seems a distraction. Was 947d908.

Contributor

chadwhitacre commented May 27, 2017

Rebased again to drop the commits that add the dist directory to the repo: f5604a5 04d33c1. That seems a distraction. Was 947d908.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 27, 2017

Contributor

Alright, squashed all the commits and removed the remaining bits that were changing orthogonal plumbing vs. actually adding the feature in scope. Was c1294cc.

Contributor

chadwhitacre commented May 27, 2017

Alright, squashed all the commits and removed the remaining bits that were changing orthogonal plumbing vs. actually adding the feature in scope. Was c1294cc.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 27, 2017

Contributor

Testing with Heroku templating ...

Contributor

chadwhitacre commented May 27, 2017

Testing with Heroku templating ...

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre
Contributor

chadwhitacre commented May 27, 2017

screen shot 2017-05-26 at 9 08 14 pm

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre
Contributor

chadwhitacre commented May 27, 2017

screen shot 2017-05-26 at 9 10 05 pm

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre
Contributor

chadwhitacre commented May 27, 2017

screen shot 2017-05-26 at 9 10 25 pm


screen shot 2017-05-26 at 9 10 43 pm

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 27, 2017

Contributor

Ready for review, @rauchg!

Contributor

chadwhitacre commented May 27, 2017

Ready for review, @rauchg!

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 27, 2017

Contributor

Test here if you like (will leave up temporarily):

https://immense-forest-91787.herokuapp.com/

Contributor

chadwhitacre commented May 27, 2017

Test here if you like (will leave up temporarily):

https://immense-forest-91787.herokuapp.com/

@rauchg

This comment has been minimized.

Show comment
Hide comment
@rauchg

rauchg May 29, 2017

Owner

@whit537 thanks a lot! One last thing before we merge this: do you think it's a good idea to enforce Google reCAPTCHA on every single installation, rather than making it optional?

Owner

rauchg commented May 29, 2017

@whit537 thanks a lot! One last thing before we merge this: do you think it's a good idea to enforce Google reCAPTCHA on every single installation, rather than making it optional?

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 29, 2017

Contributor

I think it should be hard to deploy SlackIn insecurely ("secure by default"). If reCAPTCHA is optional then it should be an explicit opt-out with a clear warning about SlackOut.

Contributor

chadwhitacre commented May 29, 2017

I think it should be hard to deploy SlackIn insecurely ("secure by default"). If reCAPTCHA is optional then it should be an explicit opt-out with a clear warning about SlackOut.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 29, 2017

Contributor

... and I guess I would see that as out-of-scope for this PR. Right now SlackIn exposes its users to a non-trivial vulnerability. Reducing that exposure is important. Adding a footgun back into SlackIn can be done later.

Contributor

chadwhitacre commented May 29, 2017

... and I guess I would see that as out-of-scope for this PR. Right now SlackIn exposes its users to a non-trivial vulnerability. Reducing that exposure is important. Adding a footgun back into SlackIn can be done later.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre May 31, 2017

Contributor

Ready to merge, @rauchg?

Contributor

chadwhitacre commented May 31, 2017

Ready to merge, @rauchg?

@rauchg rauchg merged commit 1dedb2e into rauchg:master Jun 1, 2017

@chadwhitacre chadwhitacre deleted the chadwhitacre:reCAPTCHA branch Jun 1, 2017

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
Contributor

chadwhitacre commented Jun 1, 2017

develar added a commit to develar/slackin that referenced this pull request Jun 13, 2017

@toolmantim

This comment has been minimized.

Show comment
Hide comment
@toolmantim

toolmantim Aug 3, 2017

Contributor

Was this made to also work with the badge version? Because I'm trying to upgrade (for Node security updates) but can't seem to get this to work, and I can't see how it did?

badge-version

When you try to send an invite you get:

TypeError: undefined is not an object (evaluating 'gcaptcha_response.value')

It works fine if you go to it directly:

slackin

Contributor

toolmantim commented Aug 3, 2017

Was this made to also work with the badge version? Because I'm trying to upgrade (for Node security updates) but can't seem to get this to work, and I can't see how it did?

badge-version

When you try to send an invite you get:

TypeError: undefined is not an object (evaluating 'gcaptcha_response.value')

It works fine if you go to it directly:

slackin

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre Aug 4, 2017

Contributor

I don't recall seeing anything about the badge version when I was cleaning up the PR. I suggest making a new ticket/PR.

Contributor

chadwhitacre commented Aug 4, 2017

I don't recall seeing anything about the badge version when I was cleaning up the PR. I suggest making a new ticket/PR.

@toolmantim toolmantim referenced this pull request Aug 4, 2017

Closed

Add reCAPTCHA support to the badge/iframe version #332

1 of 2 tasks complete
@toolmantim

This comment has been minimized.

Show comment
Hide comment
@toolmantim

toolmantim Aug 4, 2017

Contributor

@whit537 I've done some digging, and it looks like you might have forgotten to update the badge to support recaptcha. I've opened up a WIP pull request here: #332 Would love your help/thoughts.

Contributor

toolmantim commented Aug 4, 2017

@whit537 I've done some digging, and it looks like you might have forgotten to update the badge to support recaptcha. I've opened up a WIP pull request here: #332 Would love your help/thoughts.

@chadwhitacre

This comment has been minimized.

Show comment
Hide comment
@chadwhitacre

chadwhitacre Aug 5, 2017

Contributor

you might have forgotten to update the badge to support recaptcha

Sorry about that. :-/

Contributor

chadwhitacre commented Aug 5, 2017

you might have forgotten to update the badge to support recaptcha

Sorry about that. :-/

@toolmantim

This comment has been minimized.

Show comment
Hide comment
@toolmantim

toolmantim Aug 5, 2017

Contributor

It happens! 😊

Contributor

toolmantim commented Aug 5, 2017

It happens! 😊

toolmantim added a commit to toolmantim/slackin that referenced this pull request Aug 7, 2017

@Daniel15

This comment has been minimized.

Show comment
Hide comment
@Daniel15

Daniel15 Oct 20, 2017

Can you please publish this update to npm? slackin on npm is still 0.13.0

Daniel15 commented Oct 20, 2017

Can you please publish this update to npm? slackin on npm is still 0.13.0

This was referenced Nov 15, 2017

@jpoon jpoon referenced this pull request Dec 3, 2017

Open

azure deploy broken #355

@jpoon

This comment has been minimized.

Show comment
Hide comment
@jpoon

jpoon Dec 3, 2017

Contributor

FYI, this PR broke the Azure deployment: #355. Need to update the environment variables here: https://github.com/rauchg/slackin/blob/master/azuredeploy.json#L99

Contributor

jpoon commented Dec 3, 2017

FYI, this PR broke the Azure deployment: #355. Need to update the environment variables here: https://github.com/rauchg/slackin/blob/master/azuredeploy.json#L99

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment