Closed Sapper-Morton closed 6 months ago
zepich
commented
7 months ago Hi @Sapper-Morton
Thank you very much for your issue.
Is the validation token that mosparo returned sent to the Elementor form handler? There should be a request to admin-ajax.php as soon as you submit the form.
In this request, the submit and validation token should be in the payload. Do you see these two values?
(red rectangle)
Kind regards,
zepich
Sapper-Morton
commented
7 months ago
I can see them. Admin-ajax.php responds as:
zepich
commented
7 months ago Hi @Sapper-Morton
Thank you very much for your response.
Do you have a shared hosting, or do you use a dedicated server (physical or virtual) to host your WordPress and mosparo? Is it possible that the connection between WordPress and the Mosparo host does not work correctly?
If the hosts are working correctly, then please do the following:
/wp-content/plugins/mosparo-integration/src/MosparoIntegration/Module/ElementorForm/MosparoField.php__('Verification failed which means the form contains spam.', 'mosparo-integration'). $verificationHelper->getLastException()->getMessage() at the end of the line:
__('Verification failed which means the form contains spam.', 'mosparo-integration') . $verificationHelper->getLastException()->getMessage()You should still see the same error, but the actual error message should be visible at the end of the message, which helps me know where the problem occurs.
Thank you very much!
Kind regards,
zepich
Sapper-Morton
commented
7 months ago "An error occurred while sending the request to mosparo."
zepich
commented
7 months ago Hi @Sapper-Morton
Okay, thank you very much.
Can you adjust the line like this?
/wp-content/plugins/mosparo-integration/src/MosparoIntegration/Module/ElementorForm/MosparoField.php__('Verification failed which means the form contains spam.', 'mosparo-integration'). $verificationHelper->getLastException()->getPrevious()->getMessage() at the end of the line:
__('Verification failed which means the form contains spam.', 'mosparo-integration') . $verificationHelper->getLastException()->getPrevious()->getMessage()(New is the getPrevious()-> part)
Kind regards,
zepich
Sapper-Morton
commented
7 months ago Verification failed which means the form contains spam.Client error:POST https://mosparo.xxxx.xxx/api/v1/verification/verifyresulted in a400 Bad Requestresponse: {"error":true,"errorMessage":"Request invalid."}
I looked around for an answer and then added large_client_header_buffers 4 16k; to the nginx site config. It didn't help.
zepich
commented
7 months ago Hi @Sapper-Morton
Thank you very much for your feedback.
The error 400 Bad Request with {"error":true.... is an error message from the verification API from mosparo (https://github.com/mosparo/mosparo/blob/master/src/Subscriber/ProjectSubscriber.php#L143), so your nginx configuration is okay, as far as I can tell.
Can you enable the API debug mode in the project settings in mosparo and try it again? You should see a more extended error response with a payload. Something is wrong with that payload.
Kind regards,
zepich
Sapper-Morton
commented
7 months ago I had API debug mode already activated because I tried troubleshooting before creating this issue.
zepich
commented
7 months ago Hi @Sapper-Morton
Is the API debug mode still enabled?
Because the error message should have more content:
Verification failed which means the form contains spam.Client error: POST [https://mosparo.xxxx.xxx/api/v1/verification/verify](https://mosparo.xxxx.xxx/api/v1/verification/verify%60)
resulted in a 400 Bad Request response: {"error":true,"errorMessage":"Request invalid.","debugInformation":{"reason":.........................}} If the option is enabled for this project, but you cannot see the debugInformation key in the error message, can you verify that you're using the correct project by verifying the public and private keys in the mosparo WordPress settings?
Thank you very much for your feedback.
Kind regards,
zepich
Sapper-Morton
commented
7 months ago I re-issued new api keys and got more detailed error message:
Verification failed which means the form contains spam.Client error: POST https://mosparo.xxxxxxxxxx.xxx/api/v1/verification/verify resulted in a 400 Bad Request response: {"error":true,"errorMessage":"Request invalid.","debugInformation":{"reason":"hmac_hash_invalid","expectedHmacHash":"6cd (truncated...)
zepich
commented
7 months ago Hi @Sapper-Morton
Thank you very much for your feedback. I'm sorry for the trouble.
Can you adjust the 'adjusted' code above once more? Since the message is truncated, we cannot see the debug information.
/wp-content/plugins/mosparo-integration/src/MosparoIntegration/Module/ElementorForm/MosparoField.php__('Verification failed which means the form contains spam.', 'mosparo-integration'). $verificationHelper->getLastException()->getPrevious()->getResponse() at the end of the line:
__('Verification failed which means the form contains spam.', 'mosparo-integration') . $verificationHelper->getLastException()->getPrevious()->getResponse()(Replace the getMessage() at the end with the getResponse())
Thank you very much.
Kind regards,
zepich
Sapper-Morton
commented
7 months ago No, thank you for helping!
I got form message on submit: error and nothing else.
I checked nginx error log for the mosparo and saw:
CLIENT-IP - - [15/Apr/2024:13:14:33 +0300] "POST /api/v1/frontend/request-submit-token HTTP/2.0" 200 851 "https://connected.site/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"
CLIENT-IP - - [15/Apr/2024:13:14:33 +0300] "POST /api/v1/frontend/request-submit-token HTTP/2.0" 200 851 "https://connected.site/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"
CLIENT-IP - - [15/Apr/2024:13:14:42 +0300] "POST /api/v1/frontend/check-form-data HTTP/2.0" 200 78 "https://connected.site/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0"
CONNECTED-SITE-IP - PUBLIC_API_KEY [15/Apr/2024:13:14:42 +0300] "POST /api/v1/verification/verify HTTP/1.1" 400 925 "-" "GuzzleHttp/7"
I had to osbcure some information: CLIENT-IP is my computer sending the post data https://conneted.site is the website I have the form on. CONNECTED-SITE-IP is the server ip where the connected.site is running PUBLIC_API-KEY is mosparo public api key
zepich
commented
7 months ago Hi @Sapper-Morton
Thank you very much for your feedback.
So, with the getResponse() adjustment above, you only see error when submitting the form? If yes, do you see an error 500 in the developer tools for the admin-ajax.php request?
Thank you for the nginx error log. So far, this looks all good.
Kind regards,
zepich
Sapper-Morton
commented
7 months ago Hey,
Yes, getResponse() gives nothing else but 'error' when submitting the form. The admin-ajax.php request gives error 500.
zepich
commented
7 months ago Hi @Sapper-Morton
Sorry, that was my mistake.
I forgot to add something; here is the adjusted code:
/wp-content/plugins/mosparo-integration/src/MosparoIntegration/Module/ElementorForm/MosparoField.php__('Verification failed which means the form contains spam.', 'mosparo-integration'). \MosparoDependencies\GuzzleHttp\Psr7\Message::toString($verificationHelper->getLastException()->getPrevious()->getResponse()) at the end of the line:
__('Verification failed which means the form contains spam.', 'mosparo-integration') . \MosparoDependencies\GuzzleHttp\Psr7\Message::toString($verificationHelper->getLastException()->getPrevious()->getResponse())That should finally show you the complete response from mosparo.
Thank you very much!
Kind regards,
zepich
Sapper-Morton
commented
7 months ago Verification failed which means the form contains spam.HTTP/1.1 400 Bad Request Server: nginx/1.18.0 Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=0, must-revalidate, private Date: Wed, 17 Apr 2024 07:44:15 GMT X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; script-src 'self'; style-src 'self' X-Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; script-src 'self'; style-src 'self' X-XSS-Protection: 1; mode=block Expires: Wed, 17 Apr 2024 07:44:15 GMT {"error":true,"errorMessage":"Request invalid.","debugInformation":{"reason":"hmac_hash_invalid","expectedHmacHash":"4a258025067cc0af5d0b27cdf87c65a14c087d2d47482667b2122960a7357d1e","receivedHmacHash":"70348e04b1815f510aa1eecc96c4233c9cd903e4dbda1fa2f49d900bd5340855","payload":"\/api\/v1\/verification\/verify{\u0022q\u0022:\u0022\\\/api\\\/v1\\\/verification\\\/verify\u0022,\u0022submitToken\u0022:\u00227gtq7qSWtvb7IvbjqtovtdUNMhEXnodwjVqog1BHL9Y\u0022,\u0022validationSignature\u0022:\u0022c100429759e7d5c25e7f654884f868a568eaac5d2d37d100bf4a97500702f6ca\u0022,\u0022formSignature\u0022:\u0022d09a999cfeb487ebe07f5ae4b842df5b4f9bade02ed814cf8dc00bb9362d25cd\u0022,\u0022formData\u0022:{\u0022form_fields[email]\u0022:\u0022697d7c327c8cd7ba5a5adc49ab917b858dfc61af41db209c5a311b27fa3f77a9\u0022,\u0022form_fields[viesti]\u0022:\u00221f5f9aba6b872f7cb04f3b4971a8cfe23530cf5aa9dde34cee31cf221c9085db\u0022}}"}}
zepich
commented
7 months ago Hi @Sapper-Morton
Awesome, thank you very much!
The problem is in the generation of the signature. Somehow, mosparo receives an additional argument q with the API path /api/v1/verification/verify, which should not be there.
/api/v1/verification/verify{"submitToken":"7gtq7qSWtvb7IvbjqtovtdUNMhEXnodwjVqog1BHL9Y","validationSignature":"c100429759e7d5c25e7f654884f868a568eaac5d2d37d100bf4a97500702f6ca","formSignature":"d09a999cfeb487ebe07f5ae4b842df5b4f9bade02ed814cf8dc00bb9362d25cd","formData":{"form_fields[email]":"697d7c327c8cd7ba5a5adc49ab917b858dfc61af41db209c5a311b27fa3f77a9","form_fields[viesti]":"1f5f9aba6b872f7cb04f3b4971a8cfe23530cf5aa9dde34cee31cf221c9085db"}}/api/v1/verification/verify{"q":"\/api\/v1\/verification\/verify","submitToken":"7gtq7qSWtvb7IvbjqtovtdUNMhEXnodwjVqog1BHL9Y","validationSignature":"c100429759e7d5c25e7f654884f868a568eaac5d2d37d100bf4a97500702f6ca","formSignature":"d09a999cfeb487ebe07f5ae4b842df5b4f9bade02ed814cf8dc00bb9362d25cd","formData":{"form_fields[email]":"697d7c327c8cd7ba5a5adc49ab917b858dfc61af41db209c5a311b27fa3f77a9","form_fields[viesti]":"1f5f9aba6b872f7cb04f3b4971a8cfe23530cf5aa9dde34cee31cf221c9085db"}}This "q":"\/api\/v1\/verification\/verify", should not be in there.
Is it possible that you added ?q=$uri in your nginx configuration in the PHP location?
Can you share your nginx configuration?
Kind regards,
zepich
Sapper-Morton
commented
7 months ago Hi, I did have the ?q=$uri part and changed it like you suggested. Now Mosparo check just says 'error' again...
Here's the modified server config
server {
server_name mosparo.xxxxxxxx.xxx;
root /var/www/mosparo/public;
client_max_body_size 128M;
large_client_header_buffers 4 16k;
access_log /var/log/nginx/error-mosparo.log;
error_log /var/log/nginx/error-mosparo.log error;
index index.html index.php;
location / { # Required
try_files $uri $uri/ /index.php?$args;
}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm-xxxxxxxxx.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ ^/resources/(.*)/(.*)\.css$ { # Required
try_files $uri $uri/ /index.php?$args;
log_not_found off;
expires max;
}
gzip_static on;
gzip_proxied any;
gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascr>
gzip_vary on;
charset utf-8;
location ~* \.(js|css|svg|png|jpg|jpeg|gif|ico|json|woff|woff2|ttf|eot)$ {
expires max;
log_not_found off;
}
--- CertBot part ---
Hi @Sapper-Morton
Perfect, thank you very much for the update.
There is probably a different exception now. Can you adjust the code in the file again and go back to the previous one (with getMessage() at the end)?
/wp-content/plugins/mosparo-integration/src/MosparoIntegration/Module/ElementorForm/MosparoField.php__('Verification failed which means the form contains spam.', 'mosparo-integration'). $verificationHelper->getLastException()->getPrevious()->getMessage() at the end of the line:
__('Verification failed which means the form contains spam.', 'mosparo-integration') . $verificationHelper->getLastException()->getPrevious()->getMessage()If that shows you the same error, please remove also the getPrevious()-> part.
Kind regards,
zepich
Sapper-Morton
commented
7 months ago It still shows just 'error'. Console shows error 500. Looks like CORS related.
I think i've forgot to tell that the mosparo server is not local. It is running on different virtual machine with different ip.
Status
500
VersionHTTP/2
Transferred648 B (184 B size)
Referrer Policystrict-origin-when-cross-origin
Request PriorityHighest
DNS ResolutionSystem
access-control-allow-credentials
true
access-control-allow-origin
https://xxxxxxxx.xxx
cache-control
no-cache, must-revalidate, max-age=0, no-store, private
content-type
text/html; charset=UTF-8
date
Wed, 17 Apr 2024 09:30:53 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-content-type-options
nosniff
X-Firefox-Spdy
h2
x-frame-options
SAMEORIGIN
x-robots-tag
noindex
Accept
application/json, text/javascript, */*; q=0.01
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US,en;q=0.5
Connection
keep-alive
Content-Length
1698
Content-Type
multipart/form-data; boundary=---------------------------2148669536751623232489430797
Cookie
wordpress_sec_694d206bcfd1e1d1962ab19d791a71de=oddy%7C1713348936%7ClTpIjz07eROsLmihclm6oNI1HS04tOvB8j0thnelE4m%7C79299ceb3226f2851a829ab91bf0f8ea0631c55494309f3f3eca45e6b7d0373c; prism_611062616=f492b1a4-7d0e-4403-b3e2-594ee5eb3d39; _ga_8XNEEYF5YC=GS1.1.1713345114.99.1.1713346168.60.0.749435536; _ga=GA1.1.1585784418.1707828439; _lfa=LF1.1.63567abe43f78c88.1707828439407; _hjSessionUser_2081911=eyJpZCI6ImU1NzU2M2ZmLWYxMWEtNTVkMy05MmJmLTgzZGNlNzcxMGY1YiIsImNyZWF0ZWQiOjE3MDc4Mjg0NDA0NDQsImV4aXN0aW5nIjp0cnVlfQ==…%3A%22Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010.15%3B%20rv%3A123.0%29%20Gecko%2F20100101%20Firefox%2F123.0%22%7D; _gcl_au=1.1.2071219448.1710403740; wordpress_logged_in_694d206bcfd1e1d1962ab19d791a71de=oddy%7C1713348936%7ClTpIjz07eROsLmihclm6oNI1HS04tOvB8j0thnelE4m%7Cb276998f5bbf2dc6699809375b69eee36ec8c493a5942c90c18e16865a618da2; _hjSession_2081911=eyJpZCI6Ijk1ZDgyYjllLTA1YzUtNDBjNy1iZDE0LWMxOWY1MjFjMmU4MiIsImMiOjE3MTMzNDUxMTU3MjYsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjowfQ==
DNT
1
Host
xxxxxxxx.xxx
Origin
https://xxxxxxxx.xxx
Referer
https://xxxxxxxx.xxx/yhteys/
Sec-Fetch-Dest
empty
Sec-Fetch-Mode
cors
Sec-Fetch-Site
same-origin
Sec-GPC
1
TE
trailers
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
X-Requested-With
XMLHttpRequestHi @Sapper-Morton
Thank you for your update.
The request to admin-ajax.php generates now (again) an error 500, correct?
What happens if you remove this part . $verificationHelper->getLastException()->getPrevious()->getMessage() completely from the file which you edited earlier?
That mosparo is running on a different machine should be fine (for development, I'm working with a local WordPress installation that uses mosparo running in a data center).
Kind regards,
zepich
Sapper-Morton
commented
7 months ago Hi,
Yeah. I see error 500.
The form says this:
zepich
commented
7 months ago What do you see in the access log of the mosparo host?
Do you still see an status code 400 for the /api/v1/verification/verify request?
(Like here https://github.com/mosparo/wordpress-plugin/issues/9#issuecomment-2056483533)
Sapper-Morton
commented
7 months ago [17/Apr/2024:12:53:02 +0300] "POST /api/v1/verification/verify HTTP/1.1" 200 134 "-" "GuzzleHttp/7"
zepich
commented
7 months ago Awesome! Do you see the submission in mosparo in the list of submissions?
Sapper-Morton
commented
7 months ago Submissions are still 0/0
Sapper-Morton
commented
7 months ago oops sorry! I checked the wrong project. I see 0/5 submissions!
zepich
commented
7 months ago Where do you see 0/5? In the dashboard?
If yes, can you show me a screenshot of one of the submissions? Because if the submissions are in mosparo but not as 'valid', there must be an issue with one of the fields.
Sapper-Morton
commented
7 months ago I think I need to fix the form. There's a field which tries to catch spammers trying to paste links to text fields and it is empty. That goes through our own filters before posting.
Sapper-Morton
commented
7 months ago Oh... The links-field is actually Elementor Honeypot field.
Sapper-Morton
commented
7 months ago I removed the Honeypot field and now the form works. Thank you so much for the help. I'll create another issue related to Elementor though... :)
zepich
commented
6 months ago Hi @Sapper-Morton
Awesome! I'm very happy that we found the issue!
Kind regards,
zepich
Im just testing a Mosparo server. Everything seems ok. I've put all keys to their places, made Mosparo Elementor form as default for the Mosparo connection I have set up in the plugin. And I've added Mosparo to Elementor Pro form. No other form checks are installed.
When I try to fill out the form and submit it after I've pressed the Mosparo checkmark, I get Verification failed error. If I check post data I can see that the form has been submitted to the Mosparo server and it responds with valid: true and a validation token.
No submission data appears on the project dashboard either. Pressing the accept button:
After form submit:
