[trac-accountmanager-plugin] Improve spam rejection, fix test suite
Paul Howarth
pghmcfc at fedoraproject.org
Fri Feb 13 16:21:45 UTC 2015
commit f9cd71914636ea6ecb8aeed5f5283886dfa1dabe
Author: Paul Howarth <paul at city-fan.org>
Date: Fri Feb 13 16:15:32 2015 +0000
Improve spam rejection, fix test suite
- Allow a question as alternative BotTrapCheck field description
- Fix the test suite so that it works with trac 1.0.2
- Use %license where possible
- Upload new source tarball
TracAccountManager-0.4.4-svn14245.patch | 41 +++++++++++++++++++++++++++++++
TracAccountManager-0.4.4-tests.patch | 20 +++++++++++++++
sources | 2 +-
trac-accountmanager-plugin.spec | 28 +++++++++++++++++++-
4 files changed, 88 insertions(+), 3 deletions(-)
---
diff --git a/TracAccountManager-0.4.4-svn14245.patch b/TracAccountManager-0.4.4-svn14245.patch
new file mode 100644
index 0000000..8923856
--- /dev/null
+++ b/TracAccountManager-0.4.4-svn14245.patch
@@ -0,0 +1,41 @@
+--- acct_mgr/register.py
++++ acct_mgr/register.py
+@@ -156,7 +156,12 @@ class BotTrapCheck(GenericRegistrationIn
+ This check is bypassed for requests by an admin user.
+ """
+
+- reg_basic_token = Option('account-manager', 'register_basic_token', '',
++ reg_basic_question = Option(
++ 'account-manager', 'register_basic_question', '',
++ doc="A question to ask instead of the standard prompt, to which "
++ "the value of register_basic_token is the answer.")
++ reg_basic_token = Option(
++ 'account-manager', 'register_basic_token', '',
+ doc="A string required as input to pass verification.")
+
+ def render_registration_fields(self, req, data):
+@@ -168,11 +173,19 @@ class BotTrapCheck(GenericRegistrationIn
+ # everything again.
+ old_value = req.args.get('basic_token', '')
+
+- # TRANSLATOR: Hint for visible bot trap registration input field.
+- hint = tag.p(Markup(_(
+- """Please type [%(token)s] as verification token,
+- exactly replicating everything within the braces.""",
+- token=tag.b(self.reg_basic_token))), class_='hint')
++ if self.reg_basic_question:
++ # TRANSLATOR: Question-style hint for visible bot trap
++ # registration input field.
++ hint = tag.p(_("Please answer above: %(question)s",
++ question=self.reg_basic_question),
++ class_='hint')
++ else:
++ # TRANSLATOR: Verbatim token hint for visible bot trap
++ # registration input field.
++ hint = tag.p(Markup(_(
++ """Please type [%(token)s] as verification token,
++ exactly replicating everything within the braces.""",
++ token=tag.b(self.reg_basic_token))), class_='hint')
+ insert = tag(
+ tag.label(_("Parole:"),
+ tag.input(type='text', name='basic_token', size=20,
diff --git a/TracAccountManager-0.4.4-tests.patch b/TracAccountManager-0.4.4-tests.patch
new file mode 100644
index 0000000..df5d5fe
--- /dev/null
+++ b/TracAccountManager-0.4.4-tests.patch
@@ -0,0 +1,20 @@
+--- acct_mgr/tests/register.py
++++ acct_mgr/tests/register.py
+@@ -100,6 +100,7 @@ class BasicCheckTestCase(_BaseTestCase):
+ _BaseTestCase.setUp(self)
+ self.env = EnvironmentStub(
+ enable=['trac.*', 'acct_mgr.admin.*',
++ 'acct_mgr.db.sessionstore',
+ 'acct_mgr.pwhash.HtDigestHashMethod'])
+ self.env.path = tempfile.mkdtemp()
+ self.env.config.set('account-manager', 'password_store',
+@@ -200,7 +201,8 @@ class EmailCheckTestCase(_BaseTestCase):
+ def test_verify_conf_changes(self):
+ """Registration challenges with EmailVerificationModule enabled."""
+ self.env = EnvironmentStub(
+- enable=['trac.*', 'acct_mgr.admin.*', 'acct_mgr.register.*'])
++ enable=['trac.*', 'acct_mgr.admin.*', 'acct_mgr.register.*',
++ 'acct_mgr.pwhash.HtDigestHashMethod'])
+ self.env.path = tempfile.mkdtemp()
+ set_user_attribute(self.env, 'admin', 'email', 'admin at foo.bar')
+
diff --git a/sources b/sources
index aac95de..c832d4d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-332d792180c28628a4a768c4b16bab6d TracAccountManager-0.4dev-r11131.tar.bz2
+5c62c3e56bd8b02e0e9370eac15d8d4f TracAccountManager-0.4.4.tar.bz2
diff --git a/trac-accountmanager-plugin.spec b/trac-accountmanager-plugin.spec
index db47bfd..bd74b63 100644
--- a/trac-accountmanager-plugin.spec
+++ b/trac-accountmanager-plugin.spec
@@ -6,14 +6,16 @@
Name: trac-accountmanager-plugin
Version: 0.4.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Trac plugin for account registration and management
Group: Applications/Internet
License: Copyright only
URL: http://trac-hacks.org/wiki/AccountManagerPlugin
Source0: TracAccountManager-%{version}.tar.bz2
Source1: pull-from-svn.sh
+Patch0: TracAccountManager-0.4.4-tests.patch
Patch1: TracAccountManager-0.4.4-genshi06.patch
+Patch2: TracAccountManager-0.4.4-svn14245.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch
BuildRequires: python2-devel
@@ -47,9 +49,21 @@ The AccountManagerPlugin offers several features for managing user accounts:
%prep
%setup -n TracAccountManager-%{version} -q
+# Fix the test suite so that it works with trac 1.0.2
+# https://trac-hacks.org/ticket/12192
+%patch0
+
# Make sure we can find Genshi ≥ 0.6 on EL-6, where it's in an egg
%patch1
+# Allow a question as alternative BotTrapCheck field description, refs #10270 and #12054
+# This makes BotTrapCheck field description configurable. Now you can require
+# user input other than exact duplication of text from the description.
+# That should be more effective against spam registration attempts, similar
+# to QuestionRegisterPlugin functionality - effectively obsoleting that hack.
+# http://trac-hacks.org/changeset/14245/accountmanagerplugin/trunk/acct_mgr
+%patch2
+
%build
%{__python} setup.py build
@@ -67,7 +81,12 @@ rm %{buildroot}%{python_sitelib}/acct_mgr/locale/.placeholder
rm -rf %{buildroot}
%files
-%doc changelog COPYING README README.update
+%if 0%{?_licensedir:1}
+%license COPYING
+%else
+%doc COPYING
+%endif
+%doc changelog README README.update
%doc contrib/fix-session_attribute-failed_logins.py contrib/sessionstore_convert.py
%dir %{python_sitelib}/acct_mgr/
%{python_sitelib}/acct_mgr/*.py*
@@ -137,6 +156,11 @@ rm -rf %{buildroot}
%{python_sitelib}/TracAccountManager-%{version}-py%{pybasever}.egg-info/
%changelog
+* Fri Feb 13 2015 Paul Howarth <paul at city-fan.org> - 0.4.4-2
+- Allow a question as alternative BotTrapCheck field description
+- Fix the test suite so that it works with trac 1.0.2
+- Use %%license where possible
+
* Mon Jun 9 2014 Paul Howarth <paul at city-fan.org> - 0.4.4-1
- Update to current stable release version
- Lots of password-related fixes
More information about the scm-commits
mailing list