"Invisible" reCaptcha no longer works (prototype 1.7.0)

[durzel]

Hi,

I am running Magento CE 1.9.4.5 and as of about 17/06/2021 the "invisible" reCaptcha no longer works on my website. It does not appear in the bottom right (as configured), and attempting to log in to the backend with a known good username/password combination just results in an error, as if the reCaptcha part is missing.

When the reCaptcha is set to "Invisible", I get the following error in my browser web console:

Uncaught (in promise) TypeError: this.each is not a function
    findAll https://www.magento-website.com/js/prototype/prototype.js:883
    V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:175
    render https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:683
    e https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:195
    V https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:152
    h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:62
    nM https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:438
    h https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en_gb.js:115
    bind https://www.magento-website.com/js/prototype/prototype.js:391
    reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:57
    each https://www.magento-website.com/js/prototype/prototype.js:825
    each https://www.magento-website.com/js/prototype/prototype.js:824
    reCaptchaCallback https://www.magento-website.com/index.php/admin/index/index/key/08be8904c12af90cc2b7cc0c4a7d8a09/:50
prototype.js:883:10

Changing the reCaptcha to "I am not a robot" eliminates the above error, and the user can log in - with the visual "I am not a robot" click required.

I have experienced the same behaviour on a development Magento website which has not been changed in over a year, so I'm convinced that something is no longer playing nicely together.

Anyone else experienced this?

[dc006]

Yes, Iam getting very same error message. I can not figure out so far what is going on.

[tryllu]

Same thing:

==> recapctha.log <==
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>No 'g-recaptcha-response' in request! - building
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>sending to verify params of Array
(
    [privatekey] => 
    [challenge] =>
    [response] =>
)

2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Bad response from captcha gateway. we got 404
2021-06-21T13:13:12+00:00 DEBUG (7): Form ID: backend_login=>Exception fail : Bad response from captcha gateway. we got 404

Also it is impossible to login from admin backend:

[durzel]

In the short term you can disable the module in etc/modules/ProxiBlue_Recaptcha.xml which will make Magento fall back to the built in CAPTCHA, log in, re-enable it, and then whilst logged in change it to “I’m not a robot”, or disable CAPTCHAs entirely.

[ProxiBlue]

Hello, I will ave a look into this soon, thanks for reporting.

[ProxiBlue]

Did any of you update the module recently? can you check versions installed please.

latest is 2.5.0

[ProxiBlue]

FWIW, checked a few of the site I know uses this, and seems to be working there:

However, they are not running the latest

"proxiblue/recaptcha": "2.3.8",
"proxiblue/recaptcha": "2.3.10",
"proxiblue/recaptcha": "2.1.4",

So could be an issue on latest version.

[ProxiBlue]

Is this all admin/backend related?

I am not seeing issue on frontend with latest

• Updating proxiblue/recaptcha (2.3.8 => 2.5.0): Loading from cache

[indrisepos]

I tested it on the following versions and unfortunately it doesn't work: 2.1.1, 2.5.0

[ProxiBlue]

I am also fine on backend:

[ProxiBlue]

@indrisepos

Magento version?

[durzel]

I'm on the latest currently, per config.xml - 2.5.0

I'm seeing the same web console error on both backend and frontend, when trying to use "Invisible" CAPTCHA type.

[indrisepos]

Magetno 1.9.4.2 2021. 06. 21. 18:15 keltezéssel, Lucas van Staden írta:

…

@indrisepos <https://github.com/indrisepos> Magento version? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#56 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABTRWGVRTIZ5NHQ2JIBL673TT5QSRANCNFSM47BMDHDQ>.

[ProxiBlue]

anyone have a site that I can have a look at? obviously a test / uat site is prefered.

I cannot reproduce.

[ProxiBlue]

I am on latest openmage, so will get a standard Magetno 1.9.4.2 setup to see.

[tryllu]

I have 2.0.1 and its not working.

[durzel]

I can confirm that the same bug exists in 2.3.10, 2.4.0, 2.4.1 and 2.5.0. The same error is produced in the web console when using "Invisible" reCaptcha type. I get the error - and failure of reCaptcha - on backend and frontend.

The fact that it spontaneously stopped working on or around 17/06 makes me think the problem is external.. something relied upon that is no longer the case? Parameter(s) changed, etc?

@ProxiBlue do those versions you are testing have a newer Prototype version? I am on 1.7 according to js/prototype/prototype.js

[durzel]

Ok I've made progress...

Replacing js/prototype/prototype.js with 1.7.3 immediately fixes the problem with no other changes.

I don't know what if any compatibility issues there are with Magento 1.9+ using Prototype 1.7.3 instead of 1.7....

EDIT: OpenMage ships with 1.7.3 so I'm inclined to think it might be ok. Not sure how you'd debug this one @ProxiBlue - it seems the problem is localised to Prototype which is outside the scope of your module.

[tryllu]

    {
        $this->_debug(ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER.'/'.ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH.'/'.$path);
        $httpRequest = new Zend_Http_Client(
            ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_SERVER
            . '/'
            . ProxiBlue_ReCaptcha_Helper_Data::RECAPTCHA_API_PATH
            . '/'
            . $path
        );
        $httpRequest->setParameterPost(array_merge(array('remoteip' => $_SERVER['REMOTE_ADDR']), $params));
        $response = $httpRequest->request('POST');
        if ($response->getStatus() != 200) {
            $this->_debug('Bad response from captcha gateway. we got ' . $response->getStatus());
            Mage::throwException('Bad response from captcha gateway. we got ' . $response->getStatus());
        }

        return $response->getBody();

    }

gives https://www.google.com//recaptcha/api/verify which gives 404.

[ProxiBlue]

gives https://www.google.com//recaptcha/api/verify which gives 404.

I have seen this before, let me check my changelog

[ProxiBlue]

The 404 is expected:

#46 (comment)

It requires POST data

[ProxiBlue]

no, I was wrong, a few commenst down:

#46 (comment)

[ProxiBlue]

it should be siteverify not verify

[durzel]

Yeah I was wrong too - it's https://www.google.com/recaptcha/api/siteverify

I don't see the old URL with just "verify" in the source..

app/code/community/ProxiBlue/ReCaptcha/Helper/Data.php: const RECAPTCHA_SITEVERIFY_PATH = "siteverify";

[ProxiBlue]

ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.

It is installed already, will check module in that next.

Sofar all my local tests work fine, no issues

[durzel]

ok, is 1am here now, I need to go get some sleep. I will investigate on a clean m1924 when I wake up again.

It is installed already, will check module in that next.

Sofar all my local tests work fine, no issues

👍

Upgrading prototype.js to 1.7.3 fixed the problem for me, and hasn't caused any other obvious issues that I've seen. Obviously I can't recommend this as a solution for heavy production sites, but it worked for me.

I suspect if all your local tests are fine you're using OpenMage, which ships with Prototype 1.7.3. Magento 1.9.4.5 and below ships with 1.7.

[ProxiBlue]

Ok, so is likely why mine works on openmage, as they upgraded that.

Thanks for that, I will have to check the code and make it backwards compatible, OR, is code on google side with their js that's no longer compatible (which seems likely reason)

[ProxiBlue]

I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)

It is really the only way as the issue is outside this modules functionality/scope.

I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework

[durzel]

I can confirm that the fix by @empiricompany fixes the issue. (Thank you very much for that effort, I have been stick on a paid client job)

It is really the only way as the issue is outside this modules functionality/scope.

I will update the readme accordingly, as this fix introduces a new version of prototype, which can potentially cause (but unlikely) issues with other parts of the magento framework

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

[ProxiBlue]

[ProxiBlue]

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

I will have a look at that, thanks for letting me know, did not check admin.

[ProxiBlue]

@durzel

Check new version 1.5.2

[empiricompany]

It appears to fix the frontend, but the backend is still pulling prototype.js from js/prototype/prototype.js, on my 1.9.4.5 CE install at least.

yes we have fixed only frontend because we not use captcha in admin, but if we want to cover also admin i think we can simply just register the observer into section in config.xml

<globals> <events> <controller_action_layout_render_before> <observers> <fixPrototypeVersion> <class>proxiblue_recaptcha/observer</class> <method>fixPrototypeVersion</method> </fixPrototypeVersion> </observers> </controller_action_layout_render_before> <controller_action_predispatch_contacts_index_post> .. ..

[ProxiBlue]

Yep, I have adjusted the the event to the global section

[durzel]

No joy for me, I'm still getting the standard Magento prototype.js on the backend, even on 2.5.2. Have wiped cache and am using an incognito browser. Are you not getting that?

[ProxiBlue]

Not in my local. let me check the release, see if it released correct code

[ProxiBlue]

@durzel

You are correct. I tested that on the 1.7.3 based magento (as my debugger is not working on the docker environment I quickly brought up for the 1.9.4.5 test)

Although the code actions

the end result is still the wrong (core) prototype loading in head, so admin is somewhere replacing that again with the default)

Fixing my debugger so I can dig into this

[ProxiBlue]

It actually works INSIDE admin, not on login

There must be separated head templates for admin login (ugh magento 1)

so the given event doe snot do teh job

[ProxiBlue]

does not help I am now so used to m2, I forget how parts of m1 works!

[empiricompany]

does not help I am now so used to m2, I forget how parts of m1 works!

it's hardcoded in adminhtml/default/default/template/login.phtml

[ProxiBlue]

it's hardcoded in adminhtml/default/default/template/login.phtml

Oh FFS, yes I just found it as well

[durzel]

does not help I am now so used to m2, I forget how parts of m1 works!

it's hardcoded in adminhtml/default/default/template/login.phtml

Well spotted.

[ProxiBlue]

At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1

Its just one of those things.

[ProxiBlue]

I have work waiting that I need to get to

[durzel]

At this point I think a patch will need to suffice to make that template work on the module supplied 1.7.1

Its just one of those things.

Indeed. To be honest given how many places this might be the case, it might even be worth just telling people they need to stick prototype.js 1.7.1 in js/prototype themselves.

It's hardcoded in adminhtml/default/default/template/forgotpassword.phtmltoo.

[empiricompany]

i think there is not a clean solution to fix it in backend login, you have to manually update original js/prototype.js or we have to rewrite entire login.phtml template

[ProxiBlue]

So, the fix will be to move the provided fix back to just on a frontend event, and supply a patch for login.phtml that can be applied

[ProxiBlue]

if composer is used for site deploy via a composer patch, it can be applied cleanly-ish via pipeline deploys and composer udpates

I will supply instructions in README

[durzel]

app/design/adminhtml/default/default/template/resetforgottenpassword.phtml
app/design/adminhtml/default/default/template/login.phtml
app/design/adminhtml/default/default/template/forgotpassword.phtml

...are the affected files for the backend, for what it's worth.

I wonder if there is any mileage in trying to patch the incompatible functionality in prototype.js 1.7 instead of replacing it? Will do some investigating...

[ProxiBlue]

Ok, I have reverted the event back to frontend only on version https://github.com/ProxiBlue/reCaptcha/releases/tag/2.5.3

I need to move on to paid work, with deadlines.

I have updated readme.

When I get time (unless someone beats me to it) patches will be supplied via a GIST to apply these changes manuall, or via composer patches

[ProxiBlue]

if you are stuck with admin login you can disable captcha with:

update core_config_data set value = '0' where path like 'admin/captcha/enable';

for admin, then clear cache

[ProxiBlue]

ATTENTION:

I am currently considering archiving this module, as I no longer have the free time to continue supporting this code.
as per ticket: #43, it seems there are issues in checkout with the validation of the invisible recapctha, which could be related to the usage of prototype 1.7.1

I simply don;t have teh time due to paid works with deadlines to work on this at present.