Skip to content
This repository has been archived by the owner on Jun 25, 2021. It is now read-only.

"Invisible" reCaptcha no longer works (prototype 1.7.0) #56

Open
durzel opened this issue Jun 21, 2021 · 62 comments
Open

"Invisible" reCaptcha no longer works (prototype 1.7.0) #56

durzel opened this issue Jun 21, 2021 · 62 comments

Comments

@durzel
Copy link
Contributor

durzel commented Jun 21, 2021

Hi,

I am running Magento CE 1.9.4.5 and as of about 17/06/2021 the "invisible" reCaptcha no longer works on my website. It does not appear in the bottom right (as configured), and attempting to log in to the backend with a known good username/password combination just results in an error, as if the reCaptcha part is missing.

When the reCaptcha is set to "Invisible", I get the following error in my browser web console:

Uncaught (in promise) TypeError: this.each is not a function
    findAll https://www.magento-website.com/js/prototype/prototype.js:883
    V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:175
    render https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:683
    e https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:195
    V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:152
    h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:62
    nM https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:438
    h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:115
    bind https://www.magento-website.com/js/prototype/prototype.js:391
    reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:57
    each https://www.magento-website.com/js/prototype/prototype.js:825
    each https://www.magento-website.com/js/prototype/prototype.js:824
    reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:50
prototype.js:883:10

Changing the reCaptcha to "I am not a robot" eliminates the above error, and the user can log in - with the visual "I am not a robot" click required.

I have experienced the same behaviour on a development Magento website which has not been changed in over a year, so I'm convinced that something is no longer playing nicely together.

Anyone else experienced this?

@dc006
Copy link

dc006 commented Jun 21, 2021

Yes, Iam getting very same error message. I can not figure out so far what is going on.

@tryllu
Copy link

tryllu commented Jun 21, 2021

Same thing:

==> recapctha.log <==
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>No 'g-recaptcha-response' in request! - building
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>sending to verify params of Array
(
    [privatekey] => 
    [challenge] =>
    [response] =>
)

2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Bad response from captcha gateway. we got 404
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Exception fail : Bad response from captcha gateway. we got 404

Also it is impossible to login from admin backend:

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

In the short term you can disable the module in etc/modules/ProxiBlue_Recaptcha.xml which will make Magento fall back to the built in CAPTCHA, log in, re-enable it, and then whilst logged in change it to “I’m not a robot”, or disable CAPTCHAs entirely.

@ProxiBlue
Copy link
Owner

Hello, I will ave a look into this soon, thanks for reporting.

@ProxiBlue
Copy link
Owner

Did any of you update the module recently? can you check versions installed please.

latest is 2.5.0

@ProxiBlue
Copy link
Owner

FWIW, checked a few of the site I know uses this, and seems to be working there:

image
image
image

However, they are not running the latest

"proxiblue/recaptcha": "2.3.8",
"proxiblue/recaptcha": "2.3.10",
"proxiblue/recaptcha": "2.1.4",

So could be an issue on latest version.

@ProxiBlue
Copy link
Owner

Is this all admin/backend related?

I am not seeing issue on frontend with latest

  • Updating proxiblue/recaptcha (2.3.8 => 2.5.0): Loading from cache

@indrisepos
Copy link

I tested it on the following versions and unfortunately it doesn't work: 2.1.1, 2.5.0

@ProxiBlue
Copy link
Owner

I am also fine on backend:

image

@ProxiBlue
Copy link
Owner

@indrisepos

Magento version?

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

I'm on the latest currently, per config.xml - 2.5.0

I'm seeing the same web console error on both backend and frontend, when trying to use "Invisible" CAPTCHA type.

@indrisepos
Copy link

indrisepos commented Jun 21, 2021 via email

@ProxiBlue
Copy link
Owner

anyone have a site that I can have a look at? obviously a test / uat site is prefered.

I cannot reproduce.

@ProxiBlue
Copy link
Owner

I am on latest openmage, so will get a standard Magetno 1.9.4.2 setup to see.

@tryllu
Copy link

tryllu commented Jun 21, 2021

I have 2.0.1 and its not working.

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

I can confirm that the same bug exists in 2.3.10, 2.4.0, 2.4.1 and 2.5.0. The same error is produced in the web console when using "Invisible" reCaptcha type. I get the error - and failure of reCaptcha - on backend and frontend.

The fact that it spontaneously stopped working on or around 17/06 makes me think the problem is external.. something relied upon that is no longer the case? Parameter(s) changed, etc?

@ProxiBlue do those versions you are testing have a newer Prototype version? I am on 1.7 according to js/prototype/prototype.js

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

Ok I've made progress...

Replacing js/prototype/prototype.js with 1.7.3 immediately fixes the problem with no other changes.

I don't know what if any compatibility issues there are with Magento 1.9+ using Prototype 1.7.3 instead of 1.7....

EDIT: OpenMage ships with 1.7.3 so I'm inclined to think it might be ok. Not sure how you'd debug this one @ProxiBlue - it seems the problem is localised to Prototype which is outside the scope of your module.

@tryllu
Copy link

tryllu commented Jun 21, 2021

    {
        $this->_debug(ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER.'/'.ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH.'/'.$path);
        $httpRequest = new Zend_Http_Client(
            ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER
            . '/'
            . ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH
            . '/'
            . $path
        );
        $httpRequest->setParameterPost(array_merge(array('remoteip' => $_SERVER['REMOTE_ADDR']), $params));
        $response = $httpRequest->request('POST');
        if ($response->getStatus() != 200) {
            $this->_debug('Bad response from captcha gateway. we got ' . $response->getStatus());
            Mage::throwException('Bad response from captcha gateway. we got ' . $response->getStatus());
        }

        return $response->getBody();

    }

gives https://www.google.com//recaptcha/api/verify which gives 404.

@ProxiBlue
Copy link
Owner

gives https://www.google.com//recaptcha/api/verify which gives 404.

I have seen this before, let me check my changelog

@ProxiBlue
Copy link
Owner

The 404 is expected:

#46 (comment)

It requires POST data

@ProxiBlue
Copy link
Owner

no, I was wrong, a few commenst down:

#46 (comment)

@ProxiBlue
Copy link
Owner

it should be siteverify not verify

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

Yeah I was wrong too - it's https://www.google.com/recaptcha/api/siteverify

I don't see the old URL with just "verify" in the source..

app/code/community/ProxiBlue/ReCaptcha/Helper/Data.php: const RECAPTCHA_SITEVERIFY_PATH = "siteverify";

@ProxiBlue
Copy link
Owner

ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.

It is installed already, will check module in that next.

Sofar all my local tests work fine, no issues

@durzel
Copy link
Contributor Author

durzel commented Jun 21, 2021

ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.

It is installed already, will check module in that next.

Sofar all my local tests work fine, no issues

👍

Upgrading prototype.js to 1.7.3 fixed the problem for me, and hasn't caused any other obvious issues that I've seen. Obviously I can't recommend this as a solution for heavy production sites, but it worked for me.

I suspect if all your local tests are fine you're using OpenMage, which ships with Prototype 1.7.3. Magento 1.9.4.5 and below ships with 1.7.

@ProxiBlue
Copy link
Owner

ProxiBlue commented Jun 21, 2021

Ok, so is likely why mine works on openmage, as they upgraded that.

Thanks for that, I will have to check the code and make it backwards compatible, OR, is code on google side with their js that's no longer compatible (which seems likely reason)

@ProxiBlue ProxiBlue changed the title "Invisible" reCaptcha no longer works "Invisible" reCaptcha no longer works (prototype 1.7) Jun 21, 2021
@ProxiBlue
Copy link
Owner

I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)

It is really the only way as the issue is outside this modules functionality/scope.

I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework

@durzel
Copy link
Contributor Author

durzel commented Jun 22, 2021

I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)

It is really the only way as the issue is outside this modules functionality/scope.

I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

@ProxiBlue
Copy link
Owner

image

@ProxiBlue
Copy link
Owner

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

I will have a look at that, thanks for letting me know, did not check admin.

@ProxiBlue
Copy link
Owner

@durzel

Check new version 1.5.2

@empiricompany
Copy link
Contributor

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

yes we have fixed only frontend because we not use captcha in admin, but if we want to cover also admin i think we can simply just register the observer into section in config.xml

<globals> <events> <controller_action_layout_render_before> <observers> <fixPrototypeVersion> <class>proxiblue_recaptcha/observer</class> <method>fixPrototypeVersion</method> </fixPrototypeVersion> </observers> </controller_action_layout_render_before> <controller_action_predispatch_contacts_index_post> .. ..

@ProxiBlue
Copy link
Owner

Yep, I have adjusted the the event to the global section

@durzel
Copy link
Contributor Author

durzel commented Jun 22, 2021

No joy for me, I'm still getting the standard Magento prototype.js on the backend, even on 2.5.2. Have wiped cache and am using an incognito browser. Are you not getting that?

@ProxiBlue
Copy link
Owner

Not in my local. let me check the release, see if it released correct code

@ProxiBlue
Copy link
Owner

@durzel

You are correct. I tested that on the 1.7.3 based magento (as my debugger is not working on the docker environment I quickly brought up for the 1.9.4.5 test)

Although the code actions

image

the end result is still the wrong (core) prototype loading in head, so admin is somewhere replacing that again with the default)

Fixing my debugger so I can dig into this

@ProxiBlue
Copy link
Owner

It actually works INSIDE admin, not on login

image

There must be separated head templates for admin login (ugh magento 1)

so the given event doe snot do teh job

@ProxiBlue
Copy link
Owner

ProxiBlue commented Jun 22, 2021

does not help I am now so used to m2, I forget how parts of m1 works!

@empiricompany
Copy link
Contributor

does not help I am now so used to m2, I forget how parts of m1 works!

it's hardcoded in adminhtml/default/default/template/login.phtml

@ProxiBlue
Copy link
Owner

it's hardcoded in adminhtml/default/default/template/login.phtml

Oh FFS, yes I just found it as well

@durzel
Copy link
Contributor Author

durzel commented Jun 22, 2021

does not help I am now so used to m2, I forget how parts of m1 works!

it's hardcoded in adminhtml/default/default/template/login.phtml

Well spotted.

@ProxiBlue
Copy link
Owner

At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1

Its just one of those things.

@ProxiBlue
Copy link
Owner

I have work waiting that I need to get to

@durzel
Copy link
Contributor Author

durzel commented Jun 22, 2021

At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1

Its just one of those things.

Indeed. To be honest given how many places this might be the case, it might even be worth just telling people they need to stick prototype.js 1.7.1 in js/prototype themselves.

It's hardcoded in adminhtml/default/default/template/forgotpassword.phtmltoo.

@empiricompany
Copy link
Contributor

i think there is not a clean solution to fix it in backend login, you have to manually update original js/prototype.js or we have to rewrite entire login.phtml template

@ProxiBlue
Copy link
Owner

So, the fix will be to move the provided fix back to just on a frontend event, and supply a patch for login.phtml that can be applied

@ProxiBlue
Copy link
Owner

if composer is used for site deploy via a composer patch, it can be applied cleanly-ish via pipeline deploys and composer udpates

I will supply instructions in README

@durzel
Copy link
Contributor Author

durzel commented Jun 22, 2021

app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
app/design/adminhtml/default/default/template/login.phtml
app/design/adminhtml/default/default/template/forgotpassword.phtml

...are the affected files for the backend, for what it's worth.

I wonder if there is any mileage in trying to patch the incompatible functionality in prototype.js 1.7 instead of replacing it? Will do some investigating...

@ProxiBlue
Copy link
Owner

Ok, I have reverted the event back to frontend only on version https://github.com/ProxiBlue/reCaptcha/releases/tag/2.5.3

I need to move on to paid work, with deadlines.

I have updated readme.

image

When I get time (unless someone beats me to it) patches will be supplied via a GIST to apply these changes manuall, or via composer patches

@ProxiBlue ProxiBlue changed the title "Invisible" reCaptcha no longer works (prototype 1.7) "Invisible" reCaptcha no longer works (prototype 1.7.0) Jun 23, 2021
@ProxiBlue
Copy link
Owner

ProxiBlue commented Jun 24, 2021

if you are stuck with admin login you can disable captcha with:

update core_config_data set value = '0' where path like 'admin/captcha/enable';

for admin, then clear cache

@ProxiBlue
Copy link
Owner

ATTENTION:

I am currently considering archiving this module, as I no longer have the free time to continue supporting this code.
as per ticket: #43, it seems there are issues in checkout with the validation of the invisible recapctha, which could be related to the usage of prototype 1.7.1

I simply don;t have teh time due to paid works with deadlines to work on this at present.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

8 participants