Do you happen to have a live site where I could test this? I wasn’t able to reproduce on a test site of mine.
If you want the site URL to remain private, you can also contact us via this contact form:
http://jetpack.com/contact-support/
Thanks!
Hi Jeremy! 🙂
Yes you can see it happen on https://premium.status301.net/support/ with the bbPress login widget on the right. Just try anything and you’ll instantly get the first math puzzle, then you’ll get directed to the normal login.php (just as it sais above the first puzzle) but it even if you answered the math correctly, there is a second math puzzle on the second login.
After finally logging in, the normal redirect back to the original forum page is lost.
This completely breaks the usual bbPress login flow and is very counter intuitive: users wanting to respond to a thread or to start a new thread will have to enter their username/password twice and pass two math puzzles and then don’t even get back to where they where… That’s just annoying.
Is there any way to get around this without breaking Protect’s added security?
Thanks for the extra details. I’ve asked our Protect expert to take a look, and I’ll get back to you as soon as I have some news!
Thanks!
A complicating factor might be that this is on a Multisite… I’ve no single site installation to test this at the moment.
My colleague Sam found the source of the issue, and worked on a patch here:
https://github.com/Automattic/jetpack/pull/3686
We’ll test it, and include it in Jetpack 4.0.1. Feel free to test the patch on your own network and let us know how it goes.
Thanks again for the report!
Tested and found it to be working. Just great!
Thanks 🙂
Turns out it’s not a very reliable fix… I’m not really sure about how/why but it looks like the math puzzle does not always appear below the login widget form. In fact, it’s less likely to show than not.
When testing in an anonymous browser window, I usually do not see the math puzzle below the form except after attempting a login (which redirects to the single math puzzle page) and then hitting the back-button (not continuing the log in) and refreshing the forum page… Strange.
As far as I can figure out, the math below the widget form only shows when the visitor has a WordPress cookie. Even a wordpress_test_cookie
(which you get when seeing the stand alone math puzzle page) suffices.
Thanks for the feedback! I see you’ve also commented on the GitHub issue, so we’ll continue the discussion there!