Page MenuHomePhabricator
Create Task
Maniphest T177034

Outreachy microtask: write a CAPTCHA plugin that can fall back to another algorithm
Closed, ResolvedPublic
Actions

Description

This is a microtask for Outreachy applicants for T158909: Automatically detect spambot registration using machine learning (like invisible reCAPTCHA) .

We want a new plugin for the MediaWiki extension responsible for our new user registration CAPTCHA, called ConfirmEdit. This new plugin will attempt to prove the user is human using mouse movement data. If this attempt fails, we want to fall back to another type of CAPTCHA.

In this task, please write a stub for ConfirmEdit which introduces a new plugin. This can be as simple as a button saying "I am not a robot", and another saying "I am in fact a robot". If the user fails this test (we think they may be a bot), they should be presented with a second type of CAPTCHA. Currently, this system is only designed to show a single plugin.

  • Set up local development environment. You'll probably want to use MediaWiki-Vagrant.
  • If using MW-Vagrant, you should be able to vagrant roles enable confirmedit to install the extension.
  • Make sure you're able to see your local wiki, and that you are presented with the default CAPTCHA when trying to create a new account.
  • Create a new plugin by copying e.g. ConfirmEdit/SimpleCaptcha to a new directory, renaming the classes and files and adding to ConfirmEdit/extension.json.
  • Change your new plugin to present something simple like a button or text field that can be used to "pass" or "fail".
  • If the user fails, set a PHP session variable to flag this failure.
  • After the user fails, or if the failed CAPTCHA session variable is present, fall back to SimpleCaptcha. This can be hardcoded for now.

Details

SubjectRepoBranchLines +/-
[WIP]Outreachy microtask: write a CAPTCHA plugin that can fall back to another algorithmmediawiki/extensions/ConfirmEditmaster+131 -0
[WIP]MicroTask4: Write a CAPTCHA plugin that can fall back to another algorithmmediawiki/extensions/ConfirmEditmaster+149 -0
[WIP]Outreachy microtask: write a CAPTCHA plugin that can fall back to another algorithmmediawiki/extensions/ConfirmEditmaster+30 -68
Customize query in gerrit

Related Objects

Event Timeline

awight created this task.Sep 28 2017, 11:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 28 2017, 11:25 PM
awight mentioned this in T158909: Automatically detect spambot registration using machine learning (like invisible reCAPTCHA) .Sep 28 2017, 11:25 PM
Aklapper added a project: ConfirmEdit (CAPTCHA extension).Sep 29 2017, 8:56 AM

ConfirmEdit (CAPTCHA extension) , I assume?

Sofmonk subscribed.Sep 29 2017, 11:48 AM
Tgr updated the task description. (Show Details)Sep 30 2017, 2:10 AM
Tgr subscribed.Oct 2 2017, 9:01 AM

Note that this is a bit harder than the other three tasks. You probably should not start with this.

Sagorika1996 subscribed.Oct 2 2017, 3:05 PM
Nehagup subscribed.EditedOct 4 2017, 6:30 PM

@Tgr @awight I think I'm almost done with this task, but I'm a little stuck. I've followed all the steps and then created a new captcha plugin called "InvisibleCaptcha". I enabled that in the settings, and noticed that front-end complaint that it's not an instance of SimpleCaptcha and so I extended InvisibleCaptcha. However, after changing getFormInformation to this, I don't see any change in the captcha information on the create account page. can you please help?

Tgr added a comment.Oct 6 2017, 8:10 AM

@Nehagup can you upload the patch to gerrit? (Just put [WIP] at the beginning of the message to make it clear it's not ready to be merged yet.) It's hard to guess what's going on without seeing all of it.

Smarita mentioned this in T178697: Proposal: Automatically detect spambot registration using machine learning (like invisible reCAPTCHA).Oct 20 2017, 4:34 PM
Groovier subscribed.Oct 24 2017, 6:04 AM
Groovier added a comment.EditedOct 28 2017, 9:37 AM

@Tgr @awight , According to this page, SimpleCaptcha should be the default captcha and for FancyCaptcha to be loaded the changes descibed in the link have to be made. This is also consistant with my understanding of the code. I do not find these changes in my LocalSettings.php (I installed ConfirmEdit extension using vagrant) and yet FancyCaptcha is loaded by default instead of SimpleCaptcha. Can you please tell me why this happens.

Tgr added a comment.Oct 28 2017, 10:06 AM

Vagrant changes the settings to make the wiki more similar to Wikimedia. You can see the changes in /vagrant/settings.d/puppet-managed.

Groovier added a comment.Oct 28 2017, 7:57 PM

@Tgr , Thanks , that helped. I was going through the code and "getFormInformation" seems to be the function I should override to display required html (according to comments in SimpleCaptcha/Captcha.php). Many of the other captcha implementations like QuestyCaptcha, FancyCaptcha etc. also seem to be overriding this function. However, this function does not seem to have any effect. The "getFieldInfo" function from "CaptchaAuthenticationRequest.php" is actually displaying the question, in case of QuestyCaptcha. In the case of FancyCaptcha, this is being overridden by the content set in "onAuthChangeFormFields" function. Should I use "onAuthChangeFormFields" ? Is this the right way to proceed?

Tgr added a comment.Oct 29 2017, 12:06 AM

onAuthChangeFormFields is for login / registration, getFormInformation is for other uses (e.g. the edit form) which do not use HTMLForm for form generation. Registration is more relevant for the Outreachy project; for the microtask you can pick either one, though.

Groovier added a comment.Oct 29 2017, 11:03 AM

@Tgr Please find the CR link for microtask4 here.
Also this CR for adding me to CI whitelist has been pending. Is there any action required from my end?

Tgr added a comment.Oct 29 2017, 8:04 PM
In T177034#3718099, @Groovier wrote:

Also this CR for adding me to CI whitelist has been pending. Is there any action required from my end?

It's been merged for a while. Do you have trouble with CI tests not automatically running for you?

Groovier added a comment.Oct 30 2017, 6:09 AM

It's been merged for a while. Do you have trouble with CI tests not automatically running for you?

I don't have any trouble with CI tests. It's running fine. Thanks

gerritbot subscribed.Oct 30 2017, 10:21 AM

Change 387080 had a related patch set uploaded (by Groovier1; owner: Groovier1):
[mediawiki/extensions/ConfirmEdit@master] [WIP]MicroTask4: Write a CAPTCHA plugin that can fall back to another algorithm

https://gerrit.wikimedia.org/r/387080

gerritbot added a project: Patch-For-Review.Oct 30 2017, 10:21 AM
gerritbot added a comment.Nov 11 2017, 8:22 PM

Change 387080 abandoned by Gergő Tisza:
[WIP]MicroTask4: Write a CAPTCHA plugin that can fall back to another algorithm

Reason:
Abandoning all Outreachy microtask related changesets; the application period is over. Thanks for participating! For contributing outside Outreachy, see https://www.mediawiki.org/wiki/New_Developers and https://www.mediawiki.org/wiki/How_to_become_a_MediaWiki_hacker . For captcha fallbacks specifically, see T179635.

https://gerrit.wikimedia.org/r/387080

Tgr closed this task as Resolved.Dec 3 2017, 6:27 AM
Tgr claimed this task.

See T179635: Allow captchas to be stacked for the real version of this task (which was too complex for a microtask).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL