[trac-accountmanager-plugin] Improve spam rejection, fix test suite

Paul Howarth pghmcfc at fedoraproject.org
Fri Feb 13 16:21:45 UTC 2015 

commit f9cd71914636ea6ecb8aeed5f5283886dfa1dabe
Author: Paul Howarth <paul at city-fan.org>
Date:   Fri Feb 13 16:15:32 2015 +0000

    Improve spam rejection, fix test suite
    
    - Allow a question as alternative BotTrapCheck field description
    - Fix the test suite so that it works with trac 1.0.2
    - Use %license where possible
    - Upload new source tarball

 TracAccountManager-0.4.4-svn14245.patch |   41 +++++++++++++++++++++++++++++++
 TracAccountManager-0.4.4-tests.patch    |   20 +++++++++++++++
 sources                                 |    2 +-
 trac-accountmanager-plugin.spec         |   28 +++++++++++++++++++-
 4 files changed, 88 insertions(+), 3 deletions(-)
---
diff --git a/TracAccountManager-0.4.4-svn14245.patch b/TracAccountManager-0.4.4-svn14245.patch
new file mode 100644
index 0000000..8923856
--- /dev/null
+++ b/TracAccountManager-0.4.4-svn14245.patch
@@ -0,0 +1,41 @@
+--- acct_mgr/register.py
++++ acct_mgr/register.py
+@@ -156,7 +156,12 @@ class BotTrapCheck(GenericRegistrationIn
+     This check is bypassed for requests by an admin user.
+     """
+ 
+-    reg_basic_token = Option('account-manager', 'register_basic_token', '',
++    reg_basic_question = Option(
++        'account-manager', 'register_basic_question', '',
++        doc="A question to ask instead of the standard prompt, to which "
++            "the value of register_basic_token is the answer.")
++    reg_basic_token = Option(
++        'account-manager', 'register_basic_token', '',
+         doc="A string required as input to pass verification.")
+ 
+     def render_registration_fields(self, req, data):
+@@ -168,11 +173,19 @@ class BotTrapCheck(GenericRegistrationIn
+             # everything again.
+             old_value = req.args.get('basic_token', '')
+ 
+-            # TRANSLATOR: Hint for visible bot trap registration input field.
+-            hint = tag.p(Markup(_(
+-                """Please type [%(token)s] as verification token,
+-                exactly replicating everything within the braces.""",
+-                token=tag.b(self.reg_basic_token))), class_='hint')
++            if self.reg_basic_question:
++                # TRANSLATOR: Question-style hint for visible bot trap
++                # registration input field.
++                hint = tag.p(_("Please answer above: %(question)s",
++                               question=self.reg_basic_question),
++                             class_='hint')
++            else:
++                # TRANSLATOR: Verbatim token hint for visible bot trap
++                # registration input field.
++                hint = tag.p(Markup(_(
++                    """Please type [%(token)s] as verification token,
++                    exactly replicating everything within the braces.""",
++                    token=tag.b(self.reg_basic_token))), class_='hint')
+             insert = tag(
+                 tag.label(_("Parole:"),
+                           tag.input(type='text', name='basic_token', size=20,
diff --git a/TracAccountManager-0.4.4-tests.patch b/TracAccountManager-0.4.4-tests.patch
new file mode 100644
index 0000000..df5d5fe
--- /dev/null
+++ b/TracAccountManager-0.4.4-tests.patch
@@ -0,0 +1,20 @@
+--- acct_mgr/tests/register.py
++++ acct_mgr/tests/register.py
+@@ -100,6 +100,7 @@ class BasicCheckTestCase(_BaseTestCase):
+         _BaseTestCase.setUp(self)
+         self.env = EnvironmentStub(
+                 enable=['trac.*', 'acct_mgr.admin.*',
++                        'acct_mgr.db.sessionstore',
+                         'acct_mgr.pwhash.HtDigestHashMethod'])
+         self.env.path = tempfile.mkdtemp()
+         self.env.config.set('account-manager', 'password_store',
+@@ -200,7 +201,8 @@ class EmailCheckTestCase(_BaseTestCase):
+     def test_verify_conf_changes(self):
+         """Registration challenges with EmailVerificationModule enabled."""
+         self.env = EnvironmentStub(
+-                enable=['trac.*', 'acct_mgr.admin.*', 'acct_mgr.register.*'])
++                enable=['trac.*', 'acct_mgr.admin.*', 'acct_mgr.register.*',
++                        'acct_mgr.pwhash.HtDigestHashMethod'])
+         self.env.path = tempfile.mkdtemp()
+         set_user_attribute(self.env, 'admin', 'email', 'admin at foo.bar')
+ 
diff --git a/sources b/sources
index aac95de..c832d4d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-332d792180c28628a4a768c4b16bab6d  TracAccountManager-0.4dev-r11131.tar.bz2
+5c62c3e56bd8b02e0e9370eac15d8d4f  TracAccountManager-0.4.4.tar.bz2
diff --git a/trac-accountmanager-plugin.spec b/trac-accountmanager-plugin.spec
index db47bfd..bd74b63 100644
--- a/trac-accountmanager-plugin.spec
+++ b/trac-accountmanager-plugin.spec
@@ -6,14 +6,16 @@
 
 Name:           trac-accountmanager-plugin
 Version:        0.4.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Trac plugin for account registration and management
 Group:          Applications/Internet
 License:        Copyright only
 URL:            http://trac-hacks.org/wiki/AccountManagerPlugin
 Source0:        TracAccountManager-%{version}.tar.bz2
 Source1:        pull-from-svn.sh
+Patch0:         TracAccountManager-0.4.4-tests.patch
 Patch1:         TracAccountManager-0.4.4-genshi06.patch
+Patch2:         TracAccountManager-0.4.4-svn14245.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildArch:      noarch
 BuildRequires:  python2-devel
@@ -47,9 +49,21 @@ The AccountManagerPlugin offers several features for managing user accounts:
 %prep
 %setup -n TracAccountManager-%{version} -q
 
+# Fix the test suite so that it works with trac 1.0.2
+# https://trac-hacks.org/ticket/12192
+%patch0
+
 # Make sure we can find Genshi ≥ 0.6 on EL-6, where it's in an egg
 %patch1
 
+# Allow a question as alternative BotTrapCheck field description, refs #10270 and #12054
+# This makes BotTrapCheck field description configurable. Now you can require
+# user input other than exact duplication of text from the description.
+# That should be more effective against spam registration attempts, similar
+# to QuestionRegisterPlugin functionality - effectively obsoleting that hack.
+# http://trac-hacks.org/changeset/14245/accountmanagerplugin/trunk/acct_mgr
+%patch2
+
 %build
 %{__python} setup.py build
 
@@ -67,7 +81,12 @@ rm %{buildroot}%{python_sitelib}/acct_mgr/locale/.placeholder
 rm -rf %{buildroot}
 
 %files
-%doc changelog COPYING README README.update
+%if 0%{?_licensedir:1}
+%license COPYING
+%else
+%doc COPYING
+%endif
+%doc changelog README README.update
 %doc contrib/fix-session_attribute-failed_logins.py contrib/sessionstore_convert.py
 %dir %{python_sitelib}/acct_mgr/
 %{python_sitelib}/acct_mgr/*.py*
@@ -137,6 +156,11 @@ rm -rf %{buildroot}
 %{python_sitelib}/TracAccountManager-%{version}-py%{pybasever}.egg-info/
 
 %changelog
+* Fri Feb 13 2015 Paul Howarth <paul at city-fan.org> - 0.4.4-2
+- Allow a question as alternative BotTrapCheck field description
+- Fix the test suite so that it works with trac 1.0.2
+- Use %%license where possible
+
 * Mon Jun  9 2014 Paul Howarth <paul at city-fan.org> - 0.4.4-1
 - Update to current stable release version
   - Lots of password-related fixes

More information about the scm-commits mailing list