Add CAPTCHA to FOSSY track proposals form

TODO.md

@@ -1,5 +1,6 @@
 # To-do
 
+* rate limiting to prevent abuse - especially on POST requests
 * consider removing `events` and `worldmap` modules
 * ask Denver about why so many license files
 

conservancy/fossy/forms.py

@@ -1,9 +1,12 @@
+from captcha.fields import CaptchaField
 from django import forms
 
 from .models import CommunityTrackProposal
 
 
 class CommunityTrackProposalForm(forms.ModelForm):
+    captcha = CaptchaField()
+
     class Meta:
         model = CommunityTrackProposal
         exclude = []

conservancy/settings/base.py

@@ -93,6 +93,7 @@ INSTALLED_APPS = [
     'conservancy.fossy',
     'conservancy.podjango',
     'conservancy.usethesource.apps.UseTheSourceConfig',
+    'captcha',
 ]
 
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'

conservancy/settings/prod.py

@@ -40,3 +40,6 @@ SESSION_COOKIE_SECURE = True
 
 STRIPE_API_KEY = get_secret(secrets, 'STRIPE_API_KEY')
 STRIPE_ENDPOINT_SECRET = get_secret(secrets, 'STRIPE_ENDPOINT_SECRET')
+
+CAPTCHA_FLITE_PATH = '/usr/bin/flite'
+CAPTCHA_SOX_PATH = '/usr/bin/sox'

conservancy/urls.py

@@ -61,6 +61,8 @@ urlpatterns = [
     re_path(r'^privacy-policy/', views.content),
     re_path(r'^projects/', views.content),
     re_path(r'^sustainer/', views.content),
+
+    path('captcha/', include('captcha.urls')),
 ]
 
 # Serve uploaded media. Works only when DEBUG == True. Using '/media/'

deploy/install.yml

@@ -130,6 +130,10 @@
        apt:
          name: build-essential,python3-dev,libffi-dev
 
+     - name: Install flite and sox for CAPTCHA text-to-speech
+       apt:
+         name: flite, sox
+
      - name: Security settings
        apt:
          name: fail2ban

requirements.txt

@@ -6,3 +6,4 @@ stripe
 beautifulsoup4==4.11.2
 html5lib==1.1
 Pillow==9.4.0
+django-simple-captcha==0.6.0