My ReCAPTCHA installation recently detected and reported a new error -- "timeout-or-duplicate" -- that recaptcha_captcha_validation() (recaptcha.module, line 144) didn't know about, and so (properly) generated an unknown error watchdog entry. Google's documentation seems to be out of date, as this error isn't listed in https://developers.google.com/recaptcha/docs/verify with the others. I'm not sure how you folks want to handle this, but I thought it was at least worth mentioning.

CommentFileSizeAuthor
#5 2914648-timeout-or-duplicate.patch1.05 KBmarkwittens

Comments

jim_at_miramontes created an issue. See original summary.

hass’s picture

hass commented
Status: Active » Closed (duplicate)
Parent issue: » #2599804: class Drupal7Post receives "Network is unreachable"

Sounds like a duplicate of #2599804: class Drupal7Post receives "Network is unreachable". Let me know if not.

There may be a network / firewall / php config problem and/or your server cannot run external http requests.

jim_at_miramontes’s picture

jim_at_miramontes commented

Thanks, @hass, but that's not what's going on. My network and server is fine; the problem is simply that the Google API is returning an error -- "timeout-or-duplicate" -- that is not expected or handled by the Drupal code in recaptcha_captcha_validation(), at around line 158:

  if ($resp->isSuccess()) {
    // Verified!
    return TRUE;
  }
  else {
    // Error code reference, https://developers.google.com/recaptcha/docs/verify
    $error_codes = array(
      'missing-input-secret' => t('The secret parameter is missing.'),
      'invalid-input-secret' => t('The secret parameter is invalid or malformed.'),
      'missing-input-response' => t('The response parameter is missing.'),
      'invalid-input-response' => t('The response parameter is invalid or malformed.'),
      'invalid-json' => t('The json response is invalid or malformed.'),
      'unknown' => t('Unknown error.'),
    );

All that's needed -- I think -- is to add another entry in $error_codes for 'timeout-or-duplicate'. It seems like an easy fix, but I though I'd leave it to the module maintainers to figure out what they wanted to use for the message translation, and to make sure that I wasn't missing anything else in the module.

ps: I think what was causing the message in the first place was a spider or spammer hitting the page containing the captcha and never following up (hence the "timeout" aspect of the message), but that's kinda neither here nor there...

hass’s picture

hass commented
Status: Closed (duplicate) » Postponed (maintainer needs more info)

Where is this module validating twice?

Have you customized the module or used any uncommitted patch? This response is nodumented at https://developers.google.com/recaptcha/docs/verify. How can I reproduce this?

markwittens’s picture

markwittens commented
StatusFileSize
new 2914648-timeout-or-duplicate.patch1.05 KB

I have the same problem. The validation runs twice or even more times so the form can never be submitted because validation always fails after the first (successful) validation. I attached a patch that fixes the symptoms by only validating once per request, this works for me but for the long term it would probably be better if the source of the problem is found.

hass’s picture

hass commented
Version: 7.x-2.2 » 8.x-2.x-dev
Status: Postponed (maintainer needs more info) » Fixed

Fixed in both D7 and D8:

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.