[tor-bugs] #11231 [BridgeDB]: BridgeDB's txrecaptcha returns the "No bridges available!" page if 'captcha_response_field' is blank

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 18 04:09:37 UTC 2014


#11231: BridgeDB's txrecaptcha returns the "No bridges available!" page if
'captcha_response_field' is blank
--------------------------------------------+----------------------
 Reporter:  isis                            |          Owner:  isis
     Type:  defect                          |         Status:  new
 Priority:  blocker                         |      Milestone:
Component:  BridgeDB                        |        Version:
 Keywords:  bridgedb-0.1.6, bridgedb-https  |  Actual Points:
Parent ID:                                  |         Points:
--------------------------------------------+----------------------
 I was writing unittests for the `bridgedb.HTTPServer` module and
 discovered this.

 What is happening is:

  * `bridgedb.HTTPServer.ReCaptchaProtectedResource.render_POST(request)`
 is called with blank strings for the `'captcha_challenge_field'` and
 `'captcha_response_field'` POST arguments.
  * `bridgedb.HTTPServer.CaptchaProtectedResource.render_POST(request)` is
 called.
  * `bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution(request)`
 is called.
  *
 `bridgedb.HTTPServer.CaptchaProtectedResource.extractClientSolution(request)`
 is called, and it returns a tuple of `('', '')`, which in Python has a
 boolean value of `True`.
  * The empty strings return a `bridgedb.txrecaptcha.RecaptchaResponse`
 from `bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution()`
 without hitting the callback function `checkResponse()`.
  * The `RecaptchaResponse` also evaluates to `True`, meaning that
 `checkSolution(request)` in `render_POST()` passes, and the server tries
 to render the `RecaptchaResponse` object as the list of bridges to give to
 the client, resulting in the "No bridges available!" webpage.

 That sounds confusing. But I have a unittest to prove it happens, and the
 solution is really simple:

 In `bridgedb.CaptchaProtectedResource.render_POST()`:
 {{{
 -        if self.checkSolution(request):
 +        if self.checkSolution(request) is True:
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11231>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list