From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 11 Jan 2023 10:33:14 +0000 (+0000)
Subject: accounts: Drop StopForumSpam
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a1b510ddcc2971ded7da7fd14381ccab8803fda;hp=fe3431fbad0bd1fca8e95aa8985b34dc32a60473;p=ipfire.org.git

accounts: Drop StopForumSpam

This service seems to have a lot of false positives and probably makes
us non-GDPR-compliant.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/Makefile.am b/Makefile.am
index 8ca1267a..d30de3ab 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -117,7 +117,6 @@ templates_auth_DATA = \
 	src/templates/auth/password-reset-initiation.html \
 	src/templates/auth/password-reset-successful.html \
 	src/templates/auth/register.html \
-	src/templates/auth/register-spam.html \
 	src/templates/auth/register-success.html
 
 templates_authdir = $(templatesdir)/auth
diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 54987230..7d89e672 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -404,14 +404,6 @@ class Accounts(Object):
 
 		return res.c or 0
 
-	async def check_spam(self, email, address):
-		sfs = StopForumSpam(self.backend, email, address)
-
-		# Get spam score
-		score = await sfs.check()
-
-		return score >= 50
-
 	def auth(self, username, password):
 		# Find account
 		account = self.backend.accounts.find_account(username)
@@ -1207,66 +1199,6 @@ class Account(LDAPObject):
 	)
 
 
-class StopForumSpam(Object):
-	def init(self, email, address):
-		self.email, self.address = email, address
-
-	async def send_request(self, **kwargs):
-		arguments = {
-			"json" : "1",
-		}
-		arguments.update(kwargs)
-
-		# Create request
-		request = tornado.httpclient.HTTPRequest(
-			"https://api.stopforumspam.org/api", method="POST",
-			connect_timeout=2, request_timeout=5)
-		request.body = urllib.parse.urlencode(arguments)
-
-		# Send the request
-		response = await self.backend.http_client.fetch(request)
-
-		# Decode the JSON response
-		return json.loads(response.body.decode())
-
-	async def check_address(self):
-		response = await self.send_request(ip=self.address)
-
-		try:
-			confidence = response["ip"]["confidence"]
-		except KeyError:
-			confidence = 100
-
-		logging.debug("Confidence for %s: %s" % (self.address, confidence))
-
-		return confidence
-
-	async def check_email(self):
-		response = await self.send_request(email=self.email)
-
-		try:
-			confidence = response["email"]["confidence"]
-		except KeyError:
-			confidence = 100
-
-		logging.debug("Confidence for %s: %s" % (self.email, confidence))
-
-		return confidence
-
-	async def check(self, threshold=95):
-		"""
-			This function tries to detect if we have a spammer.
-
-			To honour the privacy of our users, we only send the IP
-			address and username and if those are on the database, we
-			will send the email address as well.
-		"""
-		confidences = [await self.check_address(), await self.check_email()]
-
-		# Build a score based on the lowest confidence
-		return 100 - min(confidences)
-
-
 class Groups(Object):
 	hidden_groups = (
 		"cn=LDAP Read Only,ou=Group,dc=ipfire,dc=org",
diff --git a/src/backend/base.py b/src/backend/base.py
index 00497a29..f85b5ad6 100644
--- a/src/backend/base.py
+++ b/src/backend/base.py
@@ -134,7 +134,6 @@ class Backend(object):
 		tasks = {
 			"announce-blog-posts" : self.blog.announce,
 			"check-mirrors"       : self.mirrors.check_all,
-			"check-spam"          : self.accounts.check_spam,
 			"cleanup"             : self.cleanup,
 			"get-all-emails"      : self.accounts.get_all_emails,
 			"launch-campaigns"    : self.campaigns.launch_manually,
diff --git a/src/templates/auth/register-spam.html b/src/templates/auth/register-spam.html
deleted file mode 100644
index 6b44690d..00000000
--- a/src/templates/auth/register-spam.html
+++ /dev/null
@@ -1,20 +0,0 @@
-{% extends "../base.html" %}
-
-{% block title %}{{ _("Oops!") }}{% end block %}
-
-{% block content %}
-	<div class="row justify-content-center my-5">
-		<div class="col-12 col-md-6">
-			<div class="card bg-warning text-white p-md-5">
-				<div class="card-body text-center">
-					<span class="fas fa-exclamation fa-5x my-4"></span>
-
-					<p class="lead">
-						{{ _("Unfortunately we could not create your account because you have shown up on our spam radar.") }}
-						{{ _("Please get in touch if you think that this is an error.") }}
-					</p>
-				</div>
-			</div>
-		</div>
-	</div>
-{% end block %}
diff --git a/src/web/auth.py b/src/web/auth.py
index d633a94b..7b3c30b8 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -98,14 +98,6 @@ class RegisterHandler(CacheMixin, base.BaseHandler):
 		first_name = self.get_argument("first_name")
 		last_name  = self.get_argument("last_name")
 
-		# Check if this is a spam account
-		is_spam = await self.backend.accounts.check_spam(email,
-			address=self.get_remote_ip())
-
-		if is_spam:
-			self.render("auth/register-spam.html")
-			return
-
 		# Register account
 		try:
 			with self.db.transaction():