Changing passwords when logged in is impossible with this plugin #50
Comments
|
+ 1 . @davwheat @dsevillamartin (tagging you because you have the most recent commits on the repo) can you have a look ? There's a pending PR #51 for this. |
|
PR #51 is an important bugfix. Currently users are complaining that they cannot reset their passwords and get a red "The g-recaptcha-response field is required.' modal. We cannot really do without this plugin as we've had issues with bots creating accounts before. |
|
Use the cloudflare turnstile plugin, that one works. |
|
Fwiw, I have both turnstile and recaptcha enabled and yet get in excess of 10 bot posts per day alongside several more bot registration and honestly I am pretty fed up. Anyone else having similar issues? Anyone in the position of making comparisons with bot detection on other forum software (e.g.: Discourse)? |
You mean the Blomstra one? https://discuss.flarum.org/d/31790-blomstra-turnstile |
|
Actually nevermind, it is showing up but not working at all. You can just login without solving the captcha (if you want to test: Use the tor browser, it should require manual intervention or just fail straight away). |
Given that's not clear from a user perspective, and the plugin pretends to "work" that means that the blomsta plugin is outright dangerous by now and should be archived/removed. |
|
See blomstra/flarum-ext-turnstile#4 and https://discuss.flarum.org/d/31790-blomstra-turnstile/43 Turnstile is broken and not maintained. |
Hi everyone, I am having an issue with the recaptcha plugin and I already identified the issue in the sourcecode. The issue is, that when I am logged in and I want to change my password, Flarum basically does a password reset. However, that password reset needs a recaptcha when the plugin is active. The "bad" validator is added in
recaptcha/src/Listeners/AddValidatorRule.php
Lines 73 to 75 in ab7eb4a
The text was updated successfully, but these errors were encountered: