Skip to content

Add ReCAPTCHA support to password reset form #6984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asmecher opened this issue Apr 22, 2021 · 15 comments
Open

Add ReCAPTCHA support to password reset form #6984

asmecher opened this issue Apr 22, 2021 · 15 comments
Assignees
@Godoy0722
Labels
Enhancement:1:Minor A new feature or improvement that can be implemented in less than 3 days.
Milestone
3.3.0-x

Comments

@asmecher
Copy link
Member

The password reset form can generate unwanted emails if abused. Add ReCAPTCHA support to the password reset form.
@asmecher asmecher added this to the OJS/OMP/OPS 3.3.1 milestone Apr 22, 2021
@NateWr
Copy link
Contributor

NateWr commented Apr 26, 2021

Since ReCAPTCHA is not available in China, can/should we do some basic rate limiting? If we log the reset request, we should be able to not send another reset request until the last one expires?

@NateWr NateWr added the Enhancement:1:Minor A new feature or improvement that can be implemented in less than 3 days. label Apr 26, 2021
@henriqueramos
Copy link
Contributor

As mentioned on Slack channel, we could use the hCaptcha instead reCaptcha.

@mfelczak
Copy link
Member

Just wanted to add a +1 for rate limiting the password reset form.

@LuisLepidus
Copy link

+1

@henriqueramos
Copy link
Contributor

@asmecher This feature its on dev roadmap? If not, I will spend some time creating this as a package.

@asmecher
Copy link
Member Author

asmecher commented Jul 9, 2024

@henriqueramos, it hasn't yet been prioritized against a specific release, but I'd be happy to get a pull request reviewed!

Godoy0722 added a commit to Godoy0722/pkp-lib that referenced this issue Apr 1, 2025
@Godoy0722
ReCAPTCHA on the userLostPassword page based on the config.inc file. …
b407c86 
…Solves the issue pkp#6984
This was referenced Apr 1, 2025
Open
Open
@Godoy0722
Copy link
Contributor

Hello @asmecher! Hope you're doing well.

I just created two PRs that are related to this issue. If you want to take a look or assign someone to make the code reviews, I would appreciate that!

@asmecher
Copy link
Member Author

asmecher commented Apr 1, 2025

Looks good, @Godoy0722; can you forward-port this to stable-3_5_0, stable-3_4_0, and main? (If porting through stable-3_4_0 is too time-consuming, I'd consider leaving it out of that branch; stable-3_5_0 and main are basically equivalent.)

@Godoy0722
Copy link
Contributor

Hello Alec! I'll work on it and ping you in the other PRs as soon as possible. I'll also link the PRs that I create with this one.

@Godoy0722 Godoy0722 self-assigned this Apr 4, 2025
Godoy0722 added a commit to Godoy0722/pkp-lib that referenced this issue Apr 4, 2025
@Godoy0722
add ReCAPTCHA on the reset password form. Related to the issue pkp#6984
d7a4e8e
This was referenced Apr 4, 2025
Open
Open
Godoy0722 added a commit to Godoy0722/pkp-lib that referenced this issue Apr 4, 2025
@Godoy0722
add ReCAPTCHA on the reset password form. Related to the issue pkp#6984
0bb838f
This was referenced Apr 4, 2025
Open
Open
Godoy0722 added a commit to Godoy0722/pkp-lib that referenced this issue Apr 4, 2025
@Godoy0722
add ReCAPTCHA on the reset password form. Related to the issue pkp#6984
25d7f54
This was referenced Apr 4, 2025
Open
Open
@Godoy0722
Copy link
Contributor

Hi there @asmecher! Just a heads-up that I make the forward port for this issue on all OJS versions ahead of the 3.3 one, in case you want to take a better look at them! If there's anything else you need me to do about this issue, please don't hesitate to contact me! Thank you so much, Alec!

@LuisLepidus
Copy link

Hi @asmecher! Would it be possible to add this fix to version 3.3.0-21?

@jonasraoni
Copy link
Contributor

If we're implementing this, then I think it makes sense to also bring the #6539 to 3.3

@asmecher
Copy link
Member Author

@Godoy0722, could you list out all the PRs here in a comment? That'll make sure I don't miss anything. Thanks!

@Godoy0722
Copy link
Contributor

Hello @asmecher ! Of course, I'll summarize all my PRs for all OJS versions:

OJS 3.3

OJS 3.4

OJS 3.5

OJS main branch

Here are all my created PRs for this request. Also, on OJS 3.3, I made a backport for the request on the issue #6539. Please let me know if you need anything else! 😄

@asmecher
Copy link
Member Author

@Godoy0722, with apologies for the delay, there's just one small comment on the 3.3.0 review that needs attention, then it's all ready!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Godoy0722 Godoy0722

Labels
Enhancement:1:Minor A new feature or improvement that can be implemented in less than 3 days.
Projects
None yet
Milestone
3.3.0-x
Development

No branches or pull requests
7 participants
@asmecher @mfelczak @jonasraoni @henriqueramos @NateWr @Godoy0722 @LuisLepidus