Captcha for registration form can be bypassed

[valbewe]

** Prestashop Version **
8.0.1

** Cloudflare Turnstile Version **
1.1.1

** Do you use a specific theme **
Standard free theme that comes with the installation of Presta

Describe the bug
If I'm not logged in and add products to my shopping cart and then go to checkout, I can either order as a guest or log in. However, if guest ordering is disabled, then the page will show registration instead.
In this way, the captcha for registration can be bypassed.

A similar problem was described here: nenes25/eicaptcha#124

Would you like to fix this or can you give me a tip on how to implement the captcha at this point?

In any case, thank you for the great module!

[magentix]

Hi @valbewe

This will be available in the next minor release (1.2.0)

The difficulty is that the register and login templates are on the same page and share the same controller (OrderController). This actually conflicts with the rendering of the widget on registration and login pages.

There will be a new mandatory parameter in the the widget call to identify the form:

{widget name='pixel_cloudflare_turnstile' form="register"}
{widget name='pixel_cloudflare_turnstile' form="login"}
{widget name='pixel_cloudflare_turnstile' form="contact"}
{widget name='pixel_cloudflare_turnstile' form="password"}

Regards,
Matthieu

[magentix]

Hi,

Development is in progress, it will be available in 1.2.0.

[alapiere]

Hi ,
When the 1.2.0 will be avilable ? I'd really like to make turnstile work on ps reg form, and to distinguish login actions from register actions in turnstile stats; as we are under registration form spam attack ..