[Mailman-Users] I have Google recaptcha V2 working on mailman 2.1.23

Runner runner at winning.com
Tue Dec 19 17:53:20 EST 2017

Previous message (by thread): [Mailman-Users] Rejecting all addresses from a particular domain ?
Next message (by thread): [Mailman-Users] Yahoo problems again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am running mailman version 2.1.23.  A while back I configured google’s recaptcha v1 on a mailman server to stop subscription abuse.  I used the instructions provided here: https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/

Google announced that recaptcha v1 will end sometime in March 2018.  I could not find any instructions for implementing recaptcha v2 with mailman so I took a deep dive into what was required.  I set up a test Ubuntu 16.04 server and figured it out.  I have no python programming experience so some aspects of this process do not follow best practices.  If any of you are experienced at python programming and you have the time, I would appreciate it if you would provide some guidance on how to improve these instructions.  There are two areas that need cleaning up.  The first one is how to install requisite python modules so they are all located in one nice neat location.  In my instructions below I had to add five sys.path.append statements so python could find the extra python modules. This is sloppy.  Second, I do not know how to reference a variable from inside a web page template where the variable is defined in mm_cfg.py.  For now I just hard coded it but it’s not elegant.  These two question are python issues and not really mailman issues.  

So, for those of you who are running mailman v 2.1.23 (or something close) and you want to enable Google recaptcha v2, here is what I did:

Environment
Ubuntu 16.04
Mailman 2.1.23
Python 2.7.12

*** Install prerequisite python modules ***
The server I tested with was a basic Ubuntu 16.04 install.  I had to manually install the following software:
sudo apt-get install python-dnspython
sudo apt-get install python-distutils-extra
sudo apt-get install python-setuptools
sudo apt-get install python-dev
sudo apt-get install build-essential
sudo apt-get install python-requests
Manually install these python modules using the command "python setup.py install" inside the source code directory:
orderedmultidict
furl
recaptcha2 ( available at https://pypi.python.org/pypi/recaptcha2/0.1 )



*** Modify the listinfo.html file located at MAILMAN_HOME/templates/en/listinfo.html (assuming you are using English) ***
Locate the </HEAD> tag and add this line above it:
<script src='https://www.google.com/recaptcha/api.js'></script>

Locate the <mm-digest-question-end> tag and add the following lines below it:
<tr>
    <td BGCOLOR="#dddddd">Please fill out the following captcha</td>
    <td><div class="g-recaptcha" data-sitekey="ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"></div></td>
</tr>

NOTE:  Use your own google public key for data-sitekey above.  The better way to do this would be to add your public key to mm_cfg.py and reference that variable inside this file.  When I have more  time I will figure out how to do this and update the directions.



*** Add your google recaptcha public and private keys to MAILMAN_HOME/Mailman/mm_cfg.py ***
Append them to the end of the file:
PUBLIC_KEY = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
PRIVATE_KEY = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"



*** Edit the file MAILMAN_HOME/Mailman/Cgi/subscribe.py ***
We are going to add three pieces of information to this file: 1) The paths to the additional python modules you installed 2) import commands for two modules and 3) the code to check the recaptcha result. 

Concerning item 1) I manually appended the location of all the modules using sys.path.append.  A better way to do this would be to install the modules in one directory where python can find them.  I've never worked with python before so I didn't know how to do this.  I will take some time later to figure this out and simplify the install instructions MAYBE.  In the file subscribe.py, locate the end of the paragraph that contains all the "from Mailman import" commands.  In version 2.1.23 this is line 34.  After line 34 add all the paths to the extra modules.  Here is what I had for my Ubuntu 16.04 server:

sys.path.append("/usr/local/lib/python2.7/dist-packages/recaptcha2-0.1-py2.7.egg")
sys.path.append("/usr/lib/python2.7/dist-packages")
sys.path.append("/usr/local/lib/python2.7/dist-packages/furl-1.0.1-py2.7.egg")
sys.path.append("/usr/local/lib/python2.7/dist-packages/orderedmultidict-0.7.11-py2.7.egg")
sys.path.append("/usr/lib/python2.7/dist-packages/requests-2.9.1.egg-info")

Concerning item 2) immediately after the sys.path.append lines you just added, add these import commands:
import requests
import recaptcha2

Concerning item 3) this is the last step.  Locate the line that reads "# Was an attempt made to subscribe the list to itself?"  This should be somewhere around line 188 assuming you've added the above lines already.  Directly above this line add the following code:

# Google recaptcha v2
captcha_result = recaptcha2.verify(
    mm_cfg.SECRET_KEY,
    cgidata.getvalue('g-recaptcha-response', ""),
    os.environ.get('REMOTE_ADDR')
)
if not captcha_result['success']:
    results.append(_('Invalid captcha'))

That’s all.  I have tested this in a development environment and it appears to work as expected.

Previous message (by thread): [Mailman-Users] Rejecting all addresses from a particular domain ?
Next message (by thread): [Mailman-Users] Yahoo problems again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Mailman-Users mailing list