femanager icon indicating copy to clipboard operation
femanager copied to clipboard

Published 20 hours ago verified publisher icon in2code-de

No flash message if captcha enabled

Open webian opened this issue 5 years ago • 3 comments

Step to reproduce:

  1. enable sr_freecap via femanager typoscript captcha = 1
  2. delete all cookies
  3. submit the form to sign up

Result: the user is redirected to the status page but there's no message explaining to check email to confirm so the user doesn't know what to do.

Instead, with captcha disabled the message appears but the system is vulnerable to spam.

webian avatar Sep 03 '20 08:09 webian

After many hours of debugging I still can't get what's wrong so I write here my findings...

With sr_freecap enabled, sr_freecap creates a cookie to check the captcha result. This cookie means that a session exists (\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::start) so, when femanager tries to write the flash message into session, TYPO3 finds an existing session ( \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie) and so it doesn't set the cookie.

But at this point I don't know if the bug is in femanager or sr_freecap or TYPO3.

webian avatar Sep 06 '20 11:09 webian

this needs further testing and I plan to add an automated test.

sbusemann avatar Jul 03 '21 12:07 sbusemann

This problem still seems to exist …

krischanskide avatar Nov 21 '23 13:11 krischanskide