search

commons-app / apps-android-commons

The Wikimedia Commons Android app allows users to upload pictures from their Android phone/tablet to Wikimedia Commons
https://commons-app.github.io/
Apache License 2.0
1.03k stars 1.24k forks source link

[Bug]: App doesn't show CAPTCHA that may be required for log in #5679

Open sivaraam opened 7 months ago

sivaraam commented 7 months ago

Summary

In some cases, a CAPTCHA might need to be solved by the user in order to successfully log in. This may be necessary due to some number of failed login attempts. The app is not able to identify such scenarios and properly show a CAPTCHA to the user. Instead, the login fails.

This was first reported here: [reference]

Steps to reproduce

Steps given by @OpenGreenStreet:

  1. The app requires a new password to be entered due to a previous password change (up to this point completely normal).
  2. Immediately before the new password was entered in the app, there were several unsuccessful password entries (e.g. due to an "attack" on the account by a third party).
  3. The app does not recognize this captcha/cannot display it. Entering the correct password also fails in the app.

Expected behaviour

The app should show the CAPTCHA and allow the user to enter the same and successfully complete the login similar to the web interface.

Alternatively, the app could imitate what the Wikipedia app does. It seems to show a toast asking the users to wait for 5 minutes before trying further login attempts. Note that the app properly shows this when the login attempt fails 5 times within the app. We need to check what happens when the same happens in web and user logs into the app right after that.

Screenshot of wait prompt

![Screenshot_2024-03-31-01-51-32-84_ebeee2b22978ff0d0437de7074bd3027](https://github.com/commons-app/apps-android-commons/assets/12448084/0d57f465-548d-4896-90ba-c999bbb9f97f)

Actual behaviour

The app fails to show the CATPCHA. So, user is not able to login.

Device name

OnePlus Nord

Android version

Android 12

Commons app version

4.2.1 (main branch)

Device logs

No response

Screen-shots

No response

Would you like to work on the issue?

None

shashankiitbhu commented 7 months ago

@sivaraam @nicolas-raoul As discussed in the original Issue discussion I will be working on this issue

sivaraam commented 7 months ago

@shashankiitbhu Could you clarify how you plan on addressing this issue?

shashankiitbhu commented 7 months ago

@sivaraam Sorry for the late reply, I was out of the station, and I was thinking of a way to actually show CAPTCHA within the app ? I don't think we have any end-points for that as of now ?

What we can do is to redirect the user to WebView where they can log in? (In this specific case only)

sivaraam commented 7 months ago

@sivaraam Sorry for the late reply, I was out of the station, and I was thinking of a way to actually show CAPTCHA within the app ? I don't think we have any end-points for that as of now ?

Yeah. I'm not aware of any endpoints either. Could you check regarding this in the wikitech-l mailing list on what could be done in this situation?

What we can do is to redirect the user to WebView where they can log in? (In this specific case only)

For this, I suppose we would need to explore the feasibility of getting the auth token post a web login.

Before that, could you check how the Wikipedia app handles this case?

shashankiitbhu commented 7 months ago

Before that, could you check how the Wikipedia app handles this case?

@sivaraam The Wikipedia app displays the CAPTCHA in the app itself.

Yeah. I'm not aware of any endpoints either. Could you check regarding this in the wikitech-l mailing list on what could be done in this situation?

I started a thread on Wikitech-I regarding this, yet to receive a response.

sivaraam commented 7 months ago

@sivaraam The Wikipedia app displays the CAPTCHA in the app itself.

I tried to view the CAPTCHA bit couldn't do so. Could you possibly share a screenshot of this screen for reference? Specifically it would be helpful to know in which case you were able to see the CAPTCHA in the app.

I started a thread on Wikitech-I regarding this, yet to receive a response.

Nice. Let's wsee what we get. Given the Wikipedia app is able to show the CAPTCHA, it would worth checking out their code to know how what APs they've used.

shashankiitbhu commented 7 months ago

@sivaraam I observed that Wikipedia app is capable of showing CAPTCHA for login in the app itself

WhatsApp Image 2024-04-15 at 10 14 40 AM

sivaraam commented 7 months ago

That seems like the CAPTCHA from the "Create account" page. We're actually concerned about the CAPTCHA that needs to be shown upon login. We don't need to worry about it since we redirect to the web page for the "Sign up".

Could you check how the login case is handled by the Wikipedia app?

nicolas-raoul commented 3 months ago

@shashankiitbhu Would you mind sharing the URL of your thread on Wikitech-I regarding this? :-)

sivaraam commented 2 months ago

I think this is the thread: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DT5N6HHUONI7TIH2FXUHMD74W4CTHQNU/#XW6HJPJY5SUZHNON7RIHGNDAQW5Q4DFE