-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add captcha verify on login there may be has a bug! #2106
Comments
Sounds good. Could you please update the wiki page? They are maintained by the community, so feel free to change it. |
This change doesn't seem to work anymore. Using omniauth (1.1.4)
class SessionsController < Devise::SessionsController
skip_before_filter :require_no_authentication, :only => [:new, :create]
And logins are getting authorized even though the captcha is failing. Any ideas? Trying to find out if devise 2.2.3 changed the before filter... EDIT: I just realized this is probably because I'm using Omniauth and there must be an additional helper that needs to be run in order to verify the captcha before the omniauth login. |
We meet this problem too. and just did that like huacnlee, but the |
It's been changed, any ideas? |
@chinacheng Great! Your solution fits my issue! |
I've encountered the exact same issue, and I can't seem to solve it. This is my implementation
I'm not quite understanding what is happening here. Devise's implementation of SessionsController has this on top of the file:
So to counteract this before filter, I have to write Can anyone help me? |
Using @chinacheng's idea and this post on RoR 4 with Recaptcha gem, is as simple as: class Users::SessionsController < Devise::SessionsController
prepend_before_action :captcha_valid, only: [:create]
layout "login"
private
def captcha_valid
if verify_recaptcha
true
else
self.resource = resource_class.new(sign_in_params)
respond_with_navigational(resource) { render :new }
end
end
end |
@guapolo Added that to the wiki |
I want add a captcha feature on my login page. So I follow this page to do.
And then, I found an issue:
When I first submit with a bad captcha code, will got
Captcha has wrong, try a again.
message, but when I refresh that page again, the devise will auto login.Rails logger show:
Looks like
require_no_authentication
has did login and redirect the page.https://github.com/plataformatec/devise/blob/master/app/controllers/devise_controller.rb#L122
So, I add a
skip_before_filter
to disable that feature, and verify logic will be work fine!The text was updated successfully, but these errors were encountered: