Skip to content
Snippets Groups Projects
Verified Commit 048167d6 authored by Christian Heusel's avatar Christian Heusel :rocket:
Browse files

archwiki: Switch captcha to time-based method


Up until now the captcha has depended on the exact output of the pacman
version command which could lead to multiple problematic scenarios:

    a) User uses testing repos (user pacman newer)
    b) Server is not instantly updated (user pacman newer)
    c) User system is not updated (user pacman older)

Circumvent this problem by switching to a time based captcha instead.

Signed-off-by: default avatarChristian Heusel <christian@heusel.eu>
parent 5909800f
No related branches found
No related tags found
1 merge request!808archwiki: Switch captcha to time-based method
Pipeline #93374 passed
......@@ -107,6 +107,7 @@
- archwiki-prune-cache.service
- archwiki-prune-cache.timer
- archwiki-question-updater.service
- archwiki-question-updater.timer
- name: Start and enable archwiki timers and services
systemd:
......@@ -118,6 +119,7 @@
- archwiki-runjobs.timer
- archwiki-prune-cache.timer
- archwiki-runjobs-wait.service
- archwiki-question-updater.timer
- name: Create question answer file
systemd:
......@@ -127,9 +129,3 @@
- name: Ensure question answer file exists and set permissions
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
- name: Create pacman.d hooks dir
file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
- name: Install archwiki question updater hook
template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
......@@ -421,7 +421,7 @@ $wgCaptchaTriggers['addurl'] = false;
$wgCaptchaTriggers['createaccount'] = true;
$wgCaptchaTriggers['badlogin'] = true;
$wgCaptchaQuestions = [
'What is the output of: <code>pacman -V|base32|head -1</code>' => trim(file_get_contents("{{ archwiki_question_answer_file }}"))
'What is the output of: <code>LC_ALL=C pacman -V|sed -r "s#[0-9]+#$(date -u +%m)#g"|base32|head -1</code>' => trim(file_get_contents("{{ archwiki_question_answer_file }}"))
];
# Restrict expensive actions to logged in users
......
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = pacman
[Action]
When = PostTransaction
Exec = /usr/bin/systemctl start archwiki-question-updater.service
......@@ -3,4 +3,5 @@ Description=Update Archwiki pacman question answer
[Service]
Type=oneshot
ExecStart=/bin/bash -c 'pacman -V|base32|head -1 > "{{archwiki_question_answer_file}}"'
# %% is needed here to escape systemd's own templating
ExecStart=/bin/bash -c 'LC_ALL=C pacman -V|sed -r "s#[0-9]+#$(date -u +%%m)#g"|base32|head -1 > "{{archwiki_question_answer_file}}"'
[Unit]
Description=Monthly Timer to update the Archwiki pacman question
[Timer]
OnCalendar=*-*-1 00:00:00
Persistent=true
[Install]
WantedBy=timers.target
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment