Skip to content

fix(recaptcha): log verification responses and errors #4361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dkoo merged 1 commit into from
Dec 16, 2025
Merged

fix(recaptcha): log verification responses and errors #4361

dkoo merged 1 commit into from
Dec 16, 2025
+27 −1

Conversation

@dkoo
Copy link
Contributor

@dkoo dkoo commented Dec 12, 2025

All Submissions:

Changes proposed in this Pull Request:

Adds some debug and error logging when a site makes a verification request (assessment) to the reCAPTCHA API. This will let us better estimate reCAPTCHA usage across the Newspack platform.

This only logs when the request is sent server-side—it doesn't separately log requests sent directly to the reCAPTCHA API via JS when using v2. This is because we double-verify captcha tokens fetched via JS with a server-side request to avoid unverified direct POST requests. Since the server-side requests are simply verifying the captcha token that was fetched on the front-end (and not fetching a new token to assess the validity of the request), I don't believe this counts as a separate assessment—but it's unclear from Google's documentation exactly how they count assessments on their end.

Closes NPPD-900.

How to test the changes in this Pull Request:

  1. Check out this branch.
  2. In Newspack > Settings, enable reCAPTCHA v2 and add credentials, if necessary
  3. As a reader, perform actions across the site that are protected by reCAPTCHA:
  • Reader account registration via the Sign In modal or registration block
  • Newsletter signup via the Newsletter Subscription block
  • Checkout payment attempts via the modal checkout and regular Woo checkout
  1. Confirm that for each action, the request is logged via newspack_log with info about the request: reCAPTCHA version (v2_invisible or v3), score (if using v3), timestamp of the challenge completion (if using v2), success status, hostname, etc.
  2. Switch to using reCAPTCHA v3 and repeat the protected actions on the front-end. Confirm that the requests are logged with v3-appropriate data.

Other information:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes, as applicable?
  • Have you successfully ran tests with your changes locally?

@dkoo dkoo self-assigned this Dec 12, 2025
@dkoo dkoo requested a review from a team as a code owner December 12, 2025 21:06
@dkoo dkoo added the [Status] Needs Review The issue or pull request needs to be reviewed label Dec 12, 2025
@github-actions github-actions bot added [Status] Approved The pull request has been reviewed and is ready to merge and removed [Status] Needs Review The issue or pull request needs to be reviewed labels Dec 16, 2025
@dkoo dkoo merged commit 1a280fb into release Dec 16, 2025
9 checks passed
@dkoo dkoo deleted the fix/debug-log-recaptcha-requests branch December 16, 2025 20:39
matticbot pushed a commit that referenced this pull request Dec 16, 2025
@semantic-release-bot
chore(release): 6.27.3 [skip ci]
64da958 
## [6.27.3](v6.27.2...v6.27.3) (2025-12-16)

### Bug Fixes

* **recaptcha:** log verification responses and errors ([#4361](#4361)) ([1a280fb](1a280fb))
@matticbot
Copy link
Contributor

matticbot commented Dec 16, 2025

🎉 This PR is included in version 6.27.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

matticbot pushed a commit that referenced this pull request Dec 17, 2025
@semantic-release-bot
chore(release): 6.28.0-alpha.3 [skip ci]
f643444 
# [6.28.0-alpha.3](v6.28.0-alpha.2...v6.28.0-alpha.3) (2025-12-17)

### Bug Fixes

* less aggressive free trial abuse prevention ([#4365](#4365)) ([c613622](c613622))
* **recaptcha:** log verification responses and errors ([#4361](#4361)) ([1a280fb](1a280fb))
@matticbot
Copy link
Contributor

matticbot commented Dec 17, 2025

🎉 This PR is included in version 6.28.0-alpha.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogermani leogermani leogermani approved these changes

Assignees

@dkoo dkoo

Labels

released on @alpha released [Status] Approved The pull request has been reviewed and is ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dkoo @matticbot @leogermani