Comments (4)
I think doing Google OAuth (for HKN emails only) + CalNet auth would be great because it then prevents the need for handling passwords along with preventing bots entirely.
That being said, I haven't worked with CalNet auth much, but ocfweb already uses it and I've worked with Google OAuth before and it's not terrible (although it is complicated), so I think that might be doable.
The captcha we are using on hkn.eecs.berkeley.edu currently doesn't seem very effective (we still get lots of bots signing up), maybe we aren't validating it correctly?
from hknweb.
Some recap from what we talked about today:
- Minimize bot accounts
a. This would be largely a signup page protection: some captcha code snippet to prevent account creation. - Make sure they can't access anything: require human (compserv / vp) approval for any site access.
a. Make finding bad accounts easy (bots)
b. Make finding good accounts easy (professors, candidates, TAs)
c. Make cleanup / deleting accounts easy (but not too easy: want some confirmation)
d. This would go under a separate/accounts/manage
page.
Since the signup page is still pending in #51, you can put off the actual implementation of 1) for now; part 2 should probably be implemented as part of the root hknweb accounts urls / views / models.
from hknweb.
After the merge, we should drop the recaptcha key into the secrets file from the Recaptcha admin console, with the hkn-ops account. I've made a separate key for the hknweb site.
https://www.google.com/recaptcha/admin
from hknweb.
Closed as per the previously linked PR
from hknweb.
Related Issues (20)
- Event deletion doesn't delete linked GCal event
- Using "conda" instead of Vagrant for M1 and Windows bugginess HOT 2
- Display Citadel logo in hkn-rails and hknweb
- Prodev only slots on hkn-rails tutor calendar HOT 2
- Provision Terence Neo Berkeley HKN accounts HOT 3
- Dynamic Solution to Upload and Display Company Logos HOT 1
- Automated Pip Dependency Version Checker
- "Upcoming" and "All" events filter is not discoverable on all RSVPs page
- Private events on "Upcoming Events" on the home page are visible while not logged in
- Event requirement calculation is suboptimal
- Revisit model field `max_length` properties
- Improve candidate account creation using bulk create
- Candidate account creation is case sensitive and fails on duplicate emails
- Test coverage not at 85% due to candidate account creation
- Events calendar width doesn't fit in parent
- Explore ability to upgrade Python to newer version
- Event Calendar as Endpoint, rather than HTML Injection
- Phantom event on google calendar HOT 3
- Event Calendar Clear Filters Bug
- Improve candidate account creation process HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hknweb.