Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement invisible Recaptcha #18146

Closed
wants to merge 17 commits into from

Conversation

continga
Copy link
Contributor

@continga continga commented Sep 28, 2017

Pull Request for Issue #14565 and following up #14583 and #16599 et al.

Summary of Changes

This PR implements the possiblity to use the Invisible reCAPTCHA using a separate plugin. Besides implementing the basic functionality to make invisible reCAPTCHA working, there has been made some smaller architectural changes to the whole captcha process (e.g. using Exception instead of JError for errors) and the reCAPTCHA PHP library from Google has been updated, alongside with some smaller changes in the old reCAPTCHA (V1 und V2) plugin.

As this is one of my first PRs for Joomla!, please dont hesitate to make suggestions of how to improve it.

Testing Instructions

  1. Create a site- and secret-key at https://www.google.com/recaptcha/admin for an invisible reCAPTCHA (reCAPTCHA V2 keys will not work with Invisible reCAPTCHA)
  2. Configure the Invisible reCAPTCHA plugin in the Joomla! backend, entering at least the site- and secret-key
  3. Configure the Invisible reCAPTCHA plugin to be used as captcha plugin (System -> Global Configuration -> Default Captcha)
  4. Open up a form in the frontend where a captcha is enabled (e.g. by creating a menulink to a contactform)
  5. Notice the reCAPTCHA logo on the right side (see screenshot further down) which indicates that the invisible reCAPTCHA has been executed.

We also need to make sure that the reCAPTCHA plugin (V1 and V2) still is working correctly (as there has been made some bigger changes to the code by me), although I have tested this toroughly already, but I would be very glad if other people could take a look at this too, I don't want to take chances that this PR breaks something.

Additionally, as this PR changes the rendering of form fields for the registration form (this was needed as the registration form was using its own rendering of form fields, which caused issues with the invisible reCAPTCHA), we need to make sure the registration form for users is working as expected. So we need to test the registration form in resprect to custom fields of users etc, and whether they get displayed correctly now.

Expected result

image

@brianteeman
Copy link
Member

Because of the keys issue would it not make sense to create this as a new plugin?

@continga
Copy link
Contributor Author

V1 and V2 keys also were incompatible, and we had them in the same plugin. Additionally, V2 and invisible share very much of the code (e.g. the whole server-side validation), so I don't see any advantage when using a separate plugin. Additionally, the "key issue" is pretty clear on the Google reCAPTCHA admin page, so I think it shouldn't confuse users. I just wrote it down in the testing information to make clear that new keys has to be created to test this.

@brianteeman
Copy link
Member

I thought it was a mistake last time as well

@continga
Copy link
Contributor Author

Well, we could do it as a separate plugin now (it is not very much work to disassemble it), but where do you see the advantage exactly?

@brianteeman
Copy link
Member

You would be able to use invisible!e on some forms and V2 on others.
It will also make future updates easier without having to have switches in the code for the old keys

@continga
Copy link
Contributor Author

Okay, true. Especially the first point is very interesting. I think we should wait for some more feedback, but if the broad agreement is to put it into a separate plugin, I will be very glad to do so.

@810
Copy link
Contributor

810 commented Sep 28, 2017

i vote for same plugin

@Fedik
Copy link
Member

Fedik commented Sep 29, 2017

it should be a plugin, there even a pull request for it, already, somewhere here

@paulus103
Copy link

Hi This looks a nice feature to add :)

@ghost
Copy link

ghost commented Oct 28, 2017

@paulus103 can you please test?


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@paulus103
Copy link

@franz-wohlkoenig

I have tested this on a live server and it works :)


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@ghost
Copy link

ghost commented Oct 29, 2017

@paulus103 thanks for Info. Please mark your Test as successfully:

  • open Issue Tracker
  • Login with your github-Account
  • Click on blue "Test this"-Button above Authors-Picture
  • mark your Test as successfully
  • hit "submit test result"

@paulus103
Copy link

I have tested this item successfully on 259a657

tested successfully on an 3.8.1 old development site :)


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@conseilgouz
Copy link
Contributor

What can be done, so this pr will be included in 3.8.3. I was disappointed not seeing it in 3.8.2.

If I can help, let me know,

Pascal

@ghost
Copy link

ghost commented Nov 12, 2017

@pmleconte Pull Requests needs 2 successfully Tests. If you can test this PR, next Step is done.

@ghost
Copy link

ghost commented Nov 12, 2017

@continga can you please resolve conflicting Files so PR can be tested?

@Fedik
Copy link
Member

Fedik commented Nov 12, 2017

I would really suggest to make/test a plugin (there even already one #16599)
and invest your time in to a plugin

@ghost
Copy link

ghost commented Nov 12, 2017

Status is set on "Needs Review".

@conseilgouz
Copy link
Contributor

I have tested this item successfully on 259a657

Test ok on 3.8.1 site. Both V2 and invisible captcha are OK.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@continga
Copy link
Contributor Author

I now fixed the label issue, see commit f75d99c6.

Now from my point of view every feedback and review-change-request has been applied. Can you guys maybe take a look again and check whether this is mergable? This PR is pretty old and I am crossing fingers we finally get this thing merged 🙂 Thank you in advance!

@roland-d
Copy link
Contributor

@continga I am sure we will get it merged once all issues are solved :)

When I do a password reset, I see this form:
image

Same when I do forget username I see this form:
image

So I think for these 2 pages you still need to add the layout fix.

Looking good:

  • New user registration
  • Contact form
  • Edit article

Those are the only places I can think of and find where the captcha could be shown.

…nd login/remind/reset forms. This fixes some problems with formfields not being rendered correctly (e.g. the invisible recaptcha field)
@continga
Copy link
Contributor Author

Thanks @roland-d I fixed the cases you found.

Additionally I checked the sourcecode for other cases where form fields are being rendered manually and found some additional ones in the com_users login, password reset confirmation and success views. There shouldn't be a captcha there, but just to be sure I replaced the manual rendering with the Form renderer.

As far as I see, the only other places where forms are being rendered manually now are in several com_config views, and in the profile edit view of com_users. Both cases are not easily straight-forward replaceable by the Form renderer, so I left them in their current state, also because they don't display a captcha at all.

Can you check again? ☺️ Thank you very much in advance!

@roland-d
Copy link
Contributor

I have tested this item successfully on 67ac41a

After applying the patch I setup the ReCaptcha invisible settings in the plugin and after that I tested the following view:

  1. User Registration (http://joomla-cms-live.test/index.php?option=com_users&view=registration&Itemid=405)
  2. Forgot Password (http://joomla-cms-live.test/index.php?option=com_users&view=reset&Itemid=409)
  3. Forgot Username (http://joomla-cms-live.test/index.php?option=com_users&view=remind&Itemid=406)
  4. Edit an article (http://joomla-cms-live.test/index.php?option=com_content&view=form&layout=edit&a_id=6&Itemid=257&catid=26)
  5. Contact Form (http://joomla-cms-live.test/index.php?option=com_contact&view=contact&id=1&Itemid=229)

All the views show the Captcha logo and allowed me to process the form successfully.

I had a look at the JS callbacks as well they work fine for me.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@MastersOfMedia
Copy link

I have tested this item successfully on 67ac41a

I have tested this item succesfully on a fresh install of Joomla! 3.8.11. On all 5 forms the invisible ReCaptcha badge show correctly and I was able to enter and process the form data correctly. By altering the keys in the plugin settings I was able to determine the validation actually works correctly.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18146.

@ghost
Copy link

ghost commented Aug 13, 2018

Ready to Commit after two successful tests.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Aug 13, 2018
@mbabker mbabker added this to the Joomla 3.9.0 milestone Aug 21, 2018
@mbabker mbabker changed the base branch from staging to 3.9-dev August 28, 2018 23:16
mbabker pushed a commit that referenced this pull request Aug 28, 2018
@mbabker
Copy link
Contributor

mbabker commented Aug 28, 2018

Merged to 3.9-dev via 9a12f28

@mbabker mbabker closed this Aug 28, 2018
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Aug 28, 2018
PLG_RECAPTCHA_CALLBACK_DESC="(Optional) JavaScript callback, executed after successful reCAPTCHA response"
PLG_RECAPTCHA_EXPIRED_CALLBACK_LABEL="Expired callback"
PLG_RECAPTCHA_EXPIRED_CALLBACK_DESC="(Optional) JavaScript callback, executed when the reCAPTCHA expired"
PLG_RECAPTCHA_EXPIRED_CALLBACK_LABEL="Error callback"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

has to be PLG_RECAPTCHA_ERROR_CALLBACK_LABEL

PLG_RECAPTCHA_EXPIRED_CALLBACK_LABEL="Expired callback"
PLG_RECAPTCHA_EXPIRED_CALLBACK_DESC="(Optional) JavaScript callback, executed when the reCAPTCHA expired"
PLG_RECAPTCHA_EXPIRED_CALLBACK_LABEL="Error callback"
PLG_RECAPTCHA_EXPIRED_CALLBACK_DESC="(Optional) JavaScript callback, executed when the reCAPTCHA encounters an error"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hast to be PLG_RECAPTCHA_ERROR_CALLBACK_DESC

Copy link
Contributor

@tecpromotion tecpromotion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

two strings are duplicated in the en-GB.plg_captcha_recaptcha.ini file and must be corrected.

@brianteeman
Copy link
Member

@tecpromotion
Good spot

as this has been merged already can you do a PR to fix it - or shall I ?

@tecpromotion
Copy link
Contributor

@brianteeman
It would be an honor for me to write the PR. I found the mistake because I'm doing the german translation :)

tecpromotion added a commit to tecpromotion/joomla-cms that referenced this pull request Aug 30, 2018
There were two double strings
tecpromotion added a commit to tecpromotion/joomla-cms that referenced this pull request Aug 30, 2018
mbabker pushed a commit that referenced this pull request Aug 30, 2018
* Implement invisible Recaptcha #18146

There were two double strings

* Implement invisible Recaptcha #18146

thanks @brianteeman
fix order
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet