[tor-bugs] #11127 [BridgeDB]: reCaptcha verification is hardcoded to use plaintext HTTP

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 12 18:44:38 UTC 2014

#11127: reCaptcha verification is hardcoded to use plaintext HTTP
     Reporter:  isis      |      Owner:  isis
         Type:  defect    |     Status:  needs_review
     Priority:  major     |  Milestone:
    Component:  BridgeDB  |    Version:
   Resolution:            |   Keywords:  bridgedb-https
Actual Points:            |  Parent ID:
       Points:            |

Comment (by isis):

 Replying to [comment:2 sysrqb]:
 > I guess I should actually tell you that I reviewed it!

 Thanks! :D

 > It looks good, I don't have any blockers on the code. A couple minor
 comments on the unit test.
 > 1) These appear to be the same test, but maybe I'm missing something:

 Oopsies. That is not supposed to be the same. One of those is supposed to
 be something else, like a `twisted.web.client.ConnectionLost` instead of

 Good catch.

 > 2) thee
 > {{{
 >     def test_cbRequest(self):
 >         """Send a :class:`MockResponse` and check that thee resulting
 > }}}

 It's expecting an aristocratic protocol, you know? Like

 Kidding! Thanks, I'll fix that one too. :)

 > I'm unable to test it, but as soon as the remainder of the patch with an
 implementation in CaptchaProtectedResource looks good, and think it's

 There's now a [ branch] which is exactly these commits, unchanged, but
 they are rebased on top of the other [ CAPTCHA branch] for #10809. There
 one additional commit] to use `bridgedb.txrecaptcha` in
 `bridgedb.HTTPServer` and `bridgedb.captcha`.

 All the tests still pass, but we currently have like zero testing for
 `bridgedb.HTTPServer`. I am unsure if I should focus time on that before
 getting started with the database backend improvements.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11127#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list