|
SteveMBragg
|
December 1, 2020 at 9:42 am
Hi All
We are using the mobile app for this site: ntlbiologica.com/antibodytesting.
However we also have the Cleantalk anti spam app installed on the site and if this is active we cannot log in to the site using your app anymore. De-activate their plugin and all is fine.
Cleantalk are trying to de-big the issue and have asled me what the actual URL the mobile app is calling to do a site login.
I can see that the app is using the main web site URL but to login your app would need to calla login page, and it is this information that Cleantalk are seeking to find out to carry on their de-bugging.
Can you advise please
Regards
Steve B
|
|
Tony
|
December 1, 2020 at 3:17 pm
Hi Steve,
The app uses the WP REST API to communicate with the site and does so using the Basic Auth plugin.
So it doesn’t ‘login’ to a specific URL first but rather sends an authorization header on each request set to the site which is used for authentication.
The very first request sent from the app is to check if the site can load over HTTPS. So it sends a HTTP request to the domain and checks for a redirect. It then sends a HTTPS request to the domain and checks for response 200. Aftr that the request sent to /wp-json/ee/v4.8.36/site_info would be the first one where authentication is used.
That help?
|
|
SteveMBragg
|
December 4, 2020 at 9:23 am
Hi Tony/All
The Cleantalk team have come back to me with a response as follows:
[QUOTE]
Hello,
I’ve found the reason why it’s happening. Calling wp_get_current_user() under init hook breaks this plugin. I can’t tell you which plugin works incorrect right now, EventEspress or Cleantalk.
https://github.com/CleanTalk/wordpress-antispam/blob/b2c9488ec18535a55bfa65bb75971cf3aea6fbbd/cleantalk.php#L2075
I saw that you already contacted EventEspresso team, maybe we need to do this again to make this clear.
Best regards.
—
Extensions Development
Artyom Davydov
[UNQUOTE]
They have given a link and show where the code is being broken.
Are you able to help in this regard??
Regards
Steve B
|
|
Tony
|
December 9, 2020 at 5:47 am
Hi Steve,
I installed Clean Talk on a test site and didn’t have any issue logging into the app until I enabled Anti-Crawler setting.
What options do you have enabled on Clean Talk?
I’d like to test logging into the app and capture the request to see what is actually happening on those request, can you send me temp login details so I can take a look?
You can use this form to send the credentials: https://eventespresso.com/send-login-details/
Obviously, you’ll also need to enable Clean-Talk if you currently have it disabled.
|
|
SteveMBragg
|
December 9, 2020 at 7:04 am
Hi Tony
I have sent you login details
Steve
|
|
SteveMBragg
|
December 9, 2020 at 7:19 am
Hi Tony
I re-activted the Clean Talk plugin and checked the advanced settings. The SpamFirewall is switched off, to the Anti Crawl is also switched off.
When I try to login using your app on an iPad I get this error message:
<stong>ERROR:
Please solve Captcha correctly
The operation could not be completed, then repeat of the message above…..
[OK] (button).
I get the same error on my mobile phone (Xperia 5).
So I have had to disable it again.
Regards
Steve
|
|
SteveMBragg
|
December 9, 2020 at 7:50 am
Hi Tony
I’ve had to leave Cleantalk de-activated for the moment, so people can log in using the app but feel free to activate it when you need to do so for your tests.
Cheers
Steve
|
|
Tony
|
December 9, 2020 at 3:22 pm
Hi Steve,
So I logged into the site and the problem is not from Clean Talk plugin, it’s the Advanced noCaptcha & invisible Captcha plugin you have installed.
I’ve seen this before, only not on the REST requests and what’s happening is that plugin is hooking into ALL login requests and trying to validate a recaptcha response, which you simply can not do on within a REST request.
A simple fix would be to disable the Advanced Recaptcha on the login forms, that should allow both plugins to be enabled but will obviously disable the reCaptcha on your standard login forms. Another option is to look into hooking into the reCaptcha plugin and see if it has a hook available to bail out of the request if its REST.
Side note – in your form submission you mentioned we already have a login and I just want to clarify that we don’t keep login details for any longer than necessary so we actually don’t have a login. The credentials sent over will have been deleted as soon as whatever issue you previously submitted the details for was closed/resolved. If there is still an admin account active on the site for us I recommend removing it when finished, the login details are intended to be temporary as we do not want nor need constant access to anyone’s site.
|
|
SteveMBragg
|
December 9, 2020 at 3:31 pm
Hi Tony
OK. Need to look at this tomorrow.
Cheers
Steeve
|
