@serenafang You agreed to start looking into this one, so assigning it to you. Please let me know if you have any questions, or need help with anything! Thanks!
@cwoolley-gitlab ~"group::access" has been prioritizing security and rapid action items with not much bandwidth for product, and there's been little progress on this issue. This is up next for me, apologies for pushing this back so much
@mushakov Would you still be the DRI for Captcha, or will this belong to @ogolowinski?
In general, when I first started looking at the CAPTCHA code at the end of last year, it was very complex and confusing, with a lot of technical debt, on the backend and frontend. It took me a couple of weeks just to understand what was going on and how I would go about adding support to a new area like snippets.
So, (after discussion and validation with multiple people), it was decided that it was best to do a series of refactorings to make it simpler and easier to work with. This also built upon previous cleanup by others in the past, and other people have helped with it this year.
The goal was to allow spam protection and CAPTCHA to be added to new areas of the app with just a few lines of code on the frontend and backend, with few changes needed to existing code, and minimal risk of regression.
And this is important, because there are many areas of the app which currently do not have spam/captcha protection, but we may potentially want to add it - and to perhaps add quickly if there are new ongoing spam attacks against new areas of the app.
We've made a lot of great progress on all of that, and the remaining refactorings that @serenafang and I are working on (including this issue) are the culmination of that work.