Add a CAPTCHA check during registration #460

nmattia · 2021-11-22T16:50:27Z

This adds a CAPTCHA check during the registration flow. More precisely, the user now has to call the (new) method create_challenge that returns a CAPTCHA-style challenge (image and key) and register takes some extra parameters (the chars supposedly shown in the image, and the key). This involved some changes, in this repo and in others:

Adapt the CAPTCHA library for it to use the IC's randomness: Allow setting Rng daniel-e/captcha#15,
Update the png library used by the CAPTCHA library to build on wasm32-unknown-unknown: Add wasm32 implementation for libc kornelski/lodepng-rust#51,
Added create_challenge : () -> (Challenge); with the corresponding "challenge" types:

type Challenge = record {
    png_base64: text;
    challenge_key: ChallengeKey;
};
type ChallengeKey = nat32;
type ChallengeResult = record {
    key : ChallengeKey;
    chars : text;
};

... as well as an extra argument to register: register : (DeviceData, ProofOfWork, ChallengeResult) -> (RegisterResponse);,
A change of flow in the register frontend flow: the confirmation screen now shows a CAPTCHA,
The backend-tests were updated to accommodate the new create_challenge() call.
The rust build now has a dummy_captcha feature (enabled in selenium tests and backend-tests) which makes sure the CAPTCHA challenges expect a known value ("a"). This should of course NEVER be used in production, hence is opt-in.

This also led to some helpful, though not absolutely necessary changes for backend-tests:

Fixed build failure after freezing cabal: Set lower bound on aeson ic-hs#58
Update haskell-candid to (finally) accept our candid file: Ignore init arguments nomeata/haskell-candid#17

TODOs:

Add backend-tests for CAPTCHA failure and "too many challenges inflight" Add backend tests for CAPTCHA #468
Add selenium tests for CAPTCHA retry (i.e. auth device was created but CAPTCHA challenge failed -> only the CAPTCHA is reloaded)
~~Add PoW to create_challenge~~
~~Differentiate a "bad captcha" error from an actual canister, unexpected error.~~
~~Make the challenge key a string~~

.github/workflows/backend-tests.yml

src/frontend/src/styles/main.css

src/internet_identity/src/main.rs

nmattia · 2021-11-26T16:17:38Z

Sorry about the size of this beast :(

src/frontend/src/flows/confirmRegister.ts

src/internet_identity/src/main.rs

backend-tests/backend-tests.hs

src/frontend/src/flows/loginUnknown.ts

src/internet_identity/Cargo.toml

bitdivine

LGTM, thanks!

backend-tests/README.md

nmattia force-pushed the nm-captcha-rebased branch 3 times, most recently from 66bc39b to 1174d67 Compare November 23, 2021 14:43

nmattia changed the title ~~rebase captcha~~ Add a CAPTCHA check during registration Nov 23, 2021

nmattia marked this pull request as ready for review November 23, 2021 16:41

nmattia requested a review from bitdivine November 23, 2021 16:41

bitdivine reviewed Nov 25, 2021

View reviewed changes

nmattia force-pushed the nm-captcha-rebased branch 2 times, most recently from e1f230f to ceb5295 Compare November 26, 2021 16:08

nmattia requested review from bitdivine, roman-kashitsyn and frederikrothenberger November 26, 2021 16:16

frederikrothenberger reviewed Nov 29, 2021

View reviewed changes

This was referenced Nov 29, 2021

Add backend tests for CAPTCHA #468

Open

Limit CAPTCHA chars to characters that aren't ambiguous #469

Open

Clarify BAD Captcha error message #470

Open

frederikrothenberger approved these changes Nov 29, 2021

View reviewed changes

nmattia force-pushed the nm-captcha-rebased branch from 6eb7b23 to 4bf0b3c Compare November 29, 2021 14:59

bitdivine approved these changes Nov 29, 2021

View reviewed changes

backend-tests/README.md Outdated Show resolved Hide resolved

nmattia force-pushed the nm-captcha-rebased branch 2 times, most recently from 79096ff to d258415 Compare December 3, 2021 09:44

nmattia added 8 commits December 6, 2021 15:00

Pull in captcha lib

8d1eb8a

wip

e95cef8

Seed captcha with raw_rand

d569f46

wip

4738a41

Add backend code for generating captcha challenges

028f293

Add frontend flow for captcha

5de6f18

Remove StaticRng

9a7dd24

Small renaming

67ba405

nmattia added 26 commits December 6, 2021 15:00

Add some TODOs

bfae49f

Update lodepng-rust

87a6b34

Clean up backend-tests

3353904

Rename CaptchaResponse

678f75a

Clean up frontend code more

d0ee991

Improve CAPTCHA trap messages

4a32f63

Move ProofOfWork to create_challenge

a9a163f

Make ChallengeKey a string

8a65e6c

Show error if captcha is wrong

e982c9e

Remove leftover

a239453

Return 'BadChallenge' on bad CAPTCHA

7e814a2

Post rebase fix

835d667

Clean up

636ad73

Add about USE_DUMMY_BUILD in backend tests

ca3b601

Remove fake comment

d6b458f

Bump number of inflight challenges to 500

499cc36

Clarify error message

1ac9466

Remove old logs

e2ea0fc

Link to tickets for updating libs

025d50f

Update lodepng-rust

e4c4139

Disable selenium tests to populate GH cache

e8c3df2

Re-enable tests

2754e6b

Wait for enabled captchaInput

740cc63

Bump CAPTCHA timeout

cba2298

Clarify USE_DUMMY_CAPTCHA usage

2ad96f7

Request CAPTCHA during Identity creation

8171f11

nmattia force-pushed the nm-captcha-rebased branch from d258415 to 8171f11 Compare December 6, 2021 14:00

Add metric for inflight challenges

46de558

nmattia merged commit 504649d into main Dec 6, 2021

nmattia deleted the nm-captcha-rebased branch December 6, 2021 15:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a CAPTCHA check during registration #460

Add a CAPTCHA check during registration #460

nmattia commented Nov 22, 2021 •

edited

Loading

nmattia commented Nov 26, 2021

bitdivine left a comment

Add a CAPTCHA check during registration #460

Add a CAPTCHA check during registration #460

Conversation

nmattia commented Nov 22, 2021 • edited Loading

nmattia commented Nov 26, 2021

bitdivine left a comment

Choose a reason for hiding this comment

nmattia commented Nov 22, 2021 •

edited

Loading