Page MenuHomePhabricator

After passing the CAPTCHA page after warning, user is sent back to the Abuse Filter warning page
Open, MediumPublic

Description

If a user tries to make an edit which is caught by an abuse filter, and the user also needs to fill out a Captcha, they are continually bounced between the captcha and the warning. This is probably (tests to come) causing some 'warn' filters to effectively act as 'disallow' filters.

Event Timeline

Ok so I did some testing. Expected behaviour is that the user only needs to enter the captcha once and acknowledge the warning once.

What actually happens is the user is asked to enter a captcha, enters it correctly and clicks save, gets the warning with no captcha present, then is asked to enter a 2nd captcha, and then clicking save will save the edit.

Samwalton9 renamed this task from Abuse filters set to warn users can't be made at all if a captcha is required to Abuse filters set to warn users require two captchas.Nov 19 2016, 5:20 PM
KartikMistry added a subscriber: Etonkovidova.
KartikMistry added a subscriber: KartikMistry.

@Etonkovidova Can you please check this bug also affecting VisualEditor along with CX?

Checking in betalabs - @Samwalton9 described the current behavior correctly:

[...] the user is asked to enter a captcha, enters it correctly and clicks save, gets the warning with no captcha present, then is asked to enter a 2nd captcha, and then clicking save will save the edit.

The steps in betalabs may be as following:

  • a new user (belonging to Users group only), logs in and makes an action that triggers one of the Abuse filters - e.g. blank the page
  • on the blanked page a user enters an external link to trigger Captcha.
  • Click 'Publish' - when the captcha will be present, enter it and click 'Publish' again
  • Another captcha will be present (no warning if you entered the previous captcha incorrectly). After entering the captcha second time, the edits are saved and AbuseLog will correctly record that the edit triggered one of the Abuse filters.

Specific to CX
@KartikMistry
(1) it seems that I cannot pass the captcha in CX (cx2-testing) with Abuse filter #1 (Youtube links) - which has 'Disallow' action . Attempting to publish a translated article with the text "trigger Abuse filter www.youtube.com", will make the captcha appear again and again. 'Disallow' warning never appears.

(2) Publishing an article that has only warning action Abuse filter #12 (Word filter with the text "Hello World,") is possible with two captchas appear as it described in the ticket and my steps above.

(3) Abuse Log records too many entries for hitting Abuse filter ( e.g. Special:AbuseLog for User: ET1) - something that's probably worth investigating.

(4) It'd be great to have the exact specs on how the Abuse filters warnings should work in CX (is there a phab task already?) and to address the long-standing issue of two captchas.

This was previously reported as T22661, and later as T179789.

Nemo_bis renamed this task from Abuse filters set to warn users require two captchas to After passing the CAPTCHA page after warning, user is sent back to the Abuse Filter warning page.May 18 2018, 11:43 PM
Nemo_bis triaged this task as Medium priority.
Nemo_bis added a subscriber: OdMishehu.