search

ixnas / altcha-dotnet

C# implementation of the ALTCHA challenge.
BSD 2-Clause "Simplified" License
15 stars 1 forks source link

Spam filter always fails #3

Open PixieCatSupreme opened 1 day ago

PixieCatSupreme commented 1 day ago

I am trying to add spam filtering to my website, but the spam filtering always returns false for both the isValid value and the passedSpamFilter value.

This is my form:

public class GuestbookCommentForm
    {
        [Required(ErrorMessage = "Message is required!")]
        [StringLength(200, ErrorMessage = "The {0} value cannot exceed {1} characters. ")]
        public string? Text { get; set; }

        [StringLength(200, ErrorMessage = "The {0} value cannot exceed {1} characters. ")]
        [EmailAddress]
        public string? Email { get; set; }
        public string? Altcha { get; set; }
    }

This is my view:

        <form asp-controller="Guestbook" asp-action="Send" method="post">
            <div class="mb-3">
                <label asp-for="@Model.Email"></label>
                @Html.TextBoxFor(m => m.Email, new { placeholder = "Email", @class = "form-control" })
            </div>
            <div class="mb-3">
                <label asp-for="@Model.Text"></label>
                <div class="textAreaDiv">
                    @Html.TextAreaFor(m => m.Text, new { placeholder = "Message", @class = "form-control" })
                </div>
            </div>

            <altcha-widget challengeurl="https://eu.altcha.org/api/v1/challenge?apiKey=@(Model.Altcha)"
                           spamfilter>
            </altcha-widget>
            <br />
            <button type="submit" class="btn btn-secondary">Post</button>
        </form>

And this is my controller:

       [HttpPost("Send")]
        public async Task<IActionResult> Send(
        [FromForm] GuestbookCommentForm guestbookCommentForm)
        {
            try
            {
                return Ok(await _apiService.ValidateSpamFilteredForm(guestbookCommentForm));
            }
            catch (Exception ex)
            {
                Logger.AddException(ex);

                return Problem(ex.ToString());
            }
        }

Surprisingly, when I remove the spamfilter value from my view and change the ApiService call from ValidateSpamFilteredForm to Validate it does successfully validate. Am I missing something or is something going wrong?

ixnas commented 1 day ago

Hi there, thank you for taking an interest in this project!

I'm not entirely sure what's going on and I can't replicate your issue here. Your code seems fine though.

Could you maybe use your browser's dev tools to look at your network requests/responses, and share what's in them (without the API key in the URL)? Particularly the challenge and verify requests and responses.

Could you also share your configuration for the AltchaApiServiceBuilder (without the keys/secrets)?

Sorry to hear you're having issues, I hope I can help!

PixieCatSupreme commented 8 hours ago

This is the response of challenge

algorithm   "SHA-256"
challenge   "b6251132217d758b3fbf52346c9e03ca761df2fe983e6fe179811ef9da747c4b"
maxnumber   20000
salt    "68bd5a9db6e9008dccddb7e0?expires=1729799681"
signature   "c7b1cfb622d3144717965271cf0bcfea2d35e10099c41c6ca15cb93661d75fc1"

This is the request of verify

expectedLanguages   […]
0   "en"
fields  {…}
Email   "test@gmail.com"
Text    "This is a test message. Please be nice"
ipAddress   "auto"
payload "eyJhbGdvcml0aG0iOiJTSEEtMjU2IiwiY2hhbGxlbmdlIjoiYjYyNTExMzIyMTdkNzU4YjNmYmY1MjM0NmM5ZTAzY2E3NjFkZjJmZTk4M2U2ZmUxNzk4MTFlZjlkYTc0N2M0YiIsIm51bWJlciI6MTY0MzAsInNhbHQiOiI2OGJkNWE5ZGI2ZTkwMDhkY2NkZGI3ZTA/ZXhwaXJlcz0xNzI5Nzk5NjgxIiwic2lnbmF0dXJlIjoiYzdiMWNmYjYyMmQzMTQ0NzE3OTY1MjcxY2YwYmNmZWEyZDM1ZTEwMDk5YzQxYzZjYTE1Y2I5MzY2MWQ3NWZjMSIsInRvb2siOjE0OX0="
timeZone    "Europe/Berlin"

And this is response of verify

body    Object { payload: "eyJhbGdvcml0aG0iOiJTSEEtMjU2IiwiY2hhbGxlbmdlIjoiYjYyNTExMzIyMTdkNzU4YjNmYmY1MjM0NmM5ZTAzY2E3NjFkZjJmZTk4M2U2ZmUxNzk4MTFlZjlkYTc0N2M0YiIsIm51bWJlciI6MTY0MzAsInNhbHQiOiI2OGJkNWE5ZGI2ZTkwMDhkY2NkZGI3ZTA/ZXhwaXJlcz0xNzI5Nzk5NjgxIiwic2lnbmF0dXJlIjoiYzdiMWNmYjYyMmQzMTQ0NzE3OTY1MjcxY2YwYmNmZWEyZDM1ZTEwMDk5YzQxYzZjYTE1Y2I5MzY2MWQ3NWZjMSIsInRvb2siOjE0OX0=", ipAddress: "[REDACTED]", timeZone: "Europe/Berlin", … }
result  Object { classification: "NEUTRAL", score: 1.5, took: 3.3, … }
payload "eyJhbGdvcml0aG0iOiJTSEEtMjU2Iiwic2lnbmF0dXJlIjoiNmNhMzA3ZGY4YTYyZjRiMWVkYWQ1Y2QyZGE4Y2ZkZDNmMWQ2NThhNWY2ZmVjN2MyOWU0M2RmZjZmNjFiNTYzMiIsInZlcmlmaWNhdGlvbkRhdGEiOiJjbGFzc2lmaWNhdGlvbj1ORVVUUkFMJnNjb3JlPTEuNSZyZWFzb25zPXRleHQuU0hPUlRfVEVYVCUyQ2VtYWlsLkZSRUVfUFJPVklERVImY291bnRyeT1iZSZkZXRlY3RlZExhbmd1YWdlPWVuJmZpZWxkcz1FbWFpbCUyQ1RleHQmZmllbGRzSGFzaD0yMWNmYTNiNjE1MTMzZTZlMTZjMTgwNTJhZWFkM2EwMzRiMmUxNzQ0ODA3YjcxNmEwYjIxMWQ3OTZhNDY3YTdmJmlwQWRkcmVzcz0yYTAyJTNBYTAzZiUzQTgwYjAlM0FlODAwJTNBNmNiNyUzQThkOWElM0FjNTc3JTNBMjgxMCZleHBpcmU9MTcyOTc5OTY4MSZ0aW1lPTE3Mjk3ODUyODEmdmVyaWZpZWQ9dHJ1ZSIsInZlcmlmaWVkIjp0cnVlfQ=="
verified    true

At last this is my AlcthaApiServiceBuilder configuration

builder.Services.AddScoped<IAltchaChallengeStore, AltchaChallengeStore>();

builder.Services.AddScoped(sp => Altcha.CreateApiServiceBuilder()
                                       .UseApiSecret(builder.Configuration.GetValue<string>("Altcha:Secret"))
                                       .UseStore(sp.GetService<IAltchaChallengeStore>)
                                       .Build());

Thank you for wanting to help me out! :)