Hi,
Per request of Adam Williamsion (discussion about ticket #5140), I would like to disable captchas for logged in people. At the same time, I'm also disabling the on-login captcha that stopped the spam cleanup script from working at times of heavy spam.
Could I get +1s, or would people suggest to wait with this?
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com --- roles/mediawiki/templates/LocalSettings.php.fp.j2 | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 91edefb..a6c10b4 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -33,6 +33,12 @@ $wgCaptchaClass = 'SimpleCaptcha'; #$wgCaptchaDirectoryLevels = 0; #$wgCaptchaSecret = "{{ mediawikiCaptchaKey }}";
+$wgCaptchaTriggers['edit'] = true; +$wgCaptchaTriggers['create'] = true; +$wgCaptchaTriggers['addurl'] = true; +$wgCaptchaTriggers['createaccount'] = true; +$wgCaptchaTriggers['badlogin'] = false; + $wgRawHtml = false; $wgProto = "https"; {% if env == "staging" %} @@ -76,6 +82,7 @@ $wgMimeDetectorCommand= "file -bi"; #$wgGroupPermissions['user' ]['delete'] = true;
$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['skipcaptcha'] = true;
# HNP Can't manage the interwiki right... - Nigel $wgGroupPermissions['*']['interwiki'] = false;
On Thu, Mar 17, 2016 at 05:48:39PM +0000, Patrick Uiterwijk wrote:
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com
roles/mediawiki/templates/LocalSettings.php.fp.j2 | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 91edefb..a6c10b4 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -33,6 +33,12 @@ $wgCaptchaClass = 'SimpleCaptcha'; #$wgCaptchaDirectoryLevels = 0; #$wgCaptchaSecret = "{{ mediawikiCaptchaKey }}";
+$wgCaptchaTriggers['edit'] = true; +$wgCaptchaTriggers['create'] = true; +$wgCaptchaTriggers['addurl'] = true; +$wgCaptchaTriggers['createaccount'] = true; +$wgCaptchaTriggers['badlogin'] = false;
$wgRawHtml = false; $wgProto = "https"; {% if env == "staging" %} @@ -76,6 +82,7 @@ $wgMimeDetectorCommand= "file -bi"; #$wgGroupPermissions['user' ]['delete'] = true;
$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['skipcaptcha'] = true;
# HNP Can't manage the interwiki right... - Nigel $wgGroupPermissions['*']['interwiki'] = false;
Looks fine to me and easy enough to revert if needed.
+1
Pierre
On Thu, 17 Mar 2016 17:48:39 +0000 Patrick Uiterwijk puiterwijk@redhat.com wrote:
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com
roles/mediawiki/templates/LocalSettings.php.fp.j2 | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 91edefb..a6c10b4 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -33,6 +33,12 @@ $wgCaptchaClass = 'SimpleCaptcha'; #$wgCaptchaDirectoryLevels = 0; #$wgCaptchaSecret = "{{ mediawikiCaptchaKey }}";
+$wgCaptchaTriggers['edit'] = true; +$wgCaptchaTriggers['create'] = true; +$wgCaptchaTriggers['addurl'] = true; +$wgCaptchaTriggers['createaccount'] = true; +$wgCaptchaTriggers['badlogin'] = false;
$wgRawHtml = false; $wgProto = "https"; {% if env == "staging" %} @@ -76,6 +82,7 @@ $wgMimeDetectorCommand= "file -bi"; #$wgGroupPermissions['user' ]['delete'] = true;
$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['skipcaptcha'] = true;
# HNP Can't manage the interwiki right... - Nigel $wgGroupPermissions['*']['interwiki'] = false;
+1 here also. Like pingou said, it looks fine and it's easy to revert if something bad happens.
Tim
On Mar 17, 2016 11:49, "Patrick Uiterwijk" puiterwijk@redhat.com wrote:
Hi,
Per request of Adam Williamsion (discussion about ticket #5140), I would like to disable captchas for logged in people. At the same time, I'm also disabling the on-login captcha that stopped the spam cleanup script from working at times of heavy spam.
I am unclear on what you mean. Does this mean that a person logged in can write to the wiki after they created an account if they log in
Could I get +1s, or would people suggest to wait with this? _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraprojec...
Per request of Adam Williamsion (discussion about ticket #5140), I would like to disable captchas for logged in people. At the same time, I'm also disabling the on-login captcha that stopped the spam cleanup script from working at times of heavy spam.
I am unclear on what you mean. Does this mean that a person logged in can write to the wiki after they created an account if they log in
This means that logged in people (we only allow login via FAS) won't get a captcha. This is needed for Adam's bots as the API captcha's aren't very stable.
The other one (on-login captcha) is a captcha that the plugin sometimes enabled if it saw a lot of failed login attempts for all logins. So when the spammers are trying to login a lot, they trigger this system, which means that all API logins are rejected.
+1
Thank you for clearing up my confusion.
On 17 March 2016 at 13:22, Patrick Uiterwijk puiterwijk@redhat.com wrote:
Per request of Adam Williamsion (discussion about ticket #5140), I would like to disable captchas for logged in people. At the same time, I'm also disabling the on-login captcha that stopped the spam cleanup script from working at times of heavy spam.
I am unclear on what you mean. Does this mean that a person logged in can write to the wiki after they created an account if they log in
This means that logged in people (we only allow login via FAS) won't get a captcha. This is needed for Adam's bots as the API captcha's aren't very stable.
The other one (on-login captcha) is a captcha that the plugin sometimes enabled if it saw a lot of failed login attempts for all logins. So when the spammers are trying to login a lot, they trigger this system, which means that all API logins are rejected. _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraprojec...
infrastructure@lists.fedoraproject.org