Contrib.social

CAPTCHA fails every time for dynamically-loaded forms via AJAX with a cached form state

Open on Drupal.org β†’
Created on 5 September 2024, 4 months ago

Problem/Motivation

When a form is loaded, the CAPTCHA module stores processed versions of the form ID and posted form ID in the form state. It then checks that these two values match before releasing the CAPTCHA session ID for use.

  • For regular forms loaded via GET request, this is fine since the form state won't be cached, so _captcha_get_posted_captcha_info() will always follow the "else" path on submission and find the form's actual posted form ID.
  • For forms which are dynamically-loaded via AJAX POST request and immediately cache their form state, the posted form ID is always NULL. This results in a failed CAPTCHA on every submission.

This is definitely an atypical form architecture, but it's technically allowed by Drupal.

Steps to reproduce

  1. Have a form which is only accessible via POST request and caches its form state on first load (i.e., $form_state->setCache(TRUE); in its ::buildForm() implementation).
  2. Add a CAPTCHA to the form.
  3. Load the form dynamically via AJAX POST request.
  4. Observe that the posted form ID returned by _captcha_get_posted_captcha_info() is always NULL.

Proposed resolution

Instead of pulling the posted form ID from the form state, just simply reference this_form_id in the form state. This is safe to do because a cached form state will never be paired to a form with a different ID.

Remaining tasks

  1. Resolve the issue.
  2. Implement test(s).

User interface changes

None.

API changes

None.

Data model changes

None to this module's public API.

πŸ› Bug report
Status

Needs review

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States clayfreeman Paragould, AR

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @clayfreeman
  • Merge request !97CAPTCHA fails every time for dynamically-loaded forms via AJAX with a cached form state β†’ (Open) created by clayfreeman
  • Pipeline finished with Success
    4 months ago
    Total: 299s
    #274980
  • Pipeline finished with Canceled
    4 months ago
    Total: 128s
    #275118
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States clayfreeman Paragould, AR
  • Pipeline finished with Failed
    4 months ago
    #275120
  • Pipeline finished with Failed
    4 months ago
    Total: 344s
    #275128
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States clayfreeman Paragould, AR
  • Pipeline finished with Success
    4 months ago
    Total: 666s
    #275135
  • Pipeline finished with Failed
    4 months ago
    Total: 452s
    #275142
  • Pipeline finished with Failed
    4 months ago
    Total: 312s
    #275148
  • Pipeline finished with Failed
    4 months ago
    Total: 339s
    #275153
  • Pipeline finished with Failed
    4 months ago
    Total: 484s
    #275156
  • Pipeline finished with Success
    4 months ago
    Total: 333s
    #275161
  • Pipeline finished with Success
    4 months ago
    #275163
  • Issue was unassigned.
  • Status changed to Needs review 4 months ago
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States clayfreeman Paragould, AR

    Ready for initial review.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024