This week was my first as a regular TOPP employee, after having not been here since I was an intern last summer. The current plan is for me do a few rounds of rotations, pairing with folks for a week or so to get a taste for what they’re doing and (hopefully) contributing something helpful. After getting settled in a bit, I began my first such pairing with Jeff, working on adding CAPTCHA support to the new user registration page on Trac provided by the AccountManager plugin, per ticket #8.
Broadly speaking, there are two primary ways to tackle this problem. The first is to write a stand-alone plugin that implements the IRequestFilter and ITemplateStreamFilter interfaces. The second approach comes in two parts, the first of which is to modify the AccountManager plugin to provide a new extension point for making additions to the user registration page. The second part is to then write a plugin that implements this new interface to actually add the CAPTCHA to the form and then verify it is correct upon submission.
As an example of the first approach, I wrote a quick and dirty prototype, CaptchaAuth. To explore the second option, I wrote RegistrationConfirmationPatch to modify AccountManager to include a minor variation of the IRegistrationConfirmation interface suggested in ticket #8. I then wrote SimpleCaptcha to implement this interface and provide very basic CAPTCHA support.
As it stands, the pure plugin approach, CaptchaAuth, is a little hackish. While it does have the advantage of not requiring any modifications to AccountManager, it has some downsides. First, it relies on an XPath to grab on to the portion of the form to add the CAPTCHA to. This means that future changes to AccountManager could inadvertently break it. Second, error messages are poorly integrated, and as of now raise an ugly TracError instead of looking like other form validation errors on the page.
The RegistrationConfirmationPatch/SimpleCaptcha approach, on the other hand, has the downside of requiring modification to AccountManager, but does not have the other problems mentioned above. It also has the advantage that the patch provides a generalized interface that could be used to add any additional elements to the new user registration form. As an example, the same interface could be used for e-mail verification of new users.
I’ve e-mailed the Trac dev listserv to get to some input from the core developers and the community at large. Hopefully we’ll be able to work together to come up with a flexible and clean solution for allowing plugins to add form elements to the new user registration page.