Odoo Community Association

Privacy Friendly Captcha

Beta License: AGPL-3 OCA/website Translate me on Weblate Try me on Runboat

This module allows to use a Captcha System completly handled by Odoo.

It relies on Altcha (https://altcha.org), an OpenSource captcha alternative.

Table of contents

Use Cases / Context

Currently, Odoo provides 2 options:

  • Google Recaptcha relies on tracking of the user. It implies cookies
  • Cloudfare Turnstile relies on signals of the browser so it is less GDPR problematic. However, it relies on a third party infrastructure. The decision is made from a probabilistic perspective (likely a human)

With this new module, everything relies on our own system with no cookies, no tracking and no network calls.

The way to solve it is to add a deterministic puzzle to solve. Bots need to spend more CPU, making it costly at scale.

Configuration

Go to Configuration/Website, check “Enable Altcha” under “Privacy”. Some extra parameters will appear with all the ALTCHA information. This parameters are website dependent.

  • altcha_key: This key is made to create the challenge and review it later

Also, the system adds the option to use some extra parameters:

  • altcha_secret_key: Key used to use deterministic mode. Using it will make it faster from a server perspective.
  • altcha_algorithm: Algorithm used, by default PBKDF2/SHA-512, however, we can use:
    • Fast ones only for testing purposes: SHA-256, SHA-384, SHA-512
    • Good by default: PBKDF2/SHA-256, PBKDF2/SHA-384, PBKDF2/SHA-512
    • Memory Hard: SCRYPT. To be implemented
    • Memory Hard (it required argon2-cffi): ARGON2ID. To be implemented
  • altcha_timeout: Number of minutes that we will trust the key, by default 5
  • altcha_cost: Cost of the challenge. By default, 5000

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • Dixmit

Contributors

  • Dixmit
    • Enric Tobella
    • Luís David Rodríguez

Maintainers

This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/website project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.