Skip to content

web/flows: improvements for hCaptcha#16882

Merged
BeryJu merged 2 commits intogoauthentik:mainfrom
Tealk:feature/hcaptcha
Nov 13, 2025
Merged

web/flows: improvements for hCaptcha#16882
BeryJu merged 2 commits intogoauthentik:mainfrom
Tealk:feature/hcaptcha

Conversation

@Tealk
Copy link
Contributor

@Tealk Tealk commented Sep 18, 2025
edited
Loading

Details

Since hCaptcha recently updated its verification process to require the "host" parameter, requests without it are now rejected with a 403 Forbidden error see #16755. Although PR #16171 introduced this check for reCAPTCHA, hCaptcha also needs the same update. Without this change, hCaptcha blocks captcha verification and prevents user registrations.

This effectively blocks new user registrations through the registration flow that includes hCaptcha.

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make docs)

@Tealk Tealk requested a review from a team as a code owner September 18, 2025 14:25
@netlify
Copy link

netlify bot commented Sep 18, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit c3aa208
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6907c35b326c5c000843288b

@netlify
Copy link

netlify bot commented Sep 18, 2025
edited
Loading

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit c3aa208
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/6907c35bd5ea650008ff26fa
😎 Deploy Preview https://deploy-preview-16882--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Sep 18, 2025
edited
Loading

Deploy Preview for authentik-integrations canceled.

Name Link
🔨 Latest commit c3aa208
🔍 Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/6907c35b962c200008a2dacb

@codecov
Copy link

codecov bot commented Sep 18, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.93%. Comparing base (754425a) to head (c3aa208).
⚠️ Report is 114 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #16882      +/-   ##
==========================================
+ Coverage   92.88%   92.93%   +0.04%     
==========================================
  Files         869      869              
  Lines       47960    47960              
==========================================
+ Hits        44547    44570      +23     
+ Misses       3413     3390      -23
Flag Coverage Δ
e2e 45.25% <ø> (+0.12%) ⬆️
integration 23.13% <ø> (-0.06%) ⬇️
unit 91.08% <ø> (+<0.01%) ⬆️
unit-migrate 91.13% <ø> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-project-automation github-project-automation bot moved this from Todo to In Progress in authentik Core Nov 2, 2025
@GirlBossRush GirlBossRush moved this from In Progress to Done in authentik Core Nov 2, 2025
@GirlBossRush GirlBossRush added this to the Release 2025.10.1 milestone Nov 2, 2025
@Tealk
Copy link
Contributor Author

Tealk commented Nov 3, 2025

Too bad it didn't make it into 2025.10.1 :'(

@BeryJu BeryJu added the area:frontend Features or issues related to the browser, TypeScript, Node.js, etc label Nov 13, 2025
@BeryJu BeryJu changed the title improvements for hCaptcha web/flows: improvements for hCaptcha Nov 13, 2025
@github-project-automation github-project-automation bot moved this from Done to In Progress in authentik Core Nov 13, 2025
@BeryJu BeryJu merged commit 4821198 into goauthentik:main Nov 13, 2025
248 of 257 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Nov 13, 2025
@BeryJu BeryJu added the backport/version-2025.10 Add this label to PRs to backport changes to version-2025.10 label Nov 13, 2025
authentik-automation bot pushed a commit that referenced this pull request Nov 13, 2025
@Tealk @GirlBossRush @authentik-automation
web/flows: improvements for hCaptcha (#16882)
781d86f 
* improvements for hCaptcha
Issue #16755

* web: Format.

---------

Co-authored-by: Teffen Ellis <teffen@goauthentik.io>
@authentik-automation authentik-automation bot mentioned this pull request Nov 13, 2025
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Nov 13, 2025

🍒 Cherry-pick to version-2025.10 created: #18128

@authentik-automation
Copy link
Contributor

authentik-automation bot commented Nov 13, 2025

Cherry-pick to version-2025.10 already exists: #18128

BeryJu pushed a commit that referenced this pull request Nov 13, 2025
@authentik-automation @Tealk @GirlBossRush
web/flows: improvements for hCaptcha (cherry-pick #16882 to version-2…
a9aa1bf 
…025.10) (#18128)

web/flows: improvements for hCaptcha (#16882)

* improvements for hCaptcha
Issue #16755

* web: Format.

---------

Co-authored-by: Tealk <12276250+Tealk@users.noreply.github.com>
Co-authored-by: Teffen Ellis <teffen@goauthentik.io>
@Tealk
Copy link
Contributor Author

Tealk commented Nov 13, 2025
edited
Loading

i think there is still a problem:
image

image

then it stops here and there's no button or anything similar to advance to the next stage
image

@Tealk Tealk mentioned this pull request Nov 15, 2025
Open
kensternberg-authentik added a commit that referenced this pull request Dec 11, 2025
@kensternberg-authentik
Merge branch 'main' into dev
8585c64 
* main: (74 commits)
  packages/django-channels-postgres/layer: fix query when subscribed to multiple channels (#18152)
  core: deduplicate user attribute constant definitions (#18138)
  web: bump @trivago/prettier-plugin-sort-imports from 5.2.2 to 6.0.0 in /web (#18146)
  crypto: update certificates on fs event (#18129)
  github: converts issue templates to forms (#18133)
  core: bump github.com/getsentry/sentry-go from 0.36.2 to 0.37.0 (#18140)
  web: bump type-fest from 5.1.0 to 5.2.0 in /web (#18144)
  web: bump vite from 7.1.12 to 7.2.2 in /web (#18143)
  website: bump the build group in /website with 3 updates (#18141)
  web: bump globals from 16.4.0 to 16.5.0 in /web (#18145)
  core: bump astral-sh/uv from 0.9.8 to 0.9.9 (#18148)
  core: bump goauthentik/fips-debian from `5017d65` to `40a1f32` (#18149)
  website/integrations: Add ezBookkeeping integration (#18040)
  website/integrations: Add Joplin (#18042)
  web: Disable library `<datalist>` on Firefox. (#18103)
  web/admin: link to user on invitation list page (#18132)
  web/admin: update stage descriptions (#18118)
  website/integrations: add SeaTable (#18115)
  website/integrations: stripe: fix markdown (#18126)
  web/flows: improvements for hCaptcha (#16882)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GirlBossRush GirlBossRush GirlBossRush approved these changes

@BeryJu BeryJu BeryJu approved these changes

Assignees

@GirlBossRush GirlBossRush

@BeryJu BeryJu

Labels

area:frontend Features or issues related to the browser, TypeScript, Node.js, etc backport/version-2025.10 Add this label to PRs to backport changes to version-2025.10

Projects

authentik Core
Status: Done

Milestone

Release 2025.10.2

Development

Successfully merging this pull request may close these issues.

4 participants

@Tealk @GirlBossRush @BeryJu @rissson