search

in2code-de / femanager

Modern TYPO3 Frontend User RegistrationTYPO3 Frontend User Registration and Management based on Extbase and Fluid and on TYPO3 8 and the possibility to extend it to your needs. Extension basicly works like sr_feuser_register
https://www.in2code.de/agentur/typo3-extensions/femanager/
47 stars 118 forks source link

No flash message if captcha enabled #267

Open webian opened 4 years ago

webian commented 4 years ago

Step to reproduce:

  1. enable sr_freecap via femanager typoscript captcha = 1
  2. delete all cookies
  3. submit the form to sign up

Result: the user is redirected to the status page but there's no message explaining to check email to confirm so the user doesn't know what to do.

Instead, with captcha disabled the message appears but the system is vulnerable to spam.

webian commented 4 years ago

After many hours of debugging I still can't get what's wrong so I write here my findings...

With sr_freecap enabled, sr_freecap creates a cookie to check the captcha result. This cookie means that a session exists (\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::start) so, when femanager tries to write the flash message into session, TYPO3 finds an existing session ( \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie) and so it doesn't set the cookie.

But at this point I don't know if the bug is in femanager or sr_freecap or TYPO3.

sbusemann commented 3 years ago

this needs further testing and I plan to add an automated test.

krischanskide commented 11 months ago

This problem still seems to exist …