[tor-bugs] #11127 [BridgeDB]: reCaptcha verification is hardcoded to use plaintext HTTP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 12 18:44:38 UTC 2014
#11127: reCaptcha verification is hardcoded to use plaintext HTTP
--------------------------+----------------------------
Reporter: isis | Owner: isis
Type: defect | Status: needs_review
Priority: major | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgedb-https
Actual Points: | Parent ID:
Points: |
--------------------------+----------------------------
Comment (by isis):
Replying to [comment:2 sysrqb]:
> I guess I should actually tell you that I reviewed it!
>
Thanks! :D
> It looks good, I don't have any blockers on the code. A couple minor
comments on the unit test.
>
> 1) These appear to be the same test, but maybe I'm missing something:
Oopsies. That is not supposed to be the same. One of those is supposed to
be something else, like a `twisted.web.client.ConnectionLost` instead of
`ResponseDone`...
Good catch.
> 2) thee
> {{{
> def test_cbRequest(self):
> """Send a :class:`MockResponse` and check that thee resulting
protocol
> }}}
>
It's expecting an aristocratic protocol, you know? Like
`twisted.protocols.stateful.HerRoyalHighnessTCP`.
Kidding! Thanks, I'll fix that one too. :)
> I'm unable to test it, but as soon as the remainder of the patch with an
implementation in CaptchaProtectedResource looks good, and think it's
mergable.
There's now a [ branch] which is exactly these commits, unchanged, but
they are rebased on top of the other [ CAPTCHA branch] for #10809. There
is
[https://gitweb.torproject.org/user/isis/bridgedb.git/commit/d3ebc3c2d49a008608ab962fdd1ddd7de53ecb21
one additional commit] to use `bridgedb.txrecaptcha` in
`bridgedb.HTTPServer` and `bridgedb.captcha`.
All the tests still pass, but we currently have like zero testing for
`bridgedb.HTTPServer`. I am unsure if I should focus time on that before
getting started with the database backend improvements.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11127#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list