Add timestamp/expiry to HMAC verification code in BridgeDB's local CAPTCHAs
The CAPTCHAs created in legacy/trac#10809 (moved) are in the form:
HMACFn := HMAC(HMAC_KEY, REQUEST_IP_ADDR)
CAPTCHA_VERIFICATION := HMACFn(RSA_ENC(CAPTCHA_ANSWER))When they really should be more like:
HMACFn := HMAC(HMAC_KEY, REQUEST_IP_ADDR)
CAPTCHA_VERIFICATION := HMACFn(TIMESTAMP, RSA_ENC(CAPTCHA_ANSWER))See this commit message from the original branch. After adding the timestamp to the CAPTCHA_VERIFICATION creation in bridgedb.captcha.GimpCaptcha.createChallenge(), said timestamp should obviously be checked that it is not expired (according to some easily configurable expiration period) in bridgedb.captcha.GimpCaptcha.checkSolution().