Error after enabling Turnstile

Created on 10 February 2024, 10 months ago
Updated 15 February 2024, 10 months ago

Problem/Motivation

After enabling Turnstile module and changing the default challenge type to Turnstile form the dropdown, the site doesn't show the captcha image as before and shows Cloudflare managed challenge. However, when I hit the submit button, it throws an error saying "The answer you entered for the CAPTCHA was not correct."

Challenge type was set as default challenge type for all Form IDs. So challenge being different for that form in the above scenario is not an issue here I believe.

Steps to reproduce

Enable Turnstile Module and add the Site Key and Secret key in the configure page here admin/config/people/captcha/turnstile
Go to admin/config/people/captcha and change the default challenge type to Turnstile.
Make sure the challenge type for the forms IDs is also chosen as Default Challenge type.

Now go to the form where you want to see the turnstile in action. Here you should now see the Turnstile widget loading instead of the old captcha widget that we replaced. Fill in the fields required and hit submit. You will see an error as I mentioned above.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

πŸ’¬ Support request
Status

Closed: cannot reproduce

Version

1.0

Component

User interface

Created by

πŸ‡ΊπŸ‡ΈUnited States manoj.surala

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @manoj.surala
  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala
  • πŸ‡«πŸ‡·France jibus

    Do you have the same behavior when using the dummy sitekeys and secret keys ?

    https://developers.cloudflare.com/turnstile/reference/testing/

    Here you should now see the Turnstile widget loading

    Does the widget display a green check icon ?

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    Yes, It does display the Turnstile widget. Attached the successful load of widgets. I used the dummy keys as well and was able to load it successfully. What I don't understand is why the Image captcha widget or the default Captcha Math widget error comes on a page where turnstile is enabled. Below are my dev env details.

    Drupal 7.97
    PHP 8.1.27
    Turnstile 7.x-1.0

  • πŸ‡«πŸ‡·France jibus

    Strange indeed.

    Could you try to avoid setting Turnstile as default challenge for all forms and just enable it on the form you want (or one form for example)

    Clear cache.

    Doing that, do you have the same result ?

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    Yes, the settings were specific to those form types at the moment when I posted my results. I tried keeping turnstile for all forms earlier for the first time when I installed this module.
    To avoid cache I used a different browser and also cleared the system cache tables to leave no stone unturned which gave me the same error unfortunately. I initially saw the widget loading fine but now seeing a message on the widget after I wait for a couple of seconds. Attached the screenshot.

  • πŸ‡«πŸ‡·France jibus

    This message is from CF, not the plugin.

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    Yes, I reverted the keys back to the ones I created on Cloudflare for my dev site and it is normal again without any message from Cloudflare on the widget. The error still exists though. Unable to submit form and validation error pops up.

  • πŸ‡«πŸ‡·France jibus

    Apart from the php version, I have the same Drupal version and I don't have the generic error.

    Do you have Watchdog ON ? What does it say ?

    Below my conf :

    Default challenge type : Math (from module captcha)

    Turnstile is set as challenge type on specific form id (for example contact form)

    Default challenge on non-listed forms : DISABLED
    Add CAPTCHA administration links to forms : DISABLED
    Allow CAPTCHAs and CAPTCHA administration links on administrative pages : DISABLED
    Default CAPTCHA validation : Case insensitive validation: lowercase/uppercase errors are ignored.
    Persistence: Omit challenges in a multi-step/preview workflow once the user successfully responds to a challenge.
    Enable statistics : FALSE
    Log wrong answer : FALSE

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    My settings are the same but the "Default challenge: Image from Image Captcha Module" is enabled on few forms.

    Watchdog errors:
    Warning: Undefined array key "unknown-error" in Turnstile\Turnstile->getResponseErrors() (line 167 of /var/www/html/sites/all/modules/contrib/turnstile/src/Turnstile/Turnstile.php).

    forum_node_form post blocked by CAPTCHA module: challenge Turnstile (by module turnstile), user answered "Turnstile no captcha", but the solution was "1".

  • πŸ‡«πŸ‡·France jibus

    Looks like CF Turnstile return an unhandled error by the module.

    From the module:

        $error_codes = array(
          'missing-input-secret' => t('The secret parameter was not passed.'),
          'invalid-input-secret' => t('The secret parameter was invalid or did not exist.'),
          'missing-input-response' => t('The response parameter was not passed.'),
          'invalid-input-response' => t('The response parameter is invalid or has expired.'),
          'bad-request' => t('The request was rejected because it was malformed.'),
          'timeout-or-duplicate' => t('The response parameter has already been validated before.'),
          'internal-error' => t('An internal error happened while validating the response. The request can be retried.'),
        );
    

    https://developers.cloudflare.com/turnstile/get-started/server-side-vali...

    missing-input-secret The secret parameter was not passed.
    invalid-input-secret The secret parameter was invalid or did not exist.
    missing-input-response The response parameter was not passed.
    invalid-input-response The response parameter is invalid or has expired.
    invalid-widget-id The widget ID extracted from the parsed site secret key was invalid or did not exist.
    invalid-parsed-secret The secret extracted from the parsed site secret key was invalid.
    bad-request The request was rejected because it was malformed.
    timeout-or-duplicate The response parameter has already been validated before.
    internal-error An internal error happened while validating the response. The request can be retried.

    So, it could be an invalid widget id or secret.

    If you are in a dev env, you should only use dummy sitekey and secret.

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    But I the logs I shared are when I used dummy keys. I reverted back to dummy keys now and got the same logs again.

  • πŸ‡«πŸ‡·France jibus

    Does you dev env have access to internet and to the following URL ?

    https://challenges.cloudflare.com/turnstile/v0/siteverify

  • πŸ‡ΊπŸ‡ΈUnited States manoj.surala

    Thanks for pointing me in the right direction. Looks like this URL is blocked by the network team. I don't have access to test this on server level. But I did test dummy keys on a local env and it worked. Appreciate you for all the help Jibus :)

  • Status changed to Closed: cannot reproduce 10 months ago
  • πŸ‡ΊπŸ‡ΈUnited States greatmatter
Production build 0.71.5 2024