AspNetCore.ReCaptcha icon indicating copy to clipboard operation
AspNetCore.ReCaptcha copied to clipboard

Published 20 hours ago verified publisher icon michaelvs97

Is V3 Expiry Token handled?

Open kwyc opened this issue 3 years ago • 3 comments

Describe the bug Not sure if this is a bug or feature enhancement. Currently when an ajax action is called, the token doesn't get refreshed after a form postback.

From Google's documentation, "Note: reCAPTCHA tokens expire after two minutes. If you're protecting an action with reCAPTCHA, make sure to call execute when the user takes the action rather than on page load."

To Reproduce Steps to reproduce the behavior:

  1. Load a page
  2. Click on submit button, which triggers postback
  3. Wait for 2 min, and hit submit button again
  4. Validation (Model State) will fail due to expired token

Expected behavior Expected any get/post action on a form will extend the 2min default expiry by calling "execute"

Desktop (please complete the following information):

  • OS: Windows
  • Browser: Chrome
  • Version 102.0.5005.115 (Official Build) (64-bit)

kwyc avatar Jun 21 '22 06:06 kwyc

Hello @kwyc,

We looked into the issue you are describing. Unfortunately, we can't seem to reproduce the issue you are facing. Is it maybe possible to give an example of the page you are using the library in, so that we get more insight on how you are making use of our library.

Lastly, it would also help to know which version of the NuGet package you are using, and which version of ReCaptcha you are using.

Thanks in advance and have a great weekend!

michaelvs97 avatar Jul 30 '22 13:07 michaelvs97

Hi @michaelvs97 ,

Thanks for your response. I don't have a publicly available page for testing but how to reproduce is I have simple MVC page set up for file upload. If a file is uploaded right away the ModelState.IsValid will return true and finish the upload process. If I wait for two minutes (default V3 timeout period) then the ModelState.IsValid will return false.

Here are the versions,

AspNetCore.ReCaptcha 1.5.3

"ReCaptcha": { "Version": "v3", // The ReCaptcha version to use, can be v2, v2invisible or v3 "UseRecaptchaNet": false, // Value whether to use google recaptcha or recaptcha.net "ScoreThreshold": 0.5 // Only applicable for recaptcha v3, specifies the score threshold when it is considered successful },

kwyc avatar Aug 04 '22 18:08 kwyc

@kwyc FWIW I tried this out with the current version (1.6.0) and did not run into this problem after waiting > 2 minutes.

nwoolls avatar Jan 30 '23 16:01 nwoolls

Closing as this seems to be fixed

sleeuwen avatar Jul 20 '24 14:07 sleeuwen