When logging in for the first time using an openid, the captcha stops the creation of the new user.

Comments

soxofaan’s picture

Status: Active » Postponed (maintainer needs more info)

Could you give more information? E.g. describe setup, how to reproduce the bug, which captcha type, which error messages do you get, does captcha work on other forms, ...

gordon’s picture

We have re-CAPTCHA but I would assume that it would be broken by all captcha's

Basically we have the site loaded with the openid module into Drupal 5.2 and using pip.verisignlabs.com as the openid provider.

The error is that the captcha is a required field and as openid is not populating this field it is throwing an error.

The fix is that if the registration is being done by open id then captcha should be ignored.

gordon’s picture

Status: Postponed (maintainer needs more info) » Active
robloach’s picture

Hmm, when using OpenID with reCAPTCHA in the user login block, I'm redirected to drupal/?q=%23 instead of having the javascript replace the login form. It work with everything other captcha though.

In drupal/user, the login form is properly replaced with OpenID. The captcha challenge properly works, but when you log into your OpenID provider and get redirected back to the site, it fails because it looks for a Captcha Challenge answer for the registration page. Of course, it doesn't find it, and fails reporting:

Invalid captcha token.
OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can log in now and add your OpenID under "My Account"

It doesn't matter what type of captcha challenge you use in this situation, as it will result in the same thing on any challenge. I never really thought of testing Captcha with OpenID because OpenID is a method of bot spam control in itself. I'm really not sure what solution we could use here. Maybe we could somehow test if they're using OpenID registration before we display the Captcha form in user/register and have it be ignored?

robloach’s picture

Version: 5.x-3.0-rc3 » 5.x-3.x-dev

Still an issue and will have to be fixed for Drupal 6.

soxofaan’s picture

Version: 5.x-3.x-dev » 6.x-2.x-dev
anarcat’s picture

Subscribing. This seems to also apply to the 5.x branch, AFAICT.

anarcat’s picture

I'm really not sure what solution we could use here. Maybe we could somehow test if they're using OpenID registration before we display the Captcha form in user/register and have it be ignored?

... this would seem like the way to go...

Leeteq’s picture

Agreed with #8 (#4)

chirale’s picture

There is a patch to openid: #242029: Captcha on user_registration conflicts with OpenID auto-registration but I cannot make it works. This is a crucial issue, now if you have OpenID activated you must disable CAPTCHA module.

anarcat’s picture

Title: Captcha breaks openid Auto registration. » Captcha breaks openid Auto registration
soxofaan’s picture

Category: bug » support
Priority: Critical » Normal
Status: Active » Postponed (maintainer needs more info)

I just tried with an MyOpenId.com identity and did not experience problems with CAPTCHA 6.x-2.x-dev:

OpenID log in:

  • adding the openid identity to an already registered user
  • CAPTCHA on user_login form
  • logging in with the openid identity works as expected (wrong CAPTCHA answer blocks, right CAPTCHA answers permits logging in)

OpenID autoregistration + log in

  • CAPTCHA on user_login and user_register form
  • making sure that the openid identity is unknown to drupal setup
  • log in with openid identity works as expected, autoregistration works, CAPTCHA does not interfere with registration.

Note: I had to set a nickname and email in the MyOpenId persona, to make the autoregistration work, but that is unrelated to the CAPTCHA problem.

elachlan’s picture

Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (outdated)