panel icon indicating copy to clipboard operation
panel copied to clipboard

Published 20 hours ago verified publisher icon pterodactyl

Authentication throws 500 error with reCAPTCHA

Open devnote-dev opened this issue 2 years ago • 3 comments

Current Behavior

Sending a POST request to /auth/login with the required user credentials (excluding the reCAPTCHA token) will cause a 500 error response. This is only when reCAPTCHA is enabled in the panel.

Expected Behavior

A 400 or 422 error response should be sent if the reCAPTCHA token is missing or invalid.

Steps to Reproduce

  1. Enable reCAPTCHA on your panel (if not already)
  2. Make a POST request to /auth/login with the required user credentials and token

Panel Version

1.11.3

Wings Version

1.11.4

Games and/or Eggs Affected

N/A

Docker Image

N/A

Error Logs

https://pteropaste.com/17gptzcv4hw6/

Is there an existing issue for this?

  • [X] I have searched the existing issues before opening this issue.
  • [X] I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server.
  • [X] I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.

devnote-dev avatar Mar 03 '23 18:03 devnote-dev

I had the same problem,(with the exact same log) I made a new site on google recaptcha and added the new keys. I removed a few google cloud projects last week, maybe that broke it.

B4nd1 avatar Oct 16 '23 18:10 B4nd1

I got the same problem , it's because the 'recaptcha.domain' settings is empty

https://github.com/pterodactyl/panel/blob/develop/app/Http/Middleware/VerifyReCaptcha.php#L33

i don't know how to patch it.

boomerangBS avatar Jan 07 '24 13:01 boomerangBS

I got the same problem , it's because the 'recaptcha.domain' settings is empty

https://github.com/pterodactyl/panel/blob/develop/app/Http/Middleware/VerifyReCaptcha.php#L33

i don't know how to patch it.

It's not because the recaptcha.domain setting is empty. If recaptcha failes for whatever reason a FailedCaptcha event is raised. This event requires a domain as second parameter (non null) but if the recaptcha failes there is no result and thus the parameter is null.

A quick fix would be to use an empty string instead of null. Then it would "fail successfully" and you can debug why recaptcha failes/ you get a 400 response instead of 500.

Boy132 avatar Jan 08 '24 07:01 Boy132