search

Pixel-Open / prestashop-cloudflare-turnstile

Protect your Prestashop store from spam messages and spam user accounts with Cloudflare Turnstile
https://pixel-open.org/projects/prestashop-bundle-cloudflare-turnstile/
MIT License
23 stars 9 forks source link

Captcha for registration form can be bypassed #4

Open valbewe opened 1 year ago

valbewe commented 1 year ago

Prestashop Version 8.0.1

Cloudflare Turnstile Version 1.1.1

Do you use a specific theme Standard free theme that comes with the installation of Presta

Describe the bug If I'm not logged in and add products to my shopping cart and then go to checkout, I can either order as a guest or log in. However, if guest ordering is disabled, then the page will show registration instead. In this way, the captcha for registration can be bypassed.

A similar problem was described here: https://github.com/nenes25/eicaptcha/issues/124

Would you like to fix this or can you give me a tip on how to implement the captcha at this point?

In any case, thank you for the great module!

magentix commented 1 year ago

Hi @valbewe

This will be available in the next minor release (1.2.0)

The difficulty is that the register and login templates are on the same page and share the same controller (OrderController). This actually conflicts with the rendering of the widget on registration and login pages.

There will be a new mandatory parameter in the the widget call to identify the form:

{widget name='pixel_cloudflare_turnstile' form="register"}
{widget name='pixel_cloudflare_turnstile' form="login"}
{widget name='pixel_cloudflare_turnstile' form="contact"}
{widget name='pixel_cloudflare_turnstile' form="password"}

Regards, Matthieu

magentix commented 1 year ago

Hi,

Development is in progress, it will be available in 1.2.0.

alapiere commented 1 year ago

Hi , When the 1.2.0 will be avilable ? I'd really like to make turnstile work on ps reg form, and to distinguish login actions from register actions in turnstile stats; as we are under registration form spam attack ..