known issue hCaptcha integration not working as expected

[derpunker]

Dear IPS support,

we are currently facing the issue that the registration of new users doesn't work in every case.
It was hard to find out what's the background, but the root cause is the behavior of hCaptcha.

Repro steps:

• Open the registration form => hCaptcha is visible
• Make some invalid input or leave all fields empty and press the "Create my Account" button
• Form is reload but hCaptcha is missing => problem, no registration possible

 

The video shows the issue.

 

Please have a look and fix this issue with your next maintenance release.

The issue is really a hurdle for some users.

 

Thanks and best regards.

 

 

[Jim M]

Would suggest ensuring you're on the latest release with all third party add-ons disabled and using an unmodified theme. As when I do what you just did in your video, I get redirected to the registration page. E.g. it is no longer open in a popup modal like in your screencast. Therefore, you're either running something which is causing this.

Then each time I submit the registration form, hCAPTCHA loads without issue.

[derpunker]

Dear @Jim M

Thanks for your suggestions. I did all your recommended steps, but the situation doesn't change.

• Latest IPS version is installed (patch included)
• No IPS files are changed
• All plugins are disabled, only "System" and "Forums" are enabled
• IPS default theme (unchanged) set as default

2024-02-24 16-02-16.mkv

 

The redirection to the registration page doesn't happen in my case.

As soon as the registration form is not hosted in a popup, the hCaptcha is working as expected. This I can confirm.

 

[Jim M]

We would need to look further into this for you, however the access details on file appear to be incorrect or missing. Could you please update these details by visiting your client area, selecting the relevant purchase, then clicking "Review/Update Access Information" under the "Stored Access Information" section. 

We look forward to further assisting you. 

 

[derpunker]

@Jim M

Access information are updated.

Access to AdminCP should be possible now.
FTP access is still not possible, because the FTP account is disabled and I can't access the server managment console at the moment.

The FTP account will be enabled as soon as I have reached the server admin.

For having a first look, I hope AdminCP access is enough.

[Jim M]

Please ensure that the ACP account provided is not banned and has full access.

[derpunker]

Account was banned because of too many failed logins. (why ever)

It's enabled again and the password is reentered in the Access Information.

[Jim M]

I'm afraid, the account is still banned.

[derpunker]

Ah, I guess I know what has happened.

Looks like you are using die LIVE system (forum.****)
The account is only enabled in the test system.
Please have a look on the AdminCP URL.

[Jim M]

1 minute ago, derpunker said:

Ah, I guess I know what has happened.

Looks like you are using die LIVE system (forum.****)
The account is only enabled in the test system.
Please have a look on the AdminCP URL.

I'm afraid, support would only be provided on Live URLs. Test URLs are only applicable for your testing/development purposes but would not be supported.

[derpunker]

The test system is a 1:1 copy from the live system.

I can't disable the 3rd party plugins in the live system.

Please have a look.

[Jim M]

6 minutes ago, derpunker said:

The test system is a 1:1 copy from the live system.

I can't disable the 3rd party plugins in the live system.

Please have a look.

As mentioned, support would only be provided on live URLs.

[derpunker]

If you are not willing the have look into my test system, activate the quick registration in your system and have a look.

 

 

You will see the effect.

 

[Jim M]

8 minutes ago, derpunker said:

If you are not willing the have look into my test system, activate the quick registration in your system and have a look.

 

 

You will see the effect.

 

This is indeed what I have set on my installation which I mentioned above so we would need to see this on your live site to provide support.

[derpunker]

4 minutes ago, Jim M said:

This is indeed what I have set on my installation which I mentioned above so we would need to see this on your live site to provide support.

Please tell my why this investigation can't be done in a 1:1 copy?!

Investigations and analyzes in a live system is a no go for me!
You should be happy that the problem can be reproduced in a test system and does not pose a risk to the live system.

As I already mentioned above disabling the plugins is not possible, because the website is live and won't work for my customers!

----

Use my other subscription, it's the same there.
This URL is the live URL you insist on.
Access Information just update in the client area.

 

 

[Jim M]

10 minutes ago, derpunker said:

Use my other subscription, it's the same there.
This URL is the live URL you insist on.
Access Information just update in the client area.

Thank you. Please ensure that this instance has all patches applied and is available externally as I am getting various 401 errors in the Javascript console. It may be getting blocked by the .htpasswd.

[derpunker]

The whole website is under .htaccess.
The credentials are the same as for the AdminCP, which are available in the client area.

There is only one 401 error and this is the manifest, which doesn't harm.

I just installed the latest patch.

[Jim M]

21 minutes ago, derpunker said:

The whole website is under .htaccess.

Yes, please remove that. 

[derpunker]

Just now, Jim M said:

Yes, please remove that. 

No chance.

The permissions are not set and the content can't be public.

 

You have the credentials for the .htaccess and it's not blocking you.

[derpunker]

After adding the .htaccess credentials which are available for you, there is no cricitcal console error shown.



Tested with latest Edge and Chrome browser.

I really don't see any problem that should block you.
 

[derpunker]

To get further here:

• only hCaptcha is affected by problem
• the "google" captchas are working fine

 

Looking into the IPS code make the probleme clear. The problem is how hCaptcha works and how it's integrated.

This IPS code part loads the js file from hcaptcha.com and this javascript code responsible for showing the hCaptcha.
The IPS hCaptcha template is simple and no data-controller is involved.

The external javascript code is doing some magic stuff, among other things, it is searches for an element with the class "h-captcha" and adds the iframe for the hCaptcha.

 

Summary:

As long as the registration form is hosted in the popup, no browser will load the external javascript file again and the captcha is not created.
For the browser, the js-file is already available and no need to load it again.

 

The registration form as a page (no popup) reloads everything, including the hcaptcha.com script. That's why it works there.

[derpunker]

The hCaptcha script sets a global variable.

window.hcaptcha

As long as this global variable set, the hCaptcha doesn't load/render.

Resetting the variable (window.hcaptcha = undefined) let the hCaptcha load again.

Calling explizit "window.hcaptcha.render" brings it back too.

Please refer to the video:

2024-02-24 21-46-53.mkv

 

Now it's your turn.

Resetting the global variable should be the easierst solution.

 

 

 

[derpunker]

I found a solution for my IPS systems and everything is working fine.
My new users will be happy about the improvement.

2024-02-24 22-18-21.mkv

 

Many thanks for the friendly, helpful and very cooperative support today.

Do what you want with the error report. It's a problem in your code.

[Jim M]

I am sorry you feel that we were being uncooperative. I'm afraid, we have standards of support which help us help all our clients in an efficient manner. The standards of support policies were agreed to at time of purchase. When we reach a unique environment encountering something which we can't reproduce in a normal environment, we need to undo that uniqueness as that may be the root cause. I'm afraid, you're still encountering something which I cannot encounter in a default environment of Invision Community. However, I will report this internally to see if this is something we can reproduce.