Add validation for error message. - Githubissues

magento / security-package

Magento Security Extensions

Open Software License 3.0

73 stars 69 forks source link

Add validation for error message. #222

Closed sdzhepa closed 4 years ago

sdzhepa commented 4 years ago

Description

In the current implementation, all error messages from google are overriding by module functionality and end-user reserves message from Magento Admin configuration settings reCAPTCHA Validation Failure Message

It seems should be applied ONLY to verification error - like reCAPCTHA is incorrect

In cases like service is unavailable or other types possibly will be a reasonable show to user another message like "Something went wrong, please contact Store owner" and additionally error message from google should be logged into system.log

Steps to reproduce

Configure any type of reCAPCTHA
Use incorrect Google API Secret Key
Enable this reCAPCTHA for some test form on Storefront. ex: Create New Customer
Try to Create New customer and use reCAPCTHA

Expected Result

Should some friendly message for a user like "Something went wrong, please contact Store owner"
TODO: Message should be Improved and agreed with PO

Actual Result

According to STORE > Configuration setting per each reCAPCHA reCAPTCHA Validation Failure Message all error messages will be overridden

So, User can assume he/she did something wrong.

Example for V2 "I am not a robot"

2020-06-18_14-15-05

Example for V2 Invisible

2020-06-18_14-23-19 Invisible

Example for V3 Invisible

2020-06-18_14-25-26

sdzhepa commented 4 years ago

Need additional investigation.

after discussion with PO should in such cases should be a message like "Error occurs, please contact to %email address% "

Need to investigate which email from Store> configuration can be used. Like customer support, or etc
Need to agree with PO exact text for the message

naydav commented 4 years ago

Merged with https://github.com/magento/security-package/pull/259