57
Root
3y

fujioaskl;f;asdfjkl
WHY THE FUCK DOES MY BOSS HAVE ME MOCKING FUCKING RECAPTCHA API RESPONSES? IT'S SO FUCKING STUPID

I CAN'T MOCK THE RECAPTCHA JS METHODS SO I HAVE TO MAKE VALID-LOOKING JSON RESPONSES AND I DON'T HAVE A FUCKING CLUE HOW ANY OF IT FUCKING WORKS

THIS IS THE STUPIDEST THING ANYONE HAS EVER ASKED OF ME (okay, it isn't, but it's pretty damned close.) AND IT'S DURING MY BLOODY PERFORMANCE REVIEW.

Comments
  • 3
    Wait ... What?
  • 10
    @johnmelodyme Stupid, yes?

    I thought I found a way to make this ridiculousness work, but I’m pretty certain it’s impossible without undue effort decoding google’s minified BS.

    And all for what, to prove to Mr. Moron that my code works? He’s been reviewing it for fucking months now.
  • 8
    How do you mock a recapcha? My inferior brain can’t comprehend this concept
  • 3
    @Root for months? Doth my eyes deceiveth me? Why would he discuss this recap thing for months? Is his name really moron tho I wondered.
  • 2
    @TeachMeCode maybe the Mr moron is so smart that normal human like us can't understand him
  • 1
    @johnmelodyme perhaps! We are mortals, made of carbon and in the end we will face the reaper
  • 6
    If(testsAreRunning())
    return response.status = true

    There done 🤷‍♂️

    Honestly, if it was a shitty 3rd party that was subject to break at a moments notice, I could sorta understand it. But google... yea no.
  • 1
    @TeachMeCode but some human are so arsehole that reaper are no interest in them nor the gods.
  • 10
    @johnmelodyme I wrote some code that injects an event listener into a page along with the ReCaptcha code to prevent race conditions. It delays the form submission until ReCaptcha responds, retries if it times out, denounces, allows the user to retry, has a “learning mode” that records everything but doesn’t block login, etc.

    I added handling for whatever errors (dev or external) could occur, and tested it thoroughly along all paths and scenarios it handles. But that isn’t good enough; my boss wants automated tests too.

    I sort of get it: testing all the cases manually is definitely a pain, but ReCaptcha is built to prevent exactly this sort of thing, so.🤦🏻‍♀️

    Just. It’s stupid.
    And the worst part is I’ll be blamed for it.
  • 1
  • 0
    @Root damn you did all those complicated steps to cover every hole and it’s still too dumb for your boss? Wow! One can only hope to reach his intellectual standards. Im not sure anyone on this planet can
  • 12
    If you need automated testing like that you break everything into modules and test them independently so that the recaptcha is just a module returning true.

    Trying to fool the real recaptcha will always risk breaking due to changes by google, which is not what you want by a test.

    Testing any external part in automated testing is just asking for problems.
  • 1
    Can’t you just track the network responses in the developer console of your browser every time you do do a recaptcha on a test page ? There
    Really are
    Probably only 3 of them

    Pass
    Fail
    And here’s some fucking test data drone !
  • 0
    So did you figure this out last time ? Edge of my sest
  • 4
    This makes literally not sense... you can't automate tests for ReCaptcha unless you know the answer up-ahead of time... That's the whole point of a Catpcha system, to block *automated bots*... and automated test is nothing but a bot doing your work....

    literally impossible *unless* you can work with the Backend guys somehow, have them *somehow* expose the Captcha answer to you... depending on the captcha method used this might even be impossible already...

    Has the Boss ever programmed anything in their entire life?
  • 0
    I just watched the same girl pretend not to know how to use a fickijyb curtain
  • 1
    You can create a bot as part of this that keeps hitting google from your domain. This will cause google to force everyone to start doing manual recaptchas for the entire domain.

    "See, this is why you don't automate recaptchas people."
  • 1
    @Hazarth I know, I’m wondering if the boss is high on something or had a stroke
  • 3
    @Voxera @Hazarth
    You’re preaching to the choir.
  • 0
    @Hazarth maybe he’s glitching and just wants to test the implementation or maybe he’s doing something shady ?
  • 0
    @Root I mean I could see this if he wants to bypass human interaction while doing unit tests of the interface that are automated

    You know

    They just replace the captchas server or whatever and the front end and redirects work when supplied the test value or drop the user somewhere else otherwise
  • 0
    @Root so I mean in that was the case it would make sense
  • 1
    @AvatarOfKaine

    For the backend I can mock the serverside api calls, responses, and processing just fine. That part is easy.

    My plan was to mock a of the ReCaptcha modules and just return success/error/timeout on the frontend with custom scoring on the backend. But I can’t seem to mock everything on the frontend.

    ReCaptcha requires using google code (fetched from their servers), which both makes requests and receives and decodes google’s responses in the browser.

    I can catch these requests and mock their responses (with garbage) using a proxy, but I’m not sure I can override the method that does the actual processing, so it’s throwing errors. Returning recorded responses doesn’t work either because they’re encoded with a rolling key.

    If I can override that method, or something up the call chain, I can probably get this to work. And I think I have a hacky idea how to do it. :)
  • 0
    @Root what does the code it fetches from google do specifically ? the tool just looks like a simple image selection and display tool to challenge a bot.
  • 0
    @Root and what do you mean by rolling key ?
  • 0
    @Root you know one time i thought about running a scheme to generate 1000s of accounts for various purposes by paying indians to sit around and fill in values of captcas that i forwarded them one after another from automated browsers :P
  • 0
    it amazes me if you took my understanding of things over time i went from silly to competent where other aspects are concerned lol
  • 1
    @AvatarOfKaine
    Rolling key: the key used for encoding changes with every request. The code making the request expects a response encoded with the key it provided. Thus a recorded response will be encoded with an old and therefore incorrect key.

    Also, there are “ReCaptcha busting” services that do exactly that: have Indians (or whatever cheap labor) sit around solving ReCaptchas. They cost a few cents per challenge.
  • 1
    That's ridiculous, whole point of captchas is to stop automated submissions.

    I realise that it's usually good to automatically test components like this, but a captcha is pretty much a textbook example of something you just have to push onto a manual / UAT process.
  • 0
    @AlmondSauce imagikne you have a page with a bunch of dialogs and business logic and you wnat to write something that tests everything and some of the rules for changing certain things is to present a captcha to the user to make sure its not a hack of something.

    then you'd need this is in the dev environment to write automation code. this would never make it to prod

    could also be used to test whether any chanegs to 3rd party libs aren't matching up in expected behaviors prior to prod rollout as well.
  • 0
    @Root great minds musing over creating a hypothetical espionage network / drug cartel think alike :P lol
  • 0
    @Root or honestly just getting shit tons of storage quickly and selling it cheap :P
  • 0
    @Root could you imagine carving out half a damn cloud network doing that ? just 1000s on 1000s of captchas for moving all sorts of encrypted shit around like days of video etc ? accessible to specific services that pretended to be a user for example. maybe you just encrypt the video data itself and then place it back in its container and upload it without loss to keep people from snooping :P
  • 0
    @Root you could spy on all kinds of criminals and generate fuck tons of blackmail and intelligence and sell this to the highest bidder looking to annihilate them :P
  • 0
    @Root or use it for more benign purposes. point is you'd go from a few GB's for free to TB's and PB's in no time flat ! unless google split the net and we don't know about it
  • 0
    @Root *cries* I want to talk about neat stuff with people who want to blow up al qaeda or do normal things like sponsor brothels with large numbers of high class escorts or entrap rich pedophiles and keep them in a torture cage where they sign checks all day :(* why does everyone fucking suck now ?
  • 0
    Testing captcha integration (including simulated network delays and fails) is a valid case. Testing the captcha implementation is really stupid (if you pick libs properly you never have to test the 3rd party implementation, they do it better than you)
  • 2
  • 3
    This is like the janitor solving an unsolvable problem but it’s malicious. The boss either wants to sell a program that hacks captchas or hates you. Task the best programmer with this seemingly menial task that is actually the crux of the darkweb hackware you are selling and they will bring you a solution out of spite.
  • 0
    @jeeper wouldn’t it be nice if they hadn’t fucked the only people who
    Kept things nice out of jobs and the like ?
Add Comment