Captcha not preventing the submit of the form (v2.12.2)

[jmoreno17]

Hi! We followed the steps of the guide and installed the plugin, but when we submit a form with the recaptcha not ticked, it still creates the contact in Mautic. Everything seems fine but we don't know what could we be missing.

I enclose the landing page code for you to see.

Any help would be appreciated. Thank you very much!

jmoreno

[acheloos-m]

Got the same Issue here. we've just modified https://github.com/KonstantinCodes/mautic-recaptcha/blob/0209dbb772b980886d7bb58e4051f34959231c1a/EventListener/FormSubscriber.php#L63-L83 changing builderOptions to:

[...]
public function onFormBuild(FormBuilderEvent $event)
    {
        $action = [
            'label'          => 'mautic.plugin.actions.recaptcha',
            'formType'       => 'recaptcha',
            'template'       => 'MauticRecaptchaBundle:Integration:recaptcha.html.php',
            'builderOptions' => [
                'addLeadFieldList' => false,
                'addIsRequired'    => true,
                'addDefaultValue'  => false,
                'addSaveResult'    => true,
            ],
            'site_key' => $this->siteKey,
        ];
        $event->addFormField('plugin.recaptcha', $action);
        $event->addValidator('plugin.recaptcha.validator', [
            'eventName' => RecaptchaEvents::ON_FORM_VALIDATE,
            'fieldType' => 'plugin.recaptcha',
        ]);
    }

That way, you can mark the field as required inside the formbuilder and define a validation message.

When the user clicks the checkbox, a token is set for hidden input of the captcha thus it's no empty any more and the form can be submitted.

Maybe the validation option should be default?

Hope that helps

[KonstantinCodes]

@acheloos-m Thanks for your post!

Would you like to make a PR to the master branch?

[acheloos-m]

Sure, there you go

[KonstantinCodes]

@jmoreno17 Thank you for the bug report! @acheloos-m Thanks for the suggested solution. I tried it and noticed that contacts still get created. This is due to FormBundle/Model/SubmissionModel.php:366:

// Create/update lead
$lead = null;
if (!empty($leadFieldMatches)) {
    $this->createLeadFromSubmit($form, $leadFieldMatches, $leadFields);
}

This gets triggered in all forms that contain Contact Fields - no matter if the form validation fails.

This is why I actually had to brutally delete the Contact after it gets created by listening to the mautic.lead_post_save Event. Anyway thank you both a lot for the help!

Can you please test the new version that I have published?

[acheloos-m]

@KonstantinCodes i just saw what you mean in production - the form identified contacts regardless of the captcha result.. good point. My merge request only prevented the active submission by the user.

I've tested the lastest master, seems to work so far, but i see some possible side effects with your solution:

When a "real" user for whatever reason ever fails to solve the captcha, he'll be be deleted from db too, including all activity history, campaign memberships and so on. This also happens, when one just forgets to tick the captcha box.

I think it would be better, if the form submission is prevented by "required" check. That way we'll leave "real" users with chance to solve the captcha in second or third try but delete bot form post submission directly like your last update does.

Cheers

[KonstantinCodes]

@acheloos-m good point as well. Thank you for your feedback. About the situation with existing leads: that definitely needed to be handled. I just merged #7 to check if the lead is new.