I wrote about setting up trac for anonymous ticket creation here.
I upgraded to trac 1.0.1 and lost TracSpamFilter functionality. This post is about getting it working again. It also includes some warnings if you are using https.
Trac seems to be in motion and sometimes figuring out the latest “right” way to do something is confusing. To start, look at the default plugins in the base installation. Log in as admin and select the plugins page. Then click the arrow next to the [Trac ###] item to see available plugins.
TracSpamFilter is not there, it appears we’ll have to specifically (re-)install as a plugin. But that’s easy:
And it looks like all my configuration was left intact, whew. Weird that the plugin went away.
Recheck all your configuration settings under the Admin page’s Spam Filtering link. You should also only enable the parts you need, by hitting the sideways dropdown arrow next to TracSpamFilter under the Admin plugins page. Read more here.
Time to test! Testing requires that you set your spam filter scoring so that you know it will trigger a capture, log out, create a new ticket, and hit submit. Only then will trac check your request to see if it is spam. When I tested things out, the need for a capture was properly identified during ticket creation, and the ticket was reloaded under the /capture url.
But the capture failed to be displayed.
So I turned on debugging by adding this to trac.ini (WARNING: trac will resave the trac.ini file stripping out any comments, boo):
# MDM This places the log in /var/lib/trac/sites/mysite/log
log_file = trac.log
log_level = INFO
log_type = file
And here’s what I saw…
2013-04-25 14:40:39,070 Trac[env] INFO: Reloading environment due to configuration change
2013-04-25 14:40:42,478 Trac[env] INFO: -------------------------------- environment startup [Trac 1.0.1] --------------------------------
2013-04-25 14:40:42,514 Trac[env] WARNING: base_url option not set in configuration, generated links may be incorrect
2013-04-25 14:40:42,765 Trac[api] WARNING: Unable to find repository '(default)' for synchronization
Does any of that matter? I headed to irc, posted questions… and got nothing over two days of waiting. Let’s go back and analyze the what we’re seeing. Viewing the source revealed that I was getting the captcha code in the html! Good deal. Hitting F12 in google chrome gives you a nice set of tools ripped from the heart of Firefox’s Firebug. After poking around some, I realized that both the recaptcha and keycaptcha code snippets were using http, not https. Chrome is a bitch about this type of stuff. And after firing up Firefox and finding that everything worked fine, I confirmed that it was to blame. You suck, chrome! You can’t introduce new rules, even if they’re good, that break 50% of the web. Well, I can’t really argue, https should be https. But in this case, I can’t even figure out where the plugin code is to fix it. No time this time. So for now, I’m falling back to the “Expression Captcha”, which sucks but is embedded in trac and therefore works everywhere.
I’ll have to revisit this again, when I have time, to get trac to use https in its captcha code snippets. Or, with no irc response, is it time to move from trac to something else?