"Invisible" reCaptcha no longer works (prototype 1.7.0)
durzel opened this issue · 62 comments
Hi,
I am running Magento CE 1.9.4.5 and as of about 17/06/2021 the "invisible" reCaptcha no longer works on my website. It does not appear in the bottom right (as configured), and attempting to log in to the backend with a known good username/password combination just results in an error, as if the reCaptcha part is missing.
When the reCaptcha is set to "Invisible", I get the following error in my browser web console:
Uncaught (in promise) TypeError: this.each is not a function
findAll https://www.magento-website.com/js/prototype/prototype.js:883
V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:175
render https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:683
e https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:195
V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:152
h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:62
nM https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:438
h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:115
bind https://www.magento-website.com/js/prototype/prototype.js:391
reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:57
each https://www.magento-website.com/js/prototype/prototype.js:825
each https://www.magento-website.com/js/prototype/prototype.js:824
reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:50
prototype.js:883:10
Changing the reCaptcha to "I am not a robot" eliminates the above error, and the user can log in - with the visual "I am not a robot" click required.
I have experienced the same behaviour on a development Magento website which has not been changed in over a year, so I'm convinced that something is no longer playing nicely together.
Anyone else experienced this?
Yes, Iam getting very same error message. I can not figure out so far what is going on.
Same thing:
==> recapctha.log <==
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>No 'g-recaptcha-response' in request! - building
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>sending to verify params of Array
(
[privatekey] =>
[challenge] =>
[response] =>
)
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Bad response from captcha gateway. we got 404
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Exception fail : Bad response from captcha gateway. we got 404
Also it is impossible to login from admin backend:
In the short term you can disable the module in etc/modules/ProxiBlue_Recaptcha.xml which will make Magento fall back to the built in CAPTCHA, log in, re-enable it, and then whilst logged in change it to “I’m not a robot”, or disable CAPTCHAs entirely.
Hello, I will ave a look into this soon, thanks for reporting.
Did any of you update the module recently? can you check versions installed please.
latest is 2.5.0
FWIW, checked a few of the site I know uses this, and seems to be working there:
However, they are not running the latest
"proxiblue/recaptcha": "2.3.8",
"proxiblue/recaptcha": "2.3.10",
"proxiblue/recaptcha": "2.1.4",
So could be an issue on latest version.
Is this all admin/backend related?
I am not seeing issue on frontend with latest
- Updating proxiblue/recaptcha (2.3.8 => 2.5.0): Loading from cache
I tested it on the following versions and unfortunately it doesn't work: 2.1.1, 2.5.0
I am also fine on backend:
Magento version?
I'm on the latest currently, per config.xml - 2.5.0
I'm seeing the same web console error on both backend and frontend, when trying to use "Invisible" CAPTCHA type.
anyone have a site that I can have a look at? obviously a test / uat site is prefered.
I cannot reproduce.
I am on latest openmage, so will get a standard Magetno 1.9.4.2 setup to see.
I have 2.0.1 and its not working.
I can confirm that the same bug exists in 2.3.10, 2.4.0, 2.4.1 and 2.5.0. The same error is produced in the web console when using "Invisible" reCaptcha type. I get the error - and failure of reCaptcha - on backend and frontend.
The fact that it spontaneously stopped working on or around 17/06 makes me think the problem is external.. something relied upon that is no longer the case? Parameter(s) changed, etc?
@ProxiBlue do those versions you are testing have a newer Prototype version? I am on 1.7 according to js/prototype/prototype.js
Ok I've made progress...
Replacing js/prototype/prototype.js with 1.7.3 immediately fixes the problem with no other changes.
I don't know what if any compatibility issues there are with Magento 1.9+ using Prototype 1.7.3 instead of 1.7....
EDIT: OpenMage ships with 1.7.3 so I'm inclined to think it might be ok. Not sure how you'd debug this one @ProxiBlue - it seems the problem is localised to Prototype which is outside the scope of your module.
{
$this->_debug(ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER.'/'.ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH.'/'.$path);
$httpRequest = new Zend_Http_Client(
ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER
. '/'
. ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH
. '/'
. $path
);
$httpRequest->setParameterPost(array_merge(array('remoteip' => $_SERVER['REMOTE_ADDR']), $params));
$response = $httpRequest->request('POST');
if ($response->getStatus() != 200) {
$this->_debug('Bad response from captcha gateway. we got ' . $response->getStatus());
Mage::throwException('Bad response from captcha gateway. we got ' . $response->getStatus());
}
return $response->getBody();
}
gives https://www.google.com//recaptcha/api/verify which gives 404.
gives https://www.google.com//recaptcha/api/verify which gives 404.
I have seen this before, let me check my changelog
no, I was wrong, a few commenst down:
it should be siteverify not verify
Yeah I was wrong too - it's https://www.google.com/recaptcha/api/siteverify
I don't see the old URL with just "verify" in the source..
app/code/community/ProxiBlue/ReCaptcha/Helper/Data.php: const RECAPTCHA_SITEVERIFY_PATH = "siteverify";
ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.
It is installed already, will check module in that next.
Sofar all my local tests work fine, no issues
ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.
It is installed already, will check module in that next.
Sofar all my local tests work fine, no issues
👍
Upgrading prototype.js to 1.7.3 fixed the problem for me, and hasn't caused any other obvious issues that I've seen. Obviously I can't recommend this as a solution for heavy production sites, but it worked for me.
I suspect if all your local tests are fine you're using OpenMage, which ships with Prototype 1.7.3. Magento 1.9.4.5 and below ships with 1.7.
Ok, so is likely why mine works on openmage, as they upgraded that.
Thanks for that, I will have to check the code and make it backwards compatible, OR, is code on google side with their js that's no longer compatible (which seems likely reason)
Ok, so is likely why mine works on openmage, as they upgraded that.
Thanks for that, I will have to check the code and make it backwards compatible, OR, is code on google side with their js that's no longer compatible (which seems likely reason)
Yes, the fact that it just spontaneously stopped working - and the fact that earlier versions don't work either - point to Google changing something on their end that makes Prototype 1.7 incompatible.
Upgrading
prototype.jsto1.7.3fixed the problem for me, and hasn't caused any other obvious issues that I've seen. Obviously I can't recommend this as a solution for heavy production sites, but it worked for me.
Confirm. It is working with 1.7.3, however I am not sure if other services are not affected.
EDIT: OpenMage ships with 1.7.3 so I'm inclined to think it might be ok. Not sure how you'd debug this one @ProxiBlue - it seems the problem is localised to Prototype which is outside the scope of your module.
I will still have a gander, see what I can figure out, but yeah, likely not going to be an issue I can solve. Things move on. That's life
For what it's worth. I'm experiencing the login problem with a 3rd party recaptcha extension. My store is on CE 1.9.4.5
Customers see this error on the login page"• The response parameter is invalid or malformed.". On my store, the last successful order where a customer logged in was June 17th. So not sure if this started later in that day or started in the 18th. Fortunately a customer called me the next day to get help login in so that's what tipped me off. Keeping my extension disabled and following this topic. Will certainly be switching to your module hopefully soon.
@ZenMasta I confirm, I have installed it on OpenMage 1.9.4.13 and I had a lot of issues with customers not able to create accounts. So I have disabled it. So far Cloudflare is coping to keep spammers away. I guess Honeyspam is also doing its job
https://github.com/magento-hackathon/HoneySpam
@ProxiBlue Actually, OpenMage 1.9.4.13 is a fork which is more compatible with Magento 1.9 than the version 2x...
The have two OpenMage versions... The ones with 1.9 are more compatible with original Magento 1.9 than OpenMage 2x, which has more modifications.
So in order to avoid issues with plugins, I have chosen OpenMage 1.9 flavor
OpenMage 1.9.4.13 is a fork which is more compatible with Magento 1.9 than the version 2x..
Ah, did not know this. I migrated my clients that prefers to stay on m1 to the full OpenMage version quite some time ago, and not experienced any major 3rd party module issues, but then 90% of their functions I coded, rather than loading multiple 3rd party modules.
I can now reproduce on vanilla 1.9.2.4
Confirmed that I am not a robot still works
anyone stuck can run these sql queries to swap to 'I am not a robot'
update core_config_data set value = 'robot' where path = 'customer/captcha/theme';
update core_config_data set value = 'robot' where path = 'admin/captcha/theme';
I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)
It is really the only way as the issue is outside this modules functionality/scope.
I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework
I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)
It is really the only way as the issue is outside this modules functionality/scope.
I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework
It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.
It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.
I will have a look at that, thanks for letting me know, did not check admin.
It appears to fix the frontend, but the backend is still pulling
prototype.jsfromjs/prototype/prototype.js, on my 1.9.4.5 CE install at least.
yes we have fixed only frontend because we not use captcha in admin, but if we want to cover also admin i think we can simply just register the observer into section in config.xml
<globals> <events> <controller_action_layout_render_before> <observers> <fixPrototypeVersion> <class>proxiblue_recaptcha/observer</class> <method>fixPrototypeVersion</method> </fixPrototypeVersion> </observers> </controller_action_layout_render_before> <controller_action_predispatch_contacts_index_post> .. ..
Yep, I have adjusted the the event to the global section
No joy for me, I'm still getting the standard Magento prototype.js on the backend, even on 2.5.2. Have wiped cache and am using an incognito browser. Are you not getting that?
Not in my local. let me check the release, see if it released correct code
You are correct. I tested that on the 1.7.3 based magento (as my debugger is not working on the docker environment I quickly brought up for the 1.9.4.5 test)
Although the code actions
the end result is still the wrong (core) prototype loading in head, so admin is somewhere replacing that again with the default)
Fixing my debugger so I can dig into this
It actually works INSIDE admin, not on login
There must be separated head templates for admin login (ugh magento 1)
so the given event doe snot do teh job
does not help I am now so used to m2, I forget how parts of m1 works!
does not help I am now so used to m2, I forget how parts of m1 works!
it's hardcoded in adminhtml/default/default/template/login.phtml
it's hardcoded in adminhtml/default/default/template/login.phtml
Oh FFS, yes I just found it as well
does not help I am now so used to m2, I forget how parts of m1 works!
it's hardcoded in adminhtml/default/default/template/login.phtml
Well spotted.
At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1
Its just one of those things.
I have work waiting that I need to get to
At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1
Its just one of those things.
Indeed. To be honest given how many places this might be the case, it might even be worth just telling people they need to stick prototype.js 1.7.1 in js/prototype themselves.
It's hardcoded in adminhtml/default/default/template/forgotpassword.phtmltoo.
i think there is not a clean solution to fix it in backend login, you have to manually update original js/prototype.js or we have to rewrite entire login.phtml template
So, the fix will be to move the provided fix back to just on a frontend event, and supply a patch for login.phtml that can be applied
if composer is used for site deploy via a composer patch, it can be applied cleanly-ish via pipeline deploys and composer udpates
I will supply instructions in README
app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
app/design/adminhtml/default/default/template/login.phtml
app/design/adminhtml/default/default/template/forgotpassword.phtml
...are the affected files for the backend, for what it's worth.
I wonder if there is any mileage in trying to patch the incompatible functionality in prototype.js 1.7 instead of replacing it? Will do some investigating...
Ok, I have reverted the event back to frontend only on version https://github.com/ProxiBlue/reCaptcha/releases/tag/2.5.3
I need to move on to paid work, with deadlines.
I have updated readme.
When I get time (unless someone beats me to it) patches will be supplied via a GIST to apply these changes manuall, or via composer patches
if you are stuck with admin login you can disable captcha with:
update core_config_data set value = '0' where path like 'admin/captcha/enable';
for admin, then clear cache
ATTENTION:
I am currently considering archiving this module, as I no longer have the free time to continue supporting this code.
as per ticket: #43, it seems there are issues in checkout with the validation of the invisible recapctha, which could be related to the usage of prototype 1.7.1
I simply don;t have teh time due to paid works with deadlines to work on this at present.