Closed n2diving-dgx closed 5 months ago
Hi @n2diving-dgx. Thank you for your report. To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
@magento give me 2.4-develop instance
- upcoming 2.4.x release@magento I am working on this
Join Magento Community Engineering Slack and ask your questions in #github channel. :warning: According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting. :clock10: You can find the schedule on the Magento Community Calendar page. :telephone_receiver: The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.
Hopefully some other user with different Google reCaptcha and Braintree credentials would test in their environment to confirm the issue with protecting Braintree checkout via credit cards as described above is reproduceable on M2.4.6 using credentials other than mine.
Hi @engcom-Dash. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:
Area: XXXXX
label to the ticket, indicating the functional areas it may be related to.2.4-develop
branch@magento give me 2.4-develop instance
to deploy test instance on Magento infrastructure. 2.4-develop
branch, please, add the label Reproduced on 2.4.x
.@magento give me 2.4-develop instance
Hi @engcom-Dash. Thank you for your request. I'm working on Magento instance for you.
Hi @engcom-Dash, here is your Magento Instance: https://1b3463814a34b1f892a4768bc32ddd33.instances-prod.magento-community.engineering Admin access: https://1b3463814a34b1f892a4768bc32ddd33.instances-prod.magento-community.engineering/admin_118a Login: 5c67384a Password: f3a11763eef9
Hi @n2diving-dgx ,
Issue Confirmed !
Verified the issue in 2.4.4 local instance and 2.4.6 magento instance and its reproducible,Hence we are confirming the issue.
Preconditions: Magento Version 2.4.4 Magento version 2.4.6 PHP version 8.1
Steps to reproduce:
1.Install Fresh 2.4.6 Magento instance 2.Go to Backend and Configuration and Security 3.Select Google recaptcha Store Frontend 4.Enter API website and Secret key of Recaptcha invisible v3 5.Save Configuration and clear cache. 6.Again go to Configuration and Sales and Payment methods 7.Select Braintree Payment Configuration 8.Enter Public key ,Private key and validate the credentials and enable card payment 9.save Configuration and clear cache 10.Go to front login with customer 11.Select any product and place the order with Credit card and enter card details as per main description 12.Trying to place order with Recaptcha invisible with v3
Kindly refer the below screenshots:( Recaptcha Invisible v3)
In magento 2.4.6 version Order Page is HUNG, UNABLE TO PLACE ORDER using ReCAPTCHA V3 Invisible security.Same thing we are trying to reproduce in 2.4.4 instance and we can place the order successfully.
Kindly refer the below screenshots:
In 2.4.4 instance we can place the order successfully both RECAPTCHA V2 AND INVISIBLE V3 But in magento 2.4.6 instance we got Actual result as per the description,Hence we confirming the issue.
Regards,
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-8315 is successfully created for this GitHub issue.
:white_check_mark: Confirmed by @engcom-Dash. Thank you for verifying the issue.
Issue Available: @engcom-Dash, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.
@engcom-Dash As per the discussion in triage call, we need to recheck this issue.
Thanks
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-8329 is successfully created for this GitHub issue.
@magento I am working on this
Any updates on this?
+1 please as happening with 2.4.6-p1
https://experienceleague.adobe.com/docs/commerce-knowledge-base/kb/support-tools/patches/v1-1-31/acsd-50345-recaptcha-issues-during-checkout.html is already part of above version and as per the description
Please note that the issue was partially fixed in Adobe Commerce 2.4.6 and is scheduled to be completely fixed in Adobe Commerce 2.4.7.
Hi, is there any patch available now for this issue.
+1 Got the same problem. Waiting for a solution.
+1 is there any patch available now for this issue?
Upgraded to 2.4.6p2, problem is still there. And just noticed that the "I am not a robot" v2 Recapcha actually is not working at all. Even if the checkbox is not checked, still can make the payment successfully..
Just spent 2 days trying to find what was causing our checkout to fail silently (2.4.6-p2).
I finally arrived in the right place!
Any update on this ridiculousness?
I analysed the ACSD-50345_1.1.4-p1.patch and it only brings in a few changes from the upgraded re-captcha (1.1.3) which are already present in 2.4.6-p2 so no fix there I'm afraid.
Still issue exist. I don't see any other way to block card attacks. Our big client on latest Magento build stil encounter it.. Please fix it.
Thank you everyone for your feedback!
GENE Commerce is responsible for developing the Magento Braintree extension. I would like to tell you that this ReCaptcha issue is already been fixed in Magento v2.4.7-beta1 that has already been released on June 13, 2023. Here, you can find the v2.4.7-beta1 release notes for Braintree: https://experienceleague.adobe.com/docs/commerce-operations/release/notes/adobe-commerce/2-4-7.html?lang=en#braintree
We already have a patch for Google ReCaptcha v2 or V3 Invisible issue with Braintree in Magento/Adobe v2.4.6 and its patch versions. You can download the patch from this link: https://support.gene.co.uk/support/solutions/articles/35000227825-patch-for-unable-to-checkout-via-braintree-with-google-recaptcha-v2-or-v3-invisible-in-magento-v2-4-6-and-v2-4-6-p1-p2
Also if you have any technical issues or concerns regarding our Magento Braintree extension, you can reach out to us by raising a support ticket from here: https://support.gene.co.uk/support/home
"We already have a patch for Google ReCaptcha v2 or V3 Invisible issue with Braintree in Magento/Adobe v2.4.6 and its patch versions. You can download the patch from this link: https://support.gene.co.uk/support/solutions/articles/35000227825-patch-for-unable-to-checkout-via-braintree-with-google-recaptcha-v2-or-v3-invisible-in-magento-v2-4-6-and-v2-4-6-p1-p2"
@Amiga4ever Assuming you're using a deploy structure that leverages cweagans (or similar module like vaimo) for patch installation, it's as straightforward as downloading that patch, adding it to your patches folder, and adding the reference to your composer.patches.json. At that point it'll be picked up and applied the next time you run composer install.
If not then you'd have to manually apply it (git apply "patchfile"), but that won't survive for very long (any reinstall of vendor will wipe it out), so I'd only do that in a local test environment.
I've just tested this locally with a 2.4.6-p2 instance we were prepping and the patch does resolve the issue (makes sense, it's basically a clone of the relevant portion of ACSD-50345 to magento/module-re-captcha-checkout/view/frontend/web/js/model/place-order-mixin.js
, applied to the Braintree core module mixin).
"We already have a patch for Google ReCaptcha v2 or V3 Invisible issue with Braintree in Magento/Adobe v2.4.6 and its patch versions. You can download the patch from this link: https://support.gene.co.uk/support/solutions/articles/35000227825-patch-for-unable-to-checkout-via-braintree-with-google-recaptcha-v2-or-v3-invisible-in-magento-v2-4-6-and-v2-4-6-p1-p2"
- how to implement this patch ?
This patch dosen't work in my situation.
@magento I am working on this
Can I check whether we want to fix this issue on 2.4.7? or on develop? This issue has been here for a while and before I start, I'd like to understand what is the most recent situation with this issue. Also, on develop environment, I can't see any reCaptcha modules
For reference, I have now awareness where the recaptcha modules are: (thanks @TuVanDev) https://github.com/magento/security-package https://magento.stackexchange.com/questions/362719/where-is-the-code-of-packages-like-magento-recaptchaadminui-on-github
HI @n2diving-dgx
Thanks for reporting and collaboration.
Verified the issue on magento 2.4.7 instance but the issue is not reproducable.
Steps to reproduce:
1.Install Fresh 2.4.7 Magento instance 2.Go to Backend and Configuration and Security 3.Select Google recaptcha Store Frontend 4.Enter API website and Secret key of Recaptcha invisible v3 5.Save Configuration and clear cache. 6.Again go to Configuration and Sales and Payment methods 7.Select Braintree Payment Configuration 8.Enter Public key ,Private key and validate the credentials and enable card payment 9.save Configuration and clear cache 10.Go to front login with customer 11.Select any product and place the order with Credit card and enter card details as per main description 12.Try to place order with Recaptcha invisible with v3
We are able to place the order with creditcard and Recaptcha invisible v3 successfully.
Please refer the attached screenrecording. Do let us know if we have missed anything.
https://github.com/magento/magento2/assets/60198592/0f29c2a5-4fd7-444d-90f4-cd3485fa9102
I can also place order successfully with 2.4.7 and the same recaptcha setting as in the post, so I will unassign myself from this task
Hi @n2diving-dgx
As per the above comments, the issue is not reproducible in 2.4.7.
We are closing the issue.
Please feel free to reopen the ticket if the issue persists again.
Preconditions and environment
Upon upgrading our production site from M2.4.5-p2 to M2.4.6 we discovered customers were unable to checkout via Credit Card using the Braintree Payments extension V4.5.0 bundled in to M2.4.6 The cause was found to be the ReCaptcha V3 security enabled on the Credit Card checkout.
See detailed steps below to reproduce the issue using a fresh unaltered M2.4.6 install with Luma Store sample data and Braintree sandbox credentials with ReCAPTCHA V3 Invisible security. If you wish you may repeat test using ReCAPTCHA V2 Invisible security, hung result is the same as with V3.
Only workaround to protecting checkout using Braintree Credit Card Payment method is reCAPTCHA V2 (I'm not a robot) challenge. According to Google this is the least secure of the three ReCAPTCHA options.
Steps to reproduce
Fresh Install of M2.4.6 in environment as above Login to backend
Nav to Admin>Stores>Configure>General>Web>Default Cookie Settings If necessary, set the Cookie Domain to the appropriate domain value (so you will be able to login on front end) Save Config Nav to Admin>Stores>Configure>Security>Google reCAPTCHA Storefront Enter known valid credentials for Google Recaptcha V2 (robot), V2 (invisible), and V3. On Storefront Enable Customer Login and Braintree payment form for reCAPTCHA V2 (I am not a robot) Save Config Nav to Admin>Stores>Configure>Sales>Payment Methods Select Merchant Country as United States and Save Config Configure Braintree Payments (by GENE Commerce v4.5.0) Enter known valid sandbox credentials for Merchant ID, Public Key, Private Key and Validate Credentials Enable Card Payments = Yes and Save Config Flush Magento Cache
On Frontend, successfully Sign In using Demo Customer Access credentials Answer ReCaptcha "I'm not a robot." challenge Add Affirm Water Bottle to cart Proceed to Checkout Shipping Method select Fixed Flat Rate Payment Method select Credit Card Enter Card # 4111 1111 1111 1111 Expiration: 12/2023 Security Code: 123 Answer ReCaptcha "I'm not a robot." challenge Click blue "Place Order" button Observe "spinner" appears for a moment and then automatically redirects to "Thank you for your purchase!" success page with order number Logout of Customer Account
Return to backend Nav to Admin>Stores>Configure>Security>Google reCAPTCHA Storefront> Storefront Change Enable Customer Login and Braintree payment form to reCAPTCHA V3 Invisible and Save Config Flush Magento Cache
On Frontend, successfully Sign In using Demo Customer Access credentials Verify "Protected by reCAPTCHA" badge appears next to "Sign In" button Add Affirm Water Bottle to cart Proceed to Checkout Shipping Method select Fixed Flat Rate Payment Method select Credit Card Enter Card # 4111 1111 1111 1111 Expiration: 12/2023 Security Code: 123 Verify "Protected by reCAPTCHA" badge appears to the left of "Place Order" button Click dark blue "Place Order" button Place Order button turns light blue and ... Order Page is HUNG, UNABLE TO PLACE ORDER using ReCAPTCHA V3 Invisible security
Expected result
Upon clicking Place Order button, the order is placed successfully with ReCAPTCHA V3 Invisible security enabled on Braintree Credit Card payment method, customer is redirected to the success page.
Actual result
Upon clicking dark blue Place Order button, the button turns light blue and order page is HUNG, unable to place order with ReCAPTCHA V3 Invisible security enabled on Braintree Credit Card payment method, and Customer is NOT redirected to the success page
Additional information
The issue appears to only affect protecting Braintree Credit Card payment method with reCAPTCHA, in the limited testing of an frontend Customer Sign In using any version of reCAPTCHA does not appear to affect the login.
Checkout via Credit Card protected with ReCAPTCHA V3 Invisible security was working correctly for M2.4.5-p2 in both production and sandbox environments. I also tested M2.4.6 using our Braintree production credentials instead of sandbox, but there was no difference using either set of credentials - the Place Order hangs and attempting to place an order protected with either version of V2 or V3 Invisible ReCAPTCHA fails.
Release note
No response
Triage and priority