recaptchav2
recaptchav2 copied to clipboard
sepiariver
Avoid the ReCaptcha test for logged-in users.
According to some reports, if the login and logout resource ID's are the same, user's can't logout if the ReCaptcha image is not present.
Maybe before running any tests you could do something like this:
If ($modx->user->hasSessionContext($modx->context->get('key'))) {
return true;
}
I just added a return true; at the top of the runPreLogoutHooks() function to work around this seeing as how my system never has any logout hooks... perhaps it would be useful separating preHooks into two separate parameters... ex: preLoginHooks, preLogoutHooks ... I dunno, what do you think?
(and make preHooks the synonym for preLoginHooks)
Thanks for the great idea and input @BobRay
Question: is it safe enough to assume that we would never want to verify any request with a Context session?
(Maybe it is, just double checking..)
Maybe we could do a Snippet property to skip logged in users. But it’d have to be set in FormIt AND in the render Snippet. But if we do it in system settings it’ll apply to all instances on all pages, FormIt and Login.
I can confirm this - ran into it today, a user cannot log out - should be a simple fix, just inspect the url for that service=logout bit and return true if it is there. (I can't think of a single reason to need to validate a logout)
Also it needs (should) to work with the ForgotPassword snippet for flood control. Though at this time, ForgotPassword does not have a prehook property... soooooooo......
just inspect the url for that service=logout bit and return true if it is there
What would happen if someone included that GET param on a request to a form that you wanted to properly validate with Recaptcha?
I think @BobRay ‘s approach will work if we make it optional based on a Snippet property. I’ll target that for next release.