Google reCAPTCHA响应成功:错误，无错误代码 [英] Google reCAPTCHA response success: false, no error codes

问题描述

更新:Google已最近用错误消息更新了错误消息 其他错误代码可能性:超时或重复".

UPDATE: Google has recently updated their error message with an additional error code possibility: "timeout-or-duplicate".

这个新的错误代码似乎覆盖了我们前面提到的神秘的99％案例.

This new error code seems to cover 99% of our previously mentioned mysterious cases.

我们仍然想知道为什么会收到这么多超时或重复的验证请求.确定这一点可能是不可能的，但是现在我只是希望其他人也经历过类似的事情.

We are still left wondering why we get that many validation requests that are either timeouts or duplicates. Determinining this with certainty is likely to be impossible, but now I am just hoping that someone else has experienced something like it.

免责声明:我将此交叉发布到了Google网上论坛，因此对经常访问这两个网站的人道歉，以示歉意.

Disclaimer: I cross posted this to Google Groups, so apologies for spamming the ether for the ones of you who frequent both sites.

我目前正在使用ASP.Net MVC应用程序的一部分在页面上使用使用reCAPTCHA验证的表单.该页面当前有许多日常用户.在我的服务器端对reCAPTCHA响应的验证**中，有一段时间了，我看到了reCAPTCHA响应的情况，该响应的成功属性设置为false，但附带一个空的错误代码数组.大部分请求都通过了验证，但有些请求仍保持这种模式.

I am currently working on a page as part of a ASP.Net MVC application with a form that uses reCAPTCHA validation. The page currently has many daily users. In my server side validation** of a reCAPTCHA response, for a while now, I have seen the case of the reCAPTCHA response having its success property set to false, but with an accompanying empty error code array. Most of the requests pass validation, but some keep exhibiting this pattern.

因此，在进行了一些在线研究之后，我探索了我可能想到的两种可能的情况:

So after doing some research online, I explored the two possible scenarios I could think of:

1. 验证已超时，不再有效.
2. 已经使用响应值验证了用户，因此第二次拒绝了他们.

收集数据一段时间后，我发现所有成功:错误，错误代码:[]"的案例要么都具有相当旧的验证(从5分钟到10天不等(！))，要么这是重复使用响应值的情况，或者有时是两者的组合.即使在实现了双击我的提交表单"按钮的客户端阻止功能之后，似乎仍然有很多重复提交到达了服务器端Google reCAPTCHA验证逻辑.

After collecting data for a while, I have found that all cases of "Success: false, error codes: []" have either had the validation be rather old (ranging from 5 minutes to 10 days(!)), or it has been a case of a re-used response value, or sometimes a combination of the two. Even after implementing client side prevention of double-clicking my submit-form button, a lot of double submits still seem to get through to the server side Google reCAPTCHA validation logic.

我的数据告诉我，所有请求(1760)中有1.6％(28)已失败，并且至少有一种上述情况为真(超时"或重复提交").同时，错误代码数组不为空的情况下，没有一个1760请求失败.

My data tells me that 1.6% (28) of all requests (1760) have failed with at least one of the above scenarios being true ("timeout" or "double submission"). Meanwhile, not a single request of the 1760 has failed where the error code array was not empty.

我很难想象一个实际的用例，其中发出了ChallengeTimeStamp，然后在尝试10天验证后，在服务器端.

I just have a hard time imagining a practical use case where a ChallengeTimeStamp gets issued, and then after 10 days validation is attempted, server side.

我的问题是:

为什么所有Google reCAPTCHA服务器端验证尝试中的百分比都非常低或重复提交的原因为何?

What could be the reason for a non-negligible percentage of all Google reCAPTCHA server side validation attempts to be either very old or a case of double submission?

**服务器端验证"是指看起来像这样的逻辑:

**By "server side validation" I mean logic that looks like this:

    public bool IsVerifiedUser(string captchaResponse, string endUserIp)
    {            
        string apiUrl = ConfigurationManager.AppSettings["Google_Captcha_API"];
        string secret = ConfigurationManager.AppSettings["Google_Captcha_SecretKey"];
        using (var client = new HttpClient())
        {
            var parameters = new Dictionary<string, string>
            {
                { "secret", secret },
                { "response", captchaResponse },
                { "remoteip", endUserIp },
            };
            var content = new FormUrlEncodedContent(parameters);
            var response = client.PostAsync(apiUrl, content).Result;                
            var responseContent = response.Content.ReadAsStringAsync().Result;
            GoogleCaptchaResponse googleCaptchaResponse = JsonConvert.DeserializeObject<GoogleCaptchaResponse>(responseContent);

            if (googleCaptchaResponse.Success)
            {
                _dal.LogGoogleRecaptchaResponse(endUserIp, captchaResponse);
                return true;
            }
            else 
            {
               //Actual code ommitted
                   //Try to determine the cause of failure
                   //Look at googleCaptchaResponse.ErrorCodes array (this has been empty in all of the 28 cases of "success: false")
                   //Measure time between googleCaptchaResponse.ChallengeTimeStamp (which is UTC) and DateTime.UtcNow
                   //Check reCAPTCHAresponse against local database of previously used reCAPTCHAresponses to detect cases of double submission
               return false;
            }
        }
   }

在此先感谢所有有线索并可能为您提供启发的人.

Thank you in advance to anyone who has a clue and can perhaps shed some light on the subject.

推荐答案

如果验证码两次验证，则会出现超时或重复的问题.以追加模式将日志保存到文件中，并检查是否两次验证了验证码.
这是一个例子

You will get timeout-or-duplicate problem if your captcha is validated twice. Save logs in a file in append mode and check if you are validating a Captcha twice.
Here is an example

$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response'])

file_put_contents( "logfile",  $verifyResponse, FILE_APPEND );

现在阅读上面创建的日志文件的内容，并检查验证码是否经过两次验证

Now read the content of logfile created above and check if captcha is verified twice

这篇关于Google reCAPTCHA响应成功:错误，无错误代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！