✨ Add captcha to registration form

[matusdrobuliak66]

What do these changes do?

• ✨ Add captcha to registration form
• ✨ Frontend:
  • Captcha image is requested when the users moves to the Request Account view
  • When tapping on it, a new captcha challenge will be requested to backend (sometimes it's not easy to guess it even for humans)
  • When failing, a new challenge will be requested

Related issue/s

• closes UI: add recaptcha challenge in the request account to avoid spam and abuse #5015
• closes 2FA Improvements osparc-issues#1315

How to test

Dev-ops checklist

• No ENV changes or I properly updated ENV (read the instruction)

[codecov]

Codecov Report

Attention: Patch coverage is 60.00000% with 12 lines in your changes are missing coverage. Please review.

Project coverage is 84.0%. Comparing base (cafbf96) to head (ea3b87f).
Report is 140 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##           master   #5698      +/-   ##
=========================================
- Coverage    84.5%   84.0%    -0.6%     
=========================================
  Files          10    1127    +1117     
  Lines         214   49968   +49754     
  Branches       25     555     +530     
=========================================
+ Hits          181   41989   +41808     
- Misses         23    7858    +7835     
- Partials       10     121     +111     

Flag	Coverage Δ
integrationtests	63.9% <44.8%> (?)
unittests	85.6% <60.0%> (+1.0%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
...y/src/models_library/api_schemas_webserver/auth.py	100.0% <100.0%> (ø)
.../src/simcore_service_webserver/login/_constants.py	100.0% <100.0%> (ø)
..._service_webserver/login/_registration_handlers.py	93.1% <66.6%> (ø)
...mcore_service_webserver/login/_registration_api.py	71.1% <41.6%> (ø)

... and 1124 files with indirect coverage changes

[odeimaiz]

Very nice 👍

[pcrespov]

Looks great! Added some suggestions on the backend

Regarding the front-end:

1. UX: Add some instruction to indicate that clicking the image regenerates the code
2. UI: is there a way to make more space and fit the entire form in a single page? e.g. reducing the fonts or increasing the width?

[sanderegg]

So I guess the get_session is per user right? otherwise I was wondering how that would work multi-user.
2nd question, if I make a locust that runs the get /auth/captcha, can I break the webserver by making it use a shitload of memory?

[GitHK]

looks nice to me. some minor things

[bisgaard-itis]

Very cool! Thanks a lot

[matusdrobuliak66]

So I guess the get_session is per user right? otherwise I was wondering how that would work multi-user. 2nd question, if I make a locust that runs the get /auth/captcha, can I break the webserver by making it use a shitload of memory?

1. Yes, its per request session
2. For now I reused the global_rate_limit_route therefore we have some additional level of protection. But you are right this GET captcha goes a bit against what it is trying to solve. But at least the bots would not spam us with emails now :)

[odeimaiz]

1. UX: Add some instruction to indicate that clicking the image regenerates the code
2. UI: is there a way to make more space and fit the entire form in a single page? e.g. reducing the fonts or increasing the width?

I added a reload button, with that we avoid adding more text to an already busy form.

Regarding the single page, the font is already small, so the only solution I see is to go for a wider and 3 columns form... not a big fun of that solution. Also, this was "designed" by the people on the 3rd floor, so it might trigger more meetings...

[jsaq007]

Looks good 👍 I just wonder if the image is a little cut off could it cause issue for a user if their resolution is higher?

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud