Skip to content

Fixing that a captcha is required on external login and registration - hotfix (Lombiq Technologies: GOV-44) #17489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 18, 2025
Merged

Fixing that a captcha is required on external login and registration - hotfix (Lombiq Technologies: GOV-44) #17489

merged 3 commits into from
Feb 18, 2025

Conversation

Piedone
Copy link
Member

@Piedone Piedone commented Feb 16, 2025
edited
Loading

Fixes #17422. Since a lot has changed in main in these classes, I started this right from the release branch. This is only a temporary hotfix, to be released in 2.1.6.

The main version is here: #17490.

@Piedone Piedone mentioned this pull request Feb 17, 2025
Merged
@Piedone Piedone changed the title Fixing that a captcha is required on external login and registration (Lombiq Technologies: GOV-44) Fixing that a captcha is required on external login and registration - hotfix (Lombiq Technologies: GOV-44) Feb 17, 2025
@Piedone Piedone mentioned this pull request Feb 17, 2025
Closed
hishamco
hishamco approved these changes Feb 17, 2025
View reviewed changes
src/OrchardCore.Modules/OrchardCore.ReCaptcha/Users/Handlers/LoginFormEventEventHandler.cs Outdated
{
if (_reCaptchaService.IsThisARobot())
if (_reCaptchaService.IsThisARobot() && await _signInManager.GetExternalLoginInfoAsync() == null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (_reCaptchaService.IsThisARobot() && await _signInManager.GetExternalLoginInfoAsync() == null)
if (_reCaptchaService.IsThisARobot() && await _signInManager.GetExternalLoginInfoAsync() is null)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still don't think that the pattern matching syntax brings any value when there is no actual pattern to match.

src/OrchardCore.Modules/OrchardCore.ReCaptcha/Users/Handlers/RegistrationFormEventHandler.cs Outdated
{
return _reCaptchaService.ValidateCaptchaAsync(reportError);
if (await _signInManager.GetExternalLoginInfoAsync() == null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (await _signInManager.GetExternalLoginInfoAsync() == null)
if (await _signInManager.GetExternalLoginInfoAsync() is null)

MikeAlhayek
MikeAlhayek previously approved these changes Feb 17, 2025
View reviewed changes
@MikeAlhayek
Copy link
Member

After looking at #17490, I think we should undo the interface rename and merge that PR instead. Then close this PR and backport that one into release/2.1

@MikeAlhayek MikeAlhayek dismissed their stale review February 17, 2025 05:15

I think we should hold off on this and take the other PR

@Piedone
Copy link
Member Author

Piedone commented Feb 17, 2025

I think that PR will have merge conflicts, but we can try.

@Piedone
Copy link
Member Author

Piedone commented Feb 17, 2025

I'll close this if #17490 can be backported.

@MikeAlhayek
Copy link
Member

@Piedone the backport failed due to a conflict as you expected. If you can please update the logic here along with the comments as you did in the other PR and merge this so we can release

@Piedone
Copy link
Member Author

Piedone commented Feb 17, 2025

Done.

MikeAlhayek
MikeAlhayek reviewed Feb 17, 2025
View reviewed changes
src/OrchardCore.Modules/OrchardCore.ReCaptcha/Users/Handlers/RegistrationFormEventHandler.cs
if (await _signInManager.GetExternalLoginInfoAsync() == null)
// When logging in via an external provider, authentication security is already handled by the provider.
// Therefore, using a CAPTCHA is unnecessary and impractical, as users wouldn't be able to complete it anyway.
if (await _signInManager.GetExternalLoginInfoAsync() != null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering why this is missing the _reCaptchaService.IsThisARobot() check

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know, but since that caused problems in the other case too (hence you removed it in main), I wouldn't add it.

@Piedone Piedone merged commit b801693 into OrchardCMS:release/2.1 Feb 18, 2025
21 checks passed
This was referenced Mar 1, 2025
Closed
Closed
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hishamco hishamco hishamco approved these changes

@MikeAlhayek MikeAlhayek MikeAlhayek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Piedone @MikeAlhayek @hishamco