settings: Enable Altcha in development if on localhost.

We only do this on localhost, because users of remote development servers will run afoul of "Secure context is required"[^1]. [^1]: https://altcha.org/docs/troubleshooting/#secure-context
2025-10-23 04:52:12 +00:00 · 2025-07-25 17:53:55 +00:00
parent 74675fae94
commit fd390b9eb1
2 changed files with 8 additions and 0 deletions
--- a/scripts/setup/generate_secrets.py
+++ b/scripts/setup/generate_secrets.py
@@ -128,6 +128,10 @@ def generate_secrets(development: bool = False) -> None:
    if need_secret("camo_key"):
        add_secret("camo_key", random_string(64))

+    # We enable Altcha in development
+    if development and need_secret("altcha_hmac"):
+        add_secret("altcha_hmac", random_token())
+
    if not development:
        # The memcached_password and redis_password secrets are only
        # required/relevant in production.
--- a/zproject/dev_settings.py
+++ b/zproject/dev_settings.py
@@ -220,6 +220,10 @@ RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS = 5
 # See: https://zulip.readthedocs.io/en/latest/subsystems/realms.html#working-with-subdomains-in-development-environment
 ROOT_DOMAIN_LANDING_PAGE = True

+# Enable ALTCHA, so that we test this flow; we can only do this on localhost.
+if external_host_env is None and not IS_DEV_DROPLET:
+    USING_CAPTCHA = True
+
 TOPIC_SUMMARIZATION_MODEL = "groq/llama-3.3-70b-versatile"
 # Defaults based on groq's pricing for Llama 3.3 70B Versatile 128k.
 # https://groq.com/pricing/