Closed sunnysideup closed 11 months ago
We have the same problem. Are there any recommendations what we can do in the meanwhile?
Have run into the same issue, debugging it now. The response I get back from Google is { "success": false, "error-codes": [ "invalid-input-response" ] }
$recaptchaResponse
is an empty string, which may explain some things. The g-recaptcha-response
variable is empty on in the form submission data
Sorry everyone my bandwidth lately is fairly limited, happy to take a pull request of course if someone is interested in doing one up to address this. In theory it should be showing a message on the form (not the field) based on this line. Even in the case @elliot-sawyer mentions it should be showing a message saying that they need to answer the captcha (not great for v3 but still something).
Switching back to v2 worked for me
So I originally ran into this issue when a client provided me with a key for v3, when I was expecting v2. I switched the module over to v3, submitted a test form, and all was well - until recently. I'm not 100% sure what the issue is , but I suspect something changed fairly recently with the V3 submission code. Google Recaptcha (Enterprise? May not matter) offers me a slightly different Javascript snippet:
<script>
function onClick(e) {
e.preventDefault();
grecaptcha.enterprise.ready(async () => {
const token = await grecaptcha.enterprise.execute('...........', {action: 'LOGIN'});
// IMPORTANT: The 'token' that results from execute is an encrypted response sent by
// reCAPTCHA Enterprise to the end user's browser.
// This token must be validated by creating an assessment.
// See https://cloud.google.com/recaptcha-enterprise/docs/create-assessment
});
}
</script>
(note the "grecaptcha.enterprise.execute" line instead of "grecaptcha.execute"). The form submission that I observed being sent to Recaptcha was encrypted, so possibly the "grecaptcha.execute" version is sending an unencrypted payload when their server is expecting something encrypted? If that's the case, then maybe the "enterprise" version of Recaptcha is another variant that this module does not yet support?
I might dive into this a bit more if I get more billable time, but for now, getting a v2 key instead solves the issue for me
Any updates on this issue?
Sorry everyone I've been a bit busy with other things lately and haven't really had a chance to look too far into this. Theoretically there this block should be returning the validation error stating the score is too low. It's strange that it's showing absolutely nothing, are you being redirected back to fill the form again and it's simply not showing a message?
Found the issue css was hiding it -_- I'll have a fix up shortly
Fix released as 2.4.2, sorry everyone for the long delay :(
Thank you for fixing it.
recpatcha V3 does not show anything if score is too low - it just goes back to form. This would be very confusing and infuriating for any false positives (i.e. real submitters identified as spam).