Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/
- followed https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP but still have issues.
- ABP Support recommended me to create another commercial support ticket for further help (e.g. some configuration, which is not listed on the original ticket, might be missing??).
Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
- found a page https://docs.abp.io/en/commercial/latest/modules/account on 2FA and Social Logins.
- maybe ABP reCaptcha could potentially be documented here too in near future
- unfortunately, I could not find any documentation or (other) support ticket re ABP reCaptcha
Details:
- ABP Framework version: v3.3.0
- UI type: Angular and MVC (both Blazor and Razor)
- Tiered (MVC) or Identity Server Seperated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:
- followed exactly the steps documented in https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP.
- Angular UI does not have reCaptcha options available
- ABP Support confirmed this will be addressed in v4.0
- Razor UI does have reCaptcha options available but I cannot set/clear any value at all in local environments.
- My team is using Angular UI, therefore we do not have Razor UI in our (public/shared) test environment (with a registered domain and SSL certs and registered reCaptcha key-secret).
- Maybe ABP Support can kindly please help me with this in this ticket as well, please.
- Used Swagger API to set/clear reCaptcha options for now
- I would like to emphasize this again: reCaptcha options are set via Swagger API for now, not via any UI
- this is sort of a hack, I know, to make it work
- maybe I miss to configure something while doing this?
- Angular UI does not have reCaptcha options available
- Regardless of UI (Angular, Razor, Blazor all do not matter here I think), the login form comes from IdentityServer project. However, there is no way we can provide our answer there to bypass the ABP reCaptcha validation, either in our test or local environments, therefore, we cannot log in at all even though we provide the correct credentials
- more details can be found in https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP
- followed exactly the steps documented in https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP.
If something must be configured to make ABP reCaptcha work properly, could ABP Support please provide me with detailed steps and screenshots in their answer here and in the original ticket https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP so that everyone (else) can follow, please?
My apologies for bothering you many times on this easy feature, but I honest do not know how to make it all work properly.
Your kind help is greatly appreciated. Thanks.
10 Answer(s)
-
0
Hi,
I use the application you provided. it works fine.
See https://developers.google.com/recaptcha
reCAPTCHA v3 helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score so you can choose the most appropriate action for your website.
If you want captcha check box,you need to use version 2.
-
0
Hi @liangshiwei,
You misunderstand my question.
- If you can log in successfuly, great, but it is not the point.
- Google ReCaptcha does NOT run when you can provide correct credentials
- Google ReCaptcha only runs when you provide wrong credentials a few times (maybe 3 times)
My question is why Google ReCaptcha is not visible for me to:
- see their challenge
- provide my answer(s) to their challenge
- pass their validation
When Google ReCaptcha is visible, it does not matter if I provide correct or wrong credentials. Google must validate my answer(s) to their own challenge first.
- if I pass their validation
- if I provide correct credentials
- i can login
- if I provide wrong credentials
- i cannot login
- if I provide correct credentials
- if I do NOT pass their validation
- I will see another challenge
The issue here is Google ReCaptcha is not visible mate
-
- In this test, I did not provide any captcha answer since there is NO way for me to do so
- I can only provide the username and password, then click login
- Google ReCaptcha validation failed obviously since there is NO ANSWER
- Hence, the error message
- In this test, I did not provide any captcha answer since there is NO way for me to do so
-
- In this test, where is the ReCaptcha checkbox????
- the ReCaptcha checkbox does NOT exist. How can I check the box????????
- In this test, where is the ReCaptcha checkbox????
-
0
See https://developers.google.com/recaptcha
reCAPTCHA v3 helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score so you can choose the most appropriate action for your website.
If you want captcha check box,you need to use version 2.
But you are right, I will update the localization message.
-
0
Hi @liangshiwei,
Thank you for your kind clarification.
Google ReCaptcha version 2 is working now. Much appreciated for your kind help.
However, I would like to know more about how ABP integrate with Google ReCaptcha version 3 as well. I think ABP have tested it before according to your first 2 screenshots in ticket https://support.abp.io/QA/Questions/489/How-to-enable-reCaptcha-in-ABP.
I have followed the documentation you gave me above:
I have not defined any action yet, and please correct me if I am wrong, I think I should not be blocked by the Google ReCaptcha version 3:
- the score is good according to Google report
- however, it still asks me to pass the challenge (which challenge??)
Could you please show us how ABP did test the Google ReCaptcha version 3 before? I would love to learn more from you, please.
Thank you.
-
0
-
0
Hi @liangshiwei,
Thanks for your kind confirmation. I look forward to seeing the correct localisation messages in v4.1.
may I ask other questions to be clear please:
- I have not declared any actions on Google ReCaptcha version 3 yet, but the first time I loaded the captcha I got "Please check the reCAPTCHA box" (possibly due to null response) and subsequent login requests in the first hour using Google ReCaptcha version 3 resulted in "Incorrect captcha answer" (possibly due to score lower than 0.5). Does this mean this is the business logic already implemented by ABP? Can we customise this (and how can we) if we need to?
- If I want to declare any actions on Google ReCaptcha version 3 in near future, will I have to declare actions for scores greater than 0.5? Because all scores less than 0.5 are rejected by ABP to show "Incorrect captcha answer" already.
Please correct me if I am wrong. Your kind response is greatly appreciated, please.
Thanks
-
0
Hi,
Your understanding is incorrect, action is the classification of verification. ABP has defined action.
Login:
Register:
You can implement your own logic by customizing Module
-
0
Hi @liangshiwei,
Thank you for your patience in correcting my understanding. I really appreciate your kind help.
Can you please confirm where ABP declare the 2 actions login and register please?
- Are those actions declared on ABP Google ReCaptcha version 3 profile settings (Google system)?
- Or inside ABP Module(s) (ABP Framework).
Can you please provide me with some more screenshots to see how those 2 actions are declared/configured by ABP please, if you do not mind?
My apologies for keeping asking the same question, but as I mentioned a few times earlier, I have not declared any action in my Google ReCaptcha version 3 profile settings, so I think I should NOT see the "Incorrect captcha answer" (possibly due to score lower than 0.5) as per my screenshot above.
- Your tests were all good because when you tested our website, you possibly received the score greater than 0.5 from Google already.
- I understand the localization message will be corrected in v4.1. I am asking about the logic here for when scores are lower than 0.5 with no action declared on my Google profile.
Maybe we can arrange a remote session so that I could get your visual help to clear my mind (I am a bit slow sorry), please?
Thank you
-
0
Hi,
ABP defines actions on the login and registration pages, but I don't think this is worth noting, it is just a captcha classification and nothing special.
Abp use the reCAPTCHA libary, you can see the repo for more.
I am asking about the logic here for when scores are lower than 0.5 with no action declared on my Google profile.
Sorry, I don't understand what you mean.
Yes , we can remote session. you can email to me, if you are free.
-
0
Hi @liangshiwei,
Thank you so much for your time and kind help during the remote session today. Much appreciated.
I have understood Google ReCaptcha version 3 and how it is implemented in ABP Framework now. Thank you.
I just would like to capture what we agreed upon earlier re potential upcoming changes in future ABP releases here:
- ABP currently supports 2FA and Email/Phone Verification but the 2 features are not integrated with Google ReCaptcha in ABP version 3.x.x.
- ABP will adjust their callback, which currently throws the "Incorrect captcha answer" exception on low scores, to allow end-users to use 2FA (via either email, SMS, or authenticator) and Email/Phone Verification instead on low scores (even if the 2 features are not enforced by admin users).
- ABP possibly would provide options to configure a custom callback for developers to handle low scores in future releases.
Thanks