Skip to content

Validation can succeed only on first attempt #322

New issue
New issue
Open
Open
Validation can succeed only on first attempt#322
@plai2010

Description

@plai2010
plai2010
opened on Dec 11, 2024

Validation succeeds only if the correct answer is given to the first check() or check_api() call. If a user enters an incorrect value, they cannot try again; instead a new captcha must be generated. I think that is because we use Cache::pull() rather than Cache::get() in the check code:

if (!Cache::pull($this->get_cache_key($key))) {
    return false;
}

The problem can be illustrated with artisan tinker running this:

$testCaptcha = function(bool $positive) {
	echo ">>> Testing Captcha ...\n";
	$captcha = app('captcha');

	$challenge = (object)$captcha->create(api:true);
	$key = $challenge->key;
	echo "Challenge Key: {$key}\n";

	$ans = implode('', Cache::get('captcha_'.md5($key)));
	echo "Answer: $ans\n";

	$attempts = $positive ? [ $ans ] : [
		"bad-{$ans}",
		$ans,
	];

	foreach ($attempts as $try) {
		$label = $try == $ans ? 'correct' : 'incorrect';
		echo "Attempting {$label} '{$try}' ... ";
		$res = $captcha->check_api($try, $key);
		echo json_encode($res), "\n";
	}
};

$testCaptcha(true);
$testCaptcha(false);

Example output follows:

Psy Shell v0.12.4 (PHP 8.3.13 — cli) by Justin Hileman
>>> Testing Captcha ...
Challenge Key: $2y$12$p7oNGQVf9zp3UxVjfImhz.Hf2RKvEcRuI6/FdWeX2JBuHjMBH89eu
Answer: 410204101
Attempting correct '410204101' ... true
>>> Testing Captcha ...
Challenge Key: $2y$12$luzJOGY3ULHhHx9ZP.W8BeGH.BwXylczwZO8XthleQFwoI2GKrumy
Answer: 906279280
Attempting incorrect 'bad-906279280' ... false
Attempting correct '906279280' ... false

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions