search

dsoares / roundcube-rcguard

Roundcube plugin to enforce reCAPTCHA for users who have too many failed logins.
24 stars 11 forks source link

Recaptcha disappear on logout #36

Open claudiosoprano opened 4 years ago

claudiosoprano commented 4 years ago

Hi all,

i have a problem with the rcguard plugin for roundcube.

When i logout from Roundcube, in the login page the Recaptcha window is not present, so if i try to login, it tells that i didn't use the recaptcha and then the recaptcha appear on the second login screen.

The only way to fix it, is reloading the page after the logout or insert the credentials twice (the first one with error).

I moved from v1.0.x to 1.1.x to 1.2.x to 1.3.x and finally 1.4.x the error is present on all the versions.

I don't know if there is a way to reload the page automatically on logout, let me know.

Thanks for the plugin. Claudio Soprano

claudiosoprano commented 4 years ago

just to show you what appear i will add two screenshoots

normal login screen

Screen Shot 2020-09-29 at 08 59 59

login screen after logout

Screen Shot 2020-09-29 at 08 59 39

Claudio

dsoares commented 3 years ago

Hi, I can't reproduce your problem. I login, then logout and the recaptcha is shown in the login screen. Tested with recaptcha v2, larry and elastic skins, with $rcmail_config['failed_attempts'] = 1. What is your 'recaptcha_whitelist' config value? Do you have more plugins enabled that could interfere with template_object_loginform hook?

claudiosoprano commented 3 years ago

Hi,

my $rcmail_config['failed_attempts']=0

my $recaptcha_whitelist = array(     '193.206.80.0/21',     '192.84.128.0/22',     '192.135.25.0/24',     '192.135.26.0/24',     '193.205.228.0/24',     '90.147.175.0/24',     '90.147.176.64/26',     '172.16.0.0/12',     '192.168.0.0/16', );

these are my plugins

$config['plugins'] = array('archive', 'zipdownload', 'acl', 'managesieve', 'new_user_identity', 'rcguard');

i also removed one at time all the plugins leaving only rcguard, but the problem persists

Claudio

Il 28/11/20 22:23, dsoares ha scritto:

Hi, I can't reproduce your problem. I login, then logout and the recaptcha is shown in the login screen. Tested with recaptcha v2, larry and elastic skins, with |$rcmail_config['failed_attempts'] = 1|. What is your 'recaptcha_whitelist' config value? Do you have more plugins enabled that could interfere with |template_object_loginform| hook?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dsoares/roundcube-rcguard/issues/36#issuecomment-735292114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMNCTQCJWKJBQNHWEA32JX3SSFS3NANCNFSM4R5MVI3A.

-- 

    /        |    /   _____/           /    |    /   _____/    |    /
   /       / |   /   /                /   / |   /   /        / |   /
  /       /  |  /   ___/   _____/    /   /  |  /   ___/     /  |  /
 /       /   | /   /                /   /   | /   /        /   | /

__/ _/ _/ / / / / / / /

Claudio Soprano phone: (+39)-06-9403.2349/2355 Computing Service fax: (+39)-06-9403.2649 LNF-INFN e-mail: Claudio.Soprano@lnf.infn.it Via Enrico Fermi, 40 www: http://www.lnf.infn.it/ I-00044 Frascati, Italy

smefa commented 3 years ago

I get the same issue (1.4.9 & 1.3.1). It does not show after logout. I use it with ['failed_attempts'] = 0; No whitelist

arafatx commented 3 years ago

It seems like you are using unsecured connection. Perhaps this might be the issue. Try using https and see if problem persists

smefa commented 3 years ago

My site is using https with a valid certificate and I get the same issue. Contact me if you want to check it.

claudiosoprano commented 3 years ago

Same here, my site use only https, http requests have rewrite rule on https sites

Claudio

Il 27/12/20 10:48, smefa ha scritto:

My site is using https with a valid certificate and I get the same issue. Contact me if you want to check it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dsoares/roundcube-rcguard/issues/36#issuecomment-751446597, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMNCTQC7XCEBCLDBTOQFHALSW37G3ANCNFSM4R5MVI3A.

claudiosoprano commented 3 years ago

any news about this problem, it is still valid

rorian commented 3 years ago

It's a great plugin but same problem here. After logout no recaptcha badge and no recaptacha callback possible. User needs to refresh the page.

-no other non-default plugins than rcguard

dsoares commented 3 years ago

I still can't reproduce the problem. Tested with latest roundcube version (master), PHP 7.4, the same options:

Is there any error in the browser console?

rorian commented 3 years ago

I use elastic skin. Some more details:

Rouncube 1.4.11

plugins: archive | 3.4 filesystem_attachments | 1.0 jqueryui | 1.12.0 password | 5.1 rcguard | 1.3.1 zipdownload | 3.4

The steps are the same as @claudiosoprano screens.

  1. user logs into the panel using active recaptcha mechanism

  2. user clicks "Log out" which hrefs to /roundcube/?_task=logout from webmail panel

  3. after that the default the login screen shows up but this time with NO recaptcha badge. Further code insight gives that at this step, the <script src="https://www.google.com/recaptcha/api.js?render=keyhere></script> is missing in the code. No api fetch. Therfore no iframe also. No errors in console at all.

  4. at this point when user wants to log again he's getting CAPTCHA verification empty error message and..

  5. then page is doing an auto-refresh and -> the api.js is included, as before. reCaptcha shows - goto-step(1)

pbiering commented 1 year ago

can this be reproduced with latest release from here?

https://github.com/pbiering/roundcube-rcguard

If not, please close this issue.

smefa commented 1 year ago

Looks ok to me now with Roundcube 1.6.2 & rcguard 1.3.2