Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 5.2.X EE, 6.0.4 GA, 6.0.12 EE, 6.1.0 CE RC1, 6.2.0 CE M4
    • Fix Version/s: 6.0.4 GA, 6.0.5 GA
    • Environment:
      Ubuntu 10.04, Firefox Trunk Rev. 60090, MySQL
      Liferay 6.2.0 CE M4 tomcat bundle/MySql 5.5.17
    • Backported to Branch:
      Committed
    • Fix Priority:
      3
    • Similar Issues:
      Show 5 results 

      Description

      You can enter in the wrong captcha when using recaptcha an infinite number of times even when captcha.max.challenges is set in portal-ext.properties.

        Issue Links

          Activity

          Hide
          Pani Gui (Inactive) added a comment -

          Reproduce in Trunk (revision:75434).
          Can get "Maximum number of captcha attempts exceeded" message in Message Board and Web Form.
          But still show "Text verification failed." instead of "Maximum number of captcha attempts exceeded" message in Create Account.

          Show
          Pani Gui (Inactive) added a comment - Reproduce in Trunk (revision:75434). Can get "Maximum number of captcha attempts exceeded" message in Message Board and Web Form. But still show "Text verification failed." instead of "Maximum number of captcha attempts exceeded" message in Create Account.
          Hide
          Joshua Robins (Inactive) added a comment - - edited

          Reproduced on:
          Tomcat 7.0.25 + MySQL 5. 6.1.x. GIT ID: f1ec1510962651d57317b3f74eb841e801e6c279
          Tomcat 7.0.25 + MySQL 5. 6.2.x. GIT ID: 8bc08bc9434a7a98e554722c706c66ca8e578f67

          Show
          Joshua Robins (Inactive) added a comment - - edited Reproduced on: Tomcat 7.0.25 + MySQL 5. 6.1.x. GIT ID: f1ec1510962651d57317b3f74eb841e801e6c279 Tomcat 7.0.25 + MySQL 5. 6.2.x. GIT ID: 8bc08bc9434a7a98e554722c706c66ca8e578f67
          Hide
          Gaurav Jain added a comment -

          Being a part of community verifier program I tried reproducing this issue against Liferay 6.2.0 CE M4 tomcat bundle/MySql 5.5.17

          And can reproduce issue with the mentioned steps:

          Add following in portal-ext.properties file.
          captcha.engine.impl=com.liferay.portal.captcha.recaptcha.ReCaptchaImpl
          captcha.engine.recaptcha.key.private=6Ld7-QkAAAAAAHT1GTyO7sYaCFSP_NKCdMwrHMq_
          captcha.engine.recaptcha.key.public=6Ld7-QkAAAAAAD6H-1W70K-J9MGBxVrh_IhQf5pP

          captcha.check.portal.create_account=true
          captcha.check.portal.send_password=true
          captcha.check.portlet.message_boards.edit_category=false
          captcha.check.portlet.message_boards.edit_message=true
          captcha.max.challenges=2

          Creating an account: before you log in, there's a link below the sign in button that say "create an account". Click on that and it should take you to a page to create a new account with a "Text Verification" captcha box.

          Filled all required information correctly but incorrect captcha and submitted form, tried more than twice but still show "Text verification failed." instead of "Maximum number of captcha attempts exceeded" message in Create Account.

          Show
          Gaurav Jain added a comment - Being a part of community verifier program I tried reproducing this issue against Liferay 6.2.0 CE M4 tomcat bundle/MySql 5.5.17 And can reproduce issue with the mentioned steps: Add following in portal-ext.properties file. captcha.engine.impl=com.liferay.portal.captcha.recaptcha.ReCaptchaImpl captcha.engine.recaptcha.key.private=6Ld7-QkAAAAAAHT1GTyO7sYaCFSP_NKCdMwrHMq_ captcha.engine.recaptcha.key.public=6Ld7-QkAAAAAAD6H-1W70K-J9MGBxVrh_IhQf5pP captcha.check.portal.create_account=true captcha.check.portal.send_password=true captcha.check.portlet.message_boards.edit_category=false captcha.check.portlet.message_boards.edit_message=true captcha.max.challenges=2 Creating an account: before you log in, there's a link below the sign in button that say "create an account". Click on that and it should take you to a page to create a new account with a "Text Verification" captcha box. Filled all required information correctly but incorrect captcha and submitted form, tried more than twice but still show "Text verification failed." instead of "Maximum number of captcha attempts exceeded" message in Create Account.
          Hide
          Edward Gonzales added a comment -

          Hello everyone! We are in the process of removing component "Portlet" from LPS. Please make the necessary adjustments to affected filters. Thanks!

          Show
          Edward Gonzales added a comment - Hello everyone! We are in the process of removing component "Portlet" from LPS. Please make the necessary adjustments to affected filters. Thanks!
          Hide
          Edward Gonzales added a comment -

          Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!

          Show
          Edward Gonzales added a comment - Hello! We plan to remove "Authentication" from the component field from issues that have more than 1 component. This issue has been identified as a candidate. It is recommended that you update any affected filters. Thanks!
          Hide
          Mika Koivisto added a comment -

          You are interpreting the property function incorrectly. From portal.properties

              #
              # Set the maximum number of captcha checks per portlet session. Set this
              # value to 0 to always check. Set this value to a number less than 0 to
              # never check. Unauthenticated users will always be checked on every request
              # if captcha checks is enabled.
              #
              captcha.max.challenges=1

          It does not limit how many incorrect guesses you can have but rather how many times we bug a signed in user with a captcha check.

          Show
          Mika Koivisto added a comment - You are interpreting the property function incorrectly. From portal.properties # # Set the maximum number of captcha checks per portlet session. Set this # value to 0 to always check. Set this value to a number less than 0 to # never check. Unauthenticated users will always be checked on every request # if captcha checks is enabled. # captcha.max.challenges=1 It does not limit how many incorrect guesses you can have but rather how many times we bug a signed in user with a captcha check.
          Hide
          Mika Koivisto added a comment -

          There's still a issue because someone refactoring the code has also interpreted the property incorrectly so the logic doesn't match the property. I opened a new ticket LPS-40401 for this issue.

          Show
          Mika Koivisto added a comment - There's still a issue because someone refactoring the code has also interpreted the property incorrectly so the logic doesn't match the property. I opened a new ticket LPS-40401 for this issue.

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 40 weeks, 5 days ago

                Development

                  Structure Helper Panel