Skip to content

fix(recaptcha): refresh token on checkout error #2769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
miguelpeixe merged 2 commits into from
Nov 28, 2023
Merged

fix(recaptcha): refresh token on checkout error #2769

miguelpeixe merged 2 commits into from
Nov 28, 2023

Conversation

@miguelpeixe
Copy link
Member

@miguelpeixe miguelpeixe commented Nov 23, 2023
edited
Loading

All Submissions:

Changes proposed in this Pull Request:

When going through checkout and the submission fails, the next attempt might send the same token, which is not allowed by reCAPTCHA.

This change ensures the captcha token is regenerated on checkout updates and errors to prevent duplicate tokens while placing the order.

How to test the changes in this Pull Request:

  1. While on the master branch, add an item to cart and visit the regular WC checkout page (/checkout/)
  2. Place order without entering the required billing fields and confirm you get a regular WC error
  3. Place the order again and confirm you get a reCaptcha error: timeout-or-duplicate along with the other validation errors
  4. Check out this branch, repeat steps 2 and 3 and confirm you only get the validation errors
  5. Without refreshing, fill the required fields and confirm you are able to place the order

Other information:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes, as applicable?
  • Have you successfully ran tests with your changes locally?

@miguelpeixe miguelpeixe added the [Status] Needs Review The issue or pull request needs to be reviewed label Nov 23, 2023
@miguelpeixe miguelpeixe self-assigned this Nov 23, 2023
@miguelpeixe miguelpeixe requested a review from a team as a code owner November 23, 2023 16:15
@leogermani
Copy link
Contributor

leogermani commented Nov 24, 2023

I faced this issue many times in the last couple of days. But now that I wanted to test this PR I can no longer reproduce it. Will try again Monday

@miguelpeixe
Copy link
Member Author

miguelpeixe commented Nov 27, 2023

Since it also refreshes the token every 30 seconds, you might not be able to reproduce if the interval hits the refresh between the thrown error and the next attempt.

@github-actions github-actions bot added [Status] Approved The pull request has been reviewed and is ready to merge and removed [Status] Needs Review The issue or pull request needs to be reviewed labels Nov 27, 2023
@miguelpeixe miguelpeixe merged commit f22e8bd into master Nov 28, 2023
@miguelpeixe miguelpeixe deleted the fix/repcatcha-checkout-error branch November 28, 2023 13:14
matticbot pushed a commit that referenced this pull request Nov 30, 2023
@semantic-release-bot
chore(release): 2.12.0-alpha.1 [skip ci]
e39b1f5 
# [2.12.0-alpha.1](v2.11.3...v2.12.0-alpha.1) (2023-11-30)

### Bug Fixes

* **checkout:** move stripe's cover fee placement ([#2767](#2767)) ([5f8b539](5f8b539))
* **data-events:** no longer use ActionScheduler for dispatches ([#2755](#2755)) ([975ab96](975ab96))
* **metering:** restrict comments on gated content ([#2751](#2751)) ([1bfc6f0](1bfc6f0))
* **recaptcha:** refresh token on checkout error ([#2769](#2769)) ([f22e8bd](f22e8bd))

### Features

* add filters for assets enqueueing ([#2768](#2768)) ([fcad059](fcad059))
* **authentication:** rate limit magic links and OTP generation ([#2765](#2765)) ([1252515](1252515))
* **campaigns:** mark duplicate segments ([cb5b527](cb5b527))
* **data-events:** track content gate interactions ([#2740](#2740)) ([298fd7c](298fd7c))
* **donations:** disable coupons for donation checkout ([#2770](#2770)) ([6051429](6051429))
@matticbot
Copy link
Contributor

matticbot commented Nov 30, 2023

🎉 This PR is included in version 2.12.0-alpha.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

matticbot pushed a commit that referenced this pull request Dec 11, 2023
@semantic-release-bot
chore(release): 2.12.0 [skip ci]
bcc9940 
# [2.12.0](v2.11.6...v2.12.0) (2023-12-11)

### Bug Fixes

* **checkout:** move stripe's cover fee placement ([#2767](#2767)) ([5f8b539](5f8b539))
* **data-events:** no longer use ActionScheduler for dispatches ([#2755](#2755)) ([975ab96](975ab96))
* **metering:** restrict comments on gated content ([#2751](#2751)) ([1bfc6f0](1bfc6f0))
* **recaptcha:** refresh token on checkout error ([#2769](#2769)) ([f22e8bd](f22e8bd))

### Features

* add filters for assets enqueueing ([#2768](#2768)) ([fcad059](fcad059))
* **authentication:** rate limit magic links and OTP generation ([#2765](#2765)) ([1252515](1252515))
* **campaigns:** mark duplicate segments ([cb5b527](cb5b527))
* **data-events:** track content gate interactions ([#2740](#2740)) ([298fd7c](298fd7c))
* **donations:** disable coupons for donation checkout ([#2770](#2770)) ([6051429](6051429))
@matticbot
Copy link
Contributor

matticbot commented Dec 11, 2023

🎉 This PR is included in version 2.12.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogermani leogermani leogermani approved these changes

Assignees

@miguelpeixe miguelpeixe

Labels

released on @alpha released [Status] Approved The pull request has been reviewed and is ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@miguelpeixe @leogermani @matticbot