Hey Martijn, I've been trying out the collective.captcha tool, which I
noticed via the collective-checkins list, and it is pretty slick!
However, I have a couple questions about using it from a
CMFFormController validator.
#1) I have the following in my validator:
from collective.captcha.browser.captcha import Captcha
captcha_view = Captcha(context, req)
if not captcha_view.verify(captcha):
state.setError('captcha', qpcMF(u'You must correctly enter the
word.'), 'captcha')
In order to have the privilege to call this view, I added the following
in my product's __init__.py:
from AccessControl import allow_module, allow_class
allow_module('collective.captcha.browser.captcha')
from collective.captcha.browser.captcha import Captcha
allow_class(Captcha)
Is this the preferred way to use a browser view from restricted python,
or is there a better way?
#2) I noticed that the captcha cookie is getting deleted whenever
verify() is called, even if the verification failed. This seems like a
bug, because it makes it hard to redisplay a new captcha if the
verification fails. My fix for this is as follows:
Index: collective/captcha/browser/captcha.txt
===================================================================
--- collective/captcha/browser/captcha.txt (revision 54159)
+++ collective/captcha/browser/captcha.txt (working copy)
@@ -64,7 +64,18 @@
>>> del request2.cookies[COOKIE_ID]
>>> view.verify('np7EF-B')
False
+
+If verification fails, the cookie session ID will *not* be expired,
+so that a new captcha can be displayed.
+ >>> request2 = DummyRequest()
+ >>> request2.setCookie(COOKIE_ID,
'6552fec8867ee2a85a44784dda007e49efcf50ef')
+ >>> view = Captcha(context, request2)
+ >>> view.verify('incorrect')
+ False
+ >>> COOKIE_ID in request2.expiredcookies
+ False
+
Displaying
----------
Index: collective/captcha/browser/captcha.py
===================================================================
--- collective/captcha/browser/captcha.py (revision 54159)
+++ collective/captcha/browser/captcha.py (working copy)
@@ -89,9 +89,10 @@
result = False
try:
for word in self._generate_words():
- result = result or input.upper() == word.upper()
- # Delete the session key, we are done with this captcha
- self.request.response.expireCookie(COOKIE_ID, path='/')
+ if input.upper() == word.upper():
+ result = True
+ # Delete the session key, we are done with this captcha
+ self.request.response.expireCookie(COOKIE_ID, path='/')
except KeyError:
pass # No cookie
I'd be glad to check that change in if it makes sense to you.
peace,
--------------------------
David Glick
Project Associate
ONE/Northwest
New tools and strategies for engaging people in protecting the environment
http://www.onenw.org
[EMAIL PROTECTED]
(206) 286-1235 x32
Subscribe to ONEList, our email newsletter!
Practical advice for effective online engagement
http://www.onenw.org/full_signup
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
