Recaptcha disappear on logout

[claudiosoprano]

Hi all,

i have a problem with the rcguard plugin for roundcube.

When i logout from Roundcube, in the login page the Recaptcha window is not present, so if i try to login, it tells that i didn't use the recaptcha and then the recaptcha appear on the second login screen.

The only way to fix it, is reloading the page after the logout or insert the credentials twice (the first one with error).

I moved from v1.0.x to 1.1.x to 1.2.x to 1.3.x and finally 1.4.x the error is present on all the versions.

I don't know if there is a way to reload the page automatically on logout, let me know.

Thanks for the plugin. Claudio Soprano

[claudiosoprano]

just to show you what appear i will add two screenshoots

normal login screen

login screen after logout

Claudio

[dsoares]

Hi, I can't reproduce your problem. I login, then logout and the recaptcha is shown in the login screen. Tested with recaptcha v2, larry and elastic skins, with $rcmail_config['failed_attempts'] = 1. What is your 'recaptcha_whitelist' config value? Do you have more plugins enabled that could interfere with template_object_loginform hook?

[claudiosoprano]

Hi,

my $rcmail_config['failed_attempts']=0

my $recaptcha_whitelist = array(     '193.206.80.0/21',     '192.84.128.0/22',     '192.135.25.0/24',     '192.135.26.0/24',     '193.205.228.0/24',     '90.147.175.0/24',     '90.147.176.64/26',     '172.16.0.0/12',     '192.168.0.0/16', );

these are my plugins

$config['plugins'] = array('archive', 'zipdownload', 'acl', 'managesieve', 'new_user_identity', 'rcguard');

i also removed one at time all the plugins leaving only rcguard, but the problem persists

Claudio

Il 28/11/20 22:23, dsoares ha scritto:

Hi, I can't reproduce your problem. I login, then logout and the recaptcha is shown in the login screen. Tested with recaptcha v2, larry and elastic skins, with |$rcmail_config['failed_attempts'] = 1|. What is your 'recaptcha_whitelist' config value? Do you have more plugins enabled that could interfere with |template_object_loginform| hook?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dsoares/roundcube-rcguard/issues/36#issuecomment-735292114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMNCTQCJWKJBQNHWEA32JX3SSFS3NANCNFSM4R5MVI3A.

--

    /        |    /   _____/           /    |    /   _____/    |    /
   /       / |   /   /                /   / |   /   /        / |   /
  /       /  |  /   ___/   _____/    /   /  |  /   ___/     /  |  /
 /       /   | /   /                /   /   | /   /        /   | /

______/ _/ __/ _/ _/ _/ __/ _/ _/ __/

Claudio Soprano phone: (+39)-06-9403.2349/2355 Computing Service fax: (+39)-06-9403.2649 LNF-INFN e-mail: [email protected] Via Enrico Fermi, 40 www: http://www.lnf.infn.it/ I-00044 Frascati, Italy

[smefa]

I get the same issue (1.4.9 & 1.3.1). It does not show after logout. I use it with ['failed_attempts'] = 0; No whitelist

[arafatx]

It seems like you are using unsecured connection. Perhaps this might be the issue. Try using https and see if problem persists

[smefa]

My site is using https with a valid certificate and I get the same issue. Contact me if you want to check it.

[claudiosoprano]

Same here, my site use only https, http requests have rewrite rule on https sites

Claudio

Il 27/12/20 10:48, smefa ha scritto:

My site is using https with a valid certificate and I get the same issue. Contact me if you want to check it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dsoares/roundcube-rcguard/issues/36#issuecomment-751446597, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMNCTQC7XCEBCLDBTOQFHALSW37G3ANCNFSM4R5MVI3A.

[claudiosoprano]

any news about this problem, it is still valid

[rorian]

It's a great plugin but same problem here. After logout no recaptcha badge and no recaptacha callback possible. User needs to refresh the page.

-no other non-default plugins than rcguard

• failed_attempts = 0
• no whitelist
• recaptcha v3

[dsoares]

I still can't reproduce the problem. Tested with latest roundcube version (master), PHP 7.4, the same options:

• failed_attempts = 0
• no whitelist
• recaptcha v3
• i suppose you're using the elastic skin

Is there any error in the browser console?

[rorian]

I use elastic skin. Some more details:

Rouncube 1.4.11

plugins: archive | 3.4 filesystem_attachments | 1.0 jqueryui | 1.12.0 password | 5.1 rcguard | 1.3.1 zipdownload | 3.4

The steps are the same as @claudiosoprano screens.

1. user logs into the panel using active recaptcha mechanism

2. user clicks "Log out" which hrefs to /roundcube/?_task=logout from webmail panel

3. after that the default the login screen shows up but this time with NO recaptcha badge. Further code insight gives that at this step, the <script src="https://www.google.com/recaptcha/api.js?render=keyhere></script> is missing in the code. No api fetch. Therfore no iframe also. No errors in console at all.

4. at this point when user wants to log again he's getting CAPTCHA verification empty error message and..

5. then page is doing an auto-refresh and -> the api.js is included, as before. reCaptcha shows - goto-step(1)

[pbiering]

can this be reproduced with latest release from here?

https://github.com/pbiering/roundcube-rcguard

If not, please close this issue.

[smefa]

Looks ok to me now with Roundcube 1.6.2 & rcguard 1.3.2