Replace reCAPTCHA with Altcha on API signup page

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

requirements.txt

@@ -28,10 +28,10 @@ decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
 Django==4.2.22
+django-altcha==0.2.0
 django-crispy-forms==2.3
 django-environ==0.11.2
 django-filter==24.3
-django-recaptcha==4.0.0
 django-widget-tweaks==1.5.0
 djangorestframework==3.15.2
 doc8==0.11.1

setup.cfg

@@ -102,8 +102,6 @@ install_requires =
     python-dotenv
     texttable
 
-    django-recaptcha>=4.0.0
-
 
 [options.extras_require]
 dev =

vulnerabilities/forms.py

@@ -11,8 +11,6 @@
 from django.contrib.admin.forms import AdminAuthenticationForm
 from django.core.validators import validate_email
 from django_altcha import AltchaField
-from django_recaptcha.fields import ReCaptchaField
-from django_recaptcha.widgets import ReCaptchaV2Checkbox
 
 from vulnerabilities.models import ApiUser
 
@@ -38,13 +36,9 @@ class VulnerabilitySearchForm(forms.Form):
 
 
 class ApiUserCreationForm(forms.ModelForm):
-    """
-    Support a simplified creation for API-only users directly from the UI.
-    """
+    """Support a simplified creation for API-only users directly from the UI."""
 
-    captcha = ReCaptchaField(
-        error_messages={"required": ("Captcha is required")}, widget=ReCaptchaV2Checkbox
-    )
+    captcha = AltchaField(floating=True)
 
     class Meta:
         model = ApiUser
@@ -103,6 +97,4 @@ class PipelineSchedulePackageForm(forms.Form):
 
 
 class AdminLoginForm(AdminAuthenticationForm):
-    captcha = AltchaField(
-        floating=True,
-    )
+    captcha = AltchaField(floating=True)

vulnerabilities/templates/admin_login.html

@@ -89,10 +89,8 @@
             <a href="{{ password_reset_url }}">{% translate 'Forgotten your password or username?' %}</a>
         </div>
         {% endif %}
-        <div class="field" style="padding-top: 1rem; text-align: center;">
-            <div class="control" style="display: inline-block;">
-                {{ form.captcha }}
-            </div>
+        <div class="field" style="padding-top: 0.5rem;">
+            {{ form.captcha }}
         </div>
         <div class="submit-row">
             <input type="submit" value="{% translate 'Log in' %}">

vulnerabilities/templates/api_user_creation_form.html

@@ -26,11 +26,13 @@
         </div>
         {% endif %}
       </div>
-    <h2 class="subtitle mb-0 pt-2 mb-2">
-      <b>VulnerableCode API key request</b>
-    </h2>
 
-    <section class="ml-2 mt-3 pr-4 pt-4 pl-4 pb-4 has-background-light has-border-radius">
+    <div class="content is-normal">
+      <h1 class="title is-4">VulnerableCode API Key Request</h1>
+      <hr />
+    </div>
+
+    <section class="mt-3 mx-6 px-4 py-4 has-background-light has-border-radius">
       <p class="pb-2">You need an <b>API key</b> to access the 
       <a href="{% url 'api-root' %}">VulnerableCode JSON REST API</a>.
       Please check the live <a href="{% url 'api_docs' %}"> OpenAPI documentation </a> 
@@ -41,17 +43,34 @@ <h2 class="subtitle mb-0 pt-2 mb-2">
     </section>
 
     <br/>
-        <form action = "" method = "post">
-            {% csrf_token %}
-            {% for field in form %}
-                <div class="field mt-2">
-                    <label class="label" for="{{ form.name.id_for_label }}">{{ field.label }}</label>
-                    <div class="control">
-                        {{ field }}
-                    </div>
+      <div class="columns is-centered">
+        <div class="column is-half">
+          <form method = "post">
+              {% csrf_token %}
+              <div class="field">
+                <div class="control">
+                  <input class="input" placeholder="Email" type="email" name="email" id="{{form.email.id_for_label}}"
+                  autofocus required >
                 </div>
-            {% endfor %}
-            <input class="button is-link mt-5" type="submit" value="Request my API Key">
-        </form>
+              </div>
+              <div class="field">
+                <div class="control">
+                  <input class="input" placeholder="First Name" type="text" name="first_name" id="{{form.first_name.id_for_label}}"
+                  autofocus required>
+                </div>
+              </div>
+              <div class="field">
+                <div class="control">
+                  <input class="input" placeholder="Last Name" type="text" name="last_name" id="{{form.last_name.id_for_label}}"
+                  autofocus required>
+                </div>
+              </div>
+              <div class="field">
+                {{ form.captcha }}
+              </div>
+              <input class="button is-link mt-5" type="submit" value="Request my API Key">
+          </form>
+        </div>
+      </div>
     </section>
 {% endblock %}

vulnerablecode/settings.py

@@ -83,21 +83,10 @@
     "drf_spectacular",
     # required for Django collectstatic discovery
     "drf_spectacular_sidecar",
-    "django_recaptcha",
     "django_rq",
     "django_altcha",
 )
 
-if env.str("RECAPTCHA_PUBLIC_KEY", None):
-    RECAPTCHA_PUBLIC_KEY = env.str("RECAPTCHA_PUBLIC_KEY")
-
-if env.str("RECAPTCHA_PRIVATE_KEY", None):
-    RECAPTCHA_PRIVATE_KEY = env.str("RECAPTCHA_PRIVATE_KEY")
-
-SILENCED_SYSTEM_CHECKS = ["django_recaptcha.recaptcha_test_key_error"]
-SILENCED_SYSTEM_CHECKS = ["django_recaptcha.recaptcha_test_key_error"]
-RECAPTCHA_DOMAIN = env.str("RECAPTCHA_DOMAIN", "www.recaptcha.net")
-
 
 MIDDLEWARE = (
     "django.middleware.security.SecurityMiddleware",