`theme dev` doesn't support captcha on customer login page

[macournoyer]

Issue summary

When Captcha support is enabled, browsing to http://127.0.0.1:9292/account/login will sometimes trigger the captcha. Submitting the captcha on http://127.0.0.1:9292/challenge just redirects back to the same page.

See https://community.shopify.com/c/online-store-2-0/unable-to-log-into-customer-account-when-using-shopify-theme/m-p/1343096/highlight/false#M1414

Expected behavior

Solving the captcha should log you in as a customer.

Actual behavior

It just circles back to http://127.0.0.1:9292/challenge.

Tip: include an error message (in a <details></details> tag) if your issue is related to an error

Steps to reproduce the problem

1. Enable captcha & Customer login in shop settings
2. shopify theme serve
3. Browse to http://127.0.0.1:9292/account/login
4. Submit a bad login
5. You should be redirected to http://127.0.0.1:9292/challenge
6. Solving the captcha and clicking "Submit" redirects you back to http://127.0.0.1:9292/challenge

Workaround

Disable captcha for Customer Login.

Specifications

• App type: theme
• Operating System: macOS
• Shell: zsh
• Ruby version (ruby -v): 2.7.1

[davidhollenbeckx]

this was an issue with slate too

[pepicrft]

Adding a reference to the discussion on the forum

[pablogiralt]

use the url with this format https://mysitename.myshopify.com/?preview_theme_id=129204027619

instead of the localhost url (http://127.0.0.1:9292)

[pinguluk]

_It seems also that when I view the order history, the order number link goes again to store url and not _localhost https://github.com/Shopify/shopify-cli/issues/1992#issuecomment-1025605620__

[venerated]

Is there any other work arounds aside from turning off captcha? Developing a theme on a live store for a client and don't want to mess with their settings.

use the url with this format https://mysitename.myshopify.com/?preview_theme_id=129204027619

instead of the localhost url (http://127.0.0.1:9292)

Doesn't this load the version of the site that is pushed up to Shopify and not what is on the local machine?

[nelsonvassalo]

Still happening, do we have any reported progress?

[luigimannoni]

Doesn't this load the version of the site that is pushed up to Shopify and not what is on the local machine?

You can preview the local development theme directly on live if you are running shopify serve just replace the ID with your dev ID or click at the preview link that is generated from the serve script, it will show your local development theme the only thing lacking will be the livereload and you need to refresh the page manually.

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action.

→ If there's no activity within a week, then a bot will automatically close this.

Thanks for helping to improve Shopify's dev tooling and experience.

[ben-kzn]

Our team is experiencing this issue right now. We'll try turning off the captcha.

[venerated]

Our team is experiencing this issue right now. We'll try turning off the captcha.

@ben-kzn luigimannoni's reply above is the work around that worked for me. Only downside is no live reloading, but at least you can edit the pages.

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action.

→ If there's no activity within a week, then a bot will automatically close this.

Thanks for helping to improve Shopify's dev tooling and experience.

[luigimannoni]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action.

→ If there's no activity within a week, then a bot will automatically close this.

Thanks for helping to improve Shopify's dev tooling and experience.

Still very much active. Someone should increase the bot threshold

[waxit-dev]

Disabling the reCAPTCHA worked great! I was able to login and complete testing on the localhost preview no problem. And only ended up with about 5000 bot accounts added to the store by the end of it.. -_-

[davidhollenbeckx]

@waxit-dev haha, only 5000?

you should be able to preview the theme using the ?preview_theme_id link as mentioned further up this thread

unfortunately no hot reload. if I am doing a lot of detail work on customer account layouts I'll usually use placeholder content in a regular page template until I'm ready to test with live accounts

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[luigimannoni]

Still relevant/active

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[Zelgadis87]

Issue is still relevant. The workaround of using the live site with preview_theme_id works, but it is suboptimal.

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[knjshimi]

Still relevant

[joeswann]

Maybe could we get that bot disabled for this thread until something happens?

[markovic-nikola]

2 years later and still no resolve...

[venerated]

OKAY EVERYONE!! i have a potential solution to this or at least a place to start looking. Our store was experiencing this issue for months, tons of fake accounts being created because we had to shut recaptcha off. We could not find the issue, we exported our theme, did tons of queries for conflicting code, messed with recaptcha tokens, tried even utilizing recaptcha on our third party servers and redirecting the customer. None of it worked, we put our theme in our development instance of shopify, tested it, and....it worked. we had no idea why. Couldnt find a difference in the instances, they were identical.

We realized... the only difference is the apps installed on each instance.

So we contacted shopify plus support and after months of back and forth finally got them to dive into our theme to find the issue. They did, it was a custom account app called FLITS, it was causing the V2 recaptcha to not be able to redirect the customer to the account page.

This was there response "When reCAPTCHA v2 is engaged, the customer is referred to the 'Challenge' page. This page is not hosted in Shopify theme files or Admin - it is provided and managed by Google. Once the challenge has been successfully completed, the redirect looks for the customer account page. In this case, it looks like when that page is blank (because the content of the customers/account.liquid theme file has been commented out), the fallback is to route back to the customer account login page.

I have also confirmed that other third-party customer account apps have a similar issue with v2 redirect. The problem is that Google's reCAPTCHA challenge page overrides the app's redirect settings, looks for the .liquid it is expecting, and then loops back to the login page.

I do understand that reCAPTCHA is the most effective way to combat fake 'bot' accounts, and therefore your priority is to find a way to make it work with your desired customized customer account experience.

You can consider customizing the customers/account.liquid file, instead of using third-party apps to provide your customer account features. Or, you may be able to request a custom version of the customer account apps that can be recognized by the reCAPTCHA challenge page redirect. Google does offer development documentation: Google Dev Support : reCAPTCHA Developer's Guide / Verifying the user's response."

The issue was the challenge page could not redirect back to the account page. I realize many of you may not have custom account page apps, however what i recommend doing is checking to see what conflicts the challenge page could be running into with redirecting back to the account page. Its a good place to start.

Hopefully this helps someone.

Unfortunately, this doesn't apply to this issue. This is an issue during theme development with Shopify itself and local vs server-side development. This happens without any type of apps installed.

[vaelu]

Why is this still not resolved? It's almost impossible to develop themes locally this way. Can you please prioritize this issue? @isaacroldan @shauns @Arkham

[evilzebra-labs]

I'm having the same problem.. and it makes impossible to develop themes locally

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[robertgwolfe]

Still active

[danielehrhardt]

Looks like it does not work with the "New Customer Accounts"

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[nelsonvassalo]

Still active

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[vaelu]

Still active

[yippptay]

any idea when this will ever be fixed? it's crazy that it's been over 2 years and it still hasn't been fixed... why is shopify's integration of captcha so broken?

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[knjshimi]

still active

[github-actions[bot]]

This issue seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action. → If there's no activity within a week, then a bot will automatically close this. Thanks for helping to improve Shopify's dev tooling and experience.

P.S. You can learn more about why we stale issues here.

[danielehrhardt]

still active

[joeswann]

Commenting to add to the collective discussion - a previous solution I had for reverse engineering the recaptcha token to submit forms with JS on published themes now also doesn't work.

So far a more sophisticated reverse engineering approach has been unsuccessful (getting invalid token errors). Is there a current + recommended solution for submitting login etc forms using JS? Shopify Buy uses the Storefront API and doesn't handle sessions.