wiki:TracCaptchaPlugin

Embed captcha in Trac ticket pages

Description

This plugin embeds a captcha in the ticket page in addition to Trac's regular permission checks. Its purpose is to keep spammers out of the Trac environment.

Key features:

  • Fully functional: The popular reCAPTCHA system is supported out of the box. Technically it's a plugin: if you don't like it, you are free to use any other plugin while still leverage the benefits from the general captcha infrastructure.
  • Does not annoy users: After the user entered the captcha once, (s)he does not have to solve the captcha again for the same ticket when (s)he just clicks 'preview'. Also you can configure to exempt certain users or groups (e.g. 'all authenticated users') from the captchas by using Trac's permission system.
  • Generic Infrastructure: TracCaptcha takes care about embedding a given captcha in the appropriate places, which means that building a different captcha plugin is easy - you just have to build the captcha itself while this code will take care of the Trac integration.

The code is licensed under the liberal MIT license, so you can use the API in your own code.

The macro is also used on the project page, but please keep in mind that this is not an online demo, so do not create tickets to test the captcha!

Bugs/Feature Requests

Existing bugs and feature requests for the TracCaptcha plugin are stored on the project page. Please do not file bugs in the trac-hacks bug tracker.

Download

The latest sources are available from the project page and TracCaptcha.

Installation

General instructions on installing Trac plugins can be found on the TracPlugins page.

Note the dependencies and compatibility:

  • Python 2.3 - 2.7.
  • Trac 0.11, 0.12, 1.0.
  • Optional: PyCrypto for better security on Python 2.3 and 2.4.

Configuration

Enable the macro in your trac.ini file:

[components]
trac_captcha.* = enabled
# only needed if you want to use reCAPTCHA
trac_recaptcha.* = enabled

[recaptcha]
# add the keys obtained from http://recaptcha.net/api/getkey
public_key = ...
private_key = ...

If you want to exempt some users from the captcha, grant them the CAPTCHA_SKIP privilege. TICKET_ADMINs and TRAC_ADMINs automatically have this privilege, so they will never see a captcha. Also, a user only needs to solve the captcha once per modification, so you can click 'preview' as often as you like without having to solve the captcha again.

Author/Contributors

Author: felix_schwarz
Maintainer: Felix Schwarz
Contributors:

Last modified 8 years ago Last modified on Sep 7, 2016, 6:01:33 PM

Attachments (1)

Download all attachments as: .zip