Skip to content

Include FormResponse error details for reCAPTCHA at sign-in #11456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aduth merged 3 commits into from
Nov 6, 2024
Merged

Include FormResponse error details for reCAPTCHA at sign-in #11456

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ccb8bcb
Include FormResponse error details for reCAPTCHA at sign-in
aduth Nov 5, 2024
5843e89
Fix user_id described as UUID, not database ID
aduth Nov 5, 2024
2d11927
Fix grammAr for new_device description
aduth Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions app/controllers/users/sessions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def create
return process_rate_limited if session_bad_password_count_max_exceeded?
return process_locked_out_user if current_user && user_locked_out?(current_user)
return process_rate_limited if rate_limited?
return process_failed_captcha unless valid_captcha_result? || log_captcha_failures_only?
return process_failed_captcha unless recaptcha_response.success? || log_captcha_failures_only?

rate_limit_password_failure = true
self.resource = warden.authenticate!(auth_options)
Expand Down Expand Up @@ -100,11 +100,10 @@ def locked_out_time_remaining
distance_of_time_in_words(Time.zone.now, time_lockout_expires, true)
end

def valid_captcha_result?
return @valid_captcha_result if defined?(@valid_captcha_result)
@valid_captcha_result = recaptcha_form.submit(
def recaptcha_response
@recaptcha_response ||= recaptcha_form.submit(
recaptcha_token: params.require(:user)[:recaptcha_token],
).success?
)
end

def recaptcha_form
Expand Down Expand Up @@ -206,15 +205,16 @@ def track_authentication_attempt

success = current_user.present? &&
!user_locked_out?(user) &&
(valid_captcha_result? || log_captcha_failures_only?)
(recaptcha_response.success? || log_captcha_failures_only?)

analytics.email_and_password_auth(
**recaptcha_response.to_h,
success: success,
user_id: user.uuid,
user_locked_out: user_locked_out?(user),
rate_limited: rate_limited?,
captcha_validation_performed: captcha_validation_performed?,
valid_captcha_result: valid_captcha_result?,
valid_captcha_result: recaptcha_response.success?,
bad_password_count: session[:bad_password_count].to_i,
sp_request_url_present: sp_session[:request_url].present?,
remember_device: remember_device_cookie.present?,
Expand Down
9 changes: 6 additions & 3 deletions app/services/analytics_events.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -436,8 +436,9 @@ def edit_password_visit(required_password_change: false, **extra)
)
end

# @param [Boolean] success
# @param [String] user_id
# @param [Boolean] success Whether form validation was successful
# @param [Hash] error_details Details for errors that occurred in unsuccessful submission
# @param [String] user_id UUID for user associated with attempted email address
# @param [Boolean] user_locked_out if the user is currently locked out of their second factor
# @param [Boolean] rate_limited Whether the user has exceeded user IP rate limiting
# @param [Boolean] valid_captcha_result Whether user passed the reCAPTCHA check or was exempt
Expand All @@ -446,7 +447,7 @@ def edit_password_visit(required_password_change: false, **extra)
# @param [Boolean] sp_request_url_present if was an SP request URL in the session
# @param [Boolean] remember_device if the remember device cookie was present
# @param [Boolean, nil] new_device Whether the user is authenticating from a new device. Nil if
# there is the attempt was unsuccessful, since it cannot be known whether it's a new device.
# the attempt was unsuccessful, since it cannot be known whether it's a new device.
# Tracks authentication attempts at the email/password screen
def email_and_password_auth(
success:,
Expand All @@ -459,11 +460,13 @@ def email_and_password_auth(
sp_request_url_present:,
remember_device:,
new_device:,
error_details: nil,
**extra
)
track_event(
'Email and Password Authentication',
success:,
error_details:,
user_id:,
user_locked_out:,
rate_limited:,
Expand Down
1 change: 1 addition & 0 deletions spec/controllers/users/sessions_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,7 @@
expect(@analytics).to have_logged_event(
'Email and Password Authentication',
success: false,
error_details: { recaptcha_token: { blank: true } },
user_id: user.uuid,
user_locked_out: false,
rate_limited: false,
Expand Down