Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53368

Captcha available on login page

    XMLWordPrintable

Details

    • MOODLE_30_STABLE, MOODLE_311_STABLE, MOODLE_33_STABLE, MOODLE_400_STABLE, MOODLE_403_STABLE
    • MOODLE_403_STABLE
    • MDL-53368-master-3
    • Hide

      Initial setup:

      1. Follow https://www.google.com/recaptcha/about/ to get the reCaptcha site key and reCaptcha secret key. (Or ping Huong if you cannot create one)
      2. Please be noted that Moodle only supports v2 reCaptcha, so you will need to choose v2 instead of v3.
      3. Create a student account called student1.
      4. Login as admin.
      5. Navigate to Home.
      6. Turn on the edit mode.
      7. Add block Login to the block side region.

      Testing 1:

      1. Login as admin.
      2. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton.
      3. Verify that you will see a new setting called "Enable reCAPTCHA for login" in the Common settings section.
      4. Verify that the short name of the setting is: enableloginrecaptcha.
      5. Verify that the default value is No.

      Testing 2:

      1. Login as admin.
      2. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton.
      3. Set the "Enable reCAPTCHA for login" to Yes.
      4. Make sure that the ReCAPTCHA site key and ReCAPTCHA secret key are blank.
      5. Save changes.
      6. Log out.
      7. Navigate to the home page and click Log in link.
      8. Verify that you will not see the reCaptcha element.
      9. Verify that you can log in successfully.

      Testing 3:

      1. Login as admin.
      2. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton.
      3. Fill in the ReCAPTCHA site key and ReCAPTCHA secret key.
      4. Save changes.
      5. Log out.
      6. Navigate to the home page and click Log in link.
      7. Verify that you will see the reCaptcha element.
      8. Fill in the username and password and leave the reCaptcha as is.
      9. Click the Login button.
      10. Verify that you cannot log in.
      11. Verify that you will see a message: Failed reCAPTCHA challenge, try again.
      12. Fill in the username and password again.
      13. Click on the reCaptcha and try to solve it. (Until you get the green tick).
      14. Click the Login button.
      15. Verify that you can log in successfully.

      Testing 4:

      1. Login as admin.
      2. Navigate to Site Administration > Users > Browse list of users.
      3. Click on the "Edit" icon for newly created student account called student1.
      4. Check on the Force password change checkbox.
      5. Click the Update profile button.
      6. Logout.
      7. Login as student1.
      8. Verify that you will see the Password change page.
      9. Verify that you can change the password normally.
      10. Logout.

      Testing 5:

      1. Navigate to the home page and expand the block drawer.
      2. Verify that you will see the Login block.
      3. Verify that you will see the reCaptcha element in compact mode (Smaller than normal).
      4. Fill in the username and password and leave the reCaptcha as is.
      5. Click the Login button.
      6. Verify that you cannot log in.
      7. Verify that you will see a message: Failed reCAPTCHA challenge, try again.
      8. Fill in the username and password again.
      9. Click on the reCaptcha and try to solve it. (Until you get the green tick).
      10. Click the Login button.
      11. Verify that you can log in successfully.

      Testing 6:

      1. Login as admin.
      2. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton.
      3. Set the "Enable reCAPTCHA for login" to No.
      4. Save changes.
      5. Log out.
      6. Navigate to the home page and click Log in link.
      7. Verify that you will not see the reCaptcha element.
      8. Verify that you can log in successfully.

       

      Show
      Initial setup: Follow https://www.google.com/recaptcha/about/ to get the reCaptcha site key and reCaptcha secret key. (Or ping Huong if you cannot create one) Please be noted that Moodle only supports v2 reCaptcha, so you will need to choose v2 instead of v3. Create a student account called student1. Login as admin. Navigate to Home. Turn on the edit mode. Add block Login to the block side region. Testing 1: Login as admin. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton. Verify that you will see a new setting called "Enable reCAPTCHA for login" in the Common settings section. Verify that the short name of the setting is: enableloginrecaptcha . Verify that the default value is No . Testing 2: Login as admin. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton. Set the " Enable reCAPTCHA for login " to Yes . Make sure that the ReCAPTCHA site key and ReCAPTCHA secret key are blank . Save changes. Log out. Navigate to the home page and click Log in link. Verify that you will not see the reCaptcha element. Verify that you can log in successfully. Testing 3: Login as admin. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton. Fill in the ReCAPTCHA site key and ReCAPTCHA secret key . Save changes. Log out. Navigate to the home page and click Log in link. Verify that you will see the reCaptcha element. Fill in the username and password and leave the reCaptcha as is. Click the Login button. Verify that you cannot log in. Verify that you will see a message: Failed reCAPTCHA challenge, try again. Fill in the username and password again. Click on the reCaptcha and try to solve it. (Until you get the green tick). Click the Login button. Verify that you can log in successfully. Testing 4: Login as admin. Navigate to Site Administration > Users > Browse list of users. Click on the "Edit" icon for newly created student account called student1. Check on the Force password change checkbox. Click the Update profile button. Logout. Login as student1. Verify that you will see the Password change page. Verify that you can change the password normally. Logout. Testing 5: Navigate to the home page and expand the block drawer. Verify that you will see the Login block. Verify that you will see the reCaptcha element in compact mode (Smaller than normal). Fill in the username and password and leave the reCaptcha as is. Click the Login button. Verify that you cannot log in. Verify that you will see a message: Failed reCAPTCHA challenge, try again. Fill in the username and password again. Click on the reCaptcha and try to solve it. (Until you get the green tick). Click the Login button. Verify that you can log in successfully. Testing 6: Login as admin. Navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton. Set the " Enable reCAPTCHA for login " to No . Save changes. Log out. Navigate to the home page and click Log in link. Verify that you will not see the reCaptcha element. Verify that you can log in successfully.  
    • 6
    • Team Hedgehog 2023 Sprint 2.1, Team Hedgehog 2023 Sprint 2.2, Team Hedgehog 2023 Sprint 2.3, Team Hedgehog 2023 Review 2, Team Hedgehog 2023 Sprint 3.1

    Description

      This issue is to add a (re)captcha to the login page for auth methods that log into Moodle LMS using username and password.

      Having a captcha on the login page will add an extra layer of protection against user account brute force attacks and bot logins. This functionality will also bring the login form in line with the self signup form and site contact forms where captcha is already enabled.

      GDPR note: because of the way that the Google APIs work for captcha's this functionality is unlikely to be GDPR compliant. However, it is opt in functionality for jurisdictions that captcha functionality is allowed. As well as being opt in, for the functionality to operate, admins also need to sign up for the Google service and enter API keys into Moodle LMS. Because of this enabling this functionality is a quite deliberate action.

      Original reporter comments

      Thanks for the much needed help !! But here again i am with another set of problems, the issue being faced is that of implementing captcha in the login screen (i.e. when a user logs into the moodle ). I have explored the use of captcha in the sign-up form,is there a way to implement captcha in index page as well??
      Could you please refer to forum post at https://moodle.org/mod/forum/discuss.php?d=205825 and help us out ????

      Attachments

        1. login.php
          1 kB
        2. recaptcha_login.png
          recaptcha_login.png
          79 kB
        3. error_when_logging_in_without_performing_recaptcha.png
          error_when_logging_in_without_performing_recaptcha.png
          46 kB
        4. disabled-recaptcha-log-in-normal.png
          disabled-recaptcha-log-in-normal.png
          26 kB
        5. no-recaptcha-when-blank.png
          no-recaptcha-when-blank.png
          61 kB
        6. password-change.png
          password-change.png
          52 kB
        7. site-admin-recaptcha.png
          site-admin-recaptcha.png
          28 kB
        8. fail-recaptcha-when-unchecked.png
          fail-recaptcha-when-unchecked.png
          81 kB
        9. recaptcha-visible.png
          recaptcha-visible.png
          91 kB
        10. success-log-in-block.png
          success-log-in-block.png
          99 kB
        11. unable-to-log-in-block.png
          unable-to-log-in-block.png
          149 kB
        12. MDL-53368-testing-1.png
          MDL-53368-testing-1.png
          212 kB
        13. MDL-53368-testing-3.png
          MDL-53368-testing-3.png
          365 kB
        14. MDL-53368-testing-4.png
          MDL-53368-testing-4.png
          299 kB
        15. MDL-53368-testing-2.png
          MDL-53368-testing-2.png
          444 kB
        16. MDL-53368-testing-5.png
          MDL-53368-testing-5.png
          659 kB
        17. MDL-53368-testing-6.png
          MDL-53368-testing-6.png
          511 kB

        Issue Links

          Activity

            People

              huongn@moodle.com Huong Nguyen
              hyaa hya agrawal
              David Woloszyn David Woloszyn
              Jun Pataleta Jun Pataleta
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              14 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 1 day, 1 hour, 4 minutes
                  1w 1d 1h 4m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.