recaptcha should be disabled unless extension has been properly configured

Question

recaptcha should be disabled unless extension has been properly configured

Closed this issue 10 months ago · 1 comments

I installed v1.3.1 on Blomstra Flarum "2023-12-08-22-43 on 1.8.3" and while it seems to work fine once it's properly configured, I am a bit concerned about what happens before that. If you enable the extension but haven't configured it properly (or at all), it will prevent you from logging in, so if you close your current session with the extension enabled but not configured, you will be logged out of your forum until you access the database directy and disable it there. This seems highly undesirable. I think that there should be some sort of conditional check in the backend as to whether the extension is properly configured before it gets fully activated. Perhaps some check that forces it to pass the "test recaptcha" box in the configuration page after every credential change before it gets fully enabled?

Also, what happens if the recaptcha server goes down (i.e.: the backend cannot reach the recaptcha server or the API key has become invalid)? Maybe there could be an option to set what to do in such case: disable it (keeping the forum usable but more vulnerable) or keep it enabled (making the forum unusable but more protected).

Answer 1 · 2024-02-21T16:18:08.000Z

thanks @davwheat