CAPTCHA invalidated when information is missing

[jamy015]

Consider the following:

1. Someone enters their email address and passes the captcha, but doesn't enter a first or last name.
2. They get a warning telling them that they should enter a name.
3. They do so, but now the captcha is invalid with no way to redo it except reloading the entire page.

[flexd]

I agree this is an issue. I noticed this happening when developing this, but never got around to fixing it.

[bitfield]

I think this is related:

I might have found a bug with the gopher slack sign up page.

enter info Recaptcha click sign up button before clicking code of conduct click code of conduct retry to click the sign up button. After hitting the sign up button the second time the site doesn't register that you have already done the recaptcha. I was using Firefox with ad-blockers and reproduced this issue on a stock version of chrome.

[flexd]

The problem as far as I can remember is that when you submit without having checked all the boxes, the server side validation will fail the request and give you the message. But the CAPTCHA token you get is a one-time use thing, so we need to refresh the Captcha so you can solve it again.

[flexd]

Just had an idea, let me try something. Saw here https://github.com/flexd/slackinviter/blob/master/main.go#L249 that we are verifying the captcha first and then the other inputs. If I were to swap those around, perhaps the whole issue goes away and the captcha token is good when you have fixed the missing input parameters?

[flexd]

Sort of accidentally closed this :-) That commit has been deployed, let me know if it's still happening please. Tested it just now and it appears to be working. You can click the button again after fixing what is missing and the captcha is still good!

[flexd]

Seems to be fixed...