twenty
twenty copied to clipboard
twentyhq
Fix Captcha when entering a wrong password
We recently implemented captchas to improve the app's security.
But one think we didn't anticipate is the renewal of captcha in case you type a wrong password. In that case, when frontend receive a negative response, it should ask for a new token. Currently it still sends the old token which has already been used once for the first password attempt and which is therefore invalidated already.
Disclaimer: This comment was automatically generated with AI. It can give some useful hints as to where to look for, but sometimes it can also give very inaccurate answers so takes this with a pinch of salt :).
To fix the captcha renewal issue when entering a wrong password, follow these steps:
- In
useAuthanduseSignInUphooks, modify the logic to handle negative responses due to wrong passwords. - Use the
useRequestFreshCaptchaTokenhook to request a new captcha token upon receiving a negative response. - Update the authentication retry logic to use the new captcha token.
Ensure these changes are implemented in the relevant files where the hooks are defined and used.
References
![greptile-apps[bot] avatar](https://avatars.githubusercontent.com/in/867647?v=4 "Published by a pub.dev verified publisher"){kind=small}
Please keep us updated as it's something that ideally shouldn't stay open for too long. Thanks a lot!
Hey @FelixMalfait, I found the issue and was able to resolve it. I see that the issue is currently assigned to @nganphan123. If it is an immediate concern, I would like to create a PR for this. Could you please assign this issue to me if possible?
Hi @FelixMalfait , I had my solution ready. But, I stuck at rebuilding the image to test code in deployment. Since @piyushyadav1617 created a PR, I'll leave it to them then. I'll take a look at another issue. Thanks for assigning this to me before.