Files
kulakpos_web/walkthroughs/2026-04-10_cb7addd1_Walkthrough__Login_Issue_Fix.md
eko54r 05fd3230b8
All checks were successful
Build, Push and Deploy / build-and-push (push) Successful in 5m14s
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 17s
Build, Push and Deploy / deploy-staging (push) Successful in 41s
Build, Push and Deploy / deploy-production (push) Has been skipped
update marketing
2026-05-14 11:55:22 +07:00

1.8 KiB

Walkthrough - Login Issue Fix

I have fixed the issue where users were unable to login after running php artisan serve. The root cause was that the AuthenticatedSessionController was always enforcing ReCaptcha validation, even when ENABLE_RECAPTCHA=false was set in the .env file.

Changes

1. Conditional ReCaptcha Validation

I modified AuthenticatedSessionController.php to:

  • Check the ENABLE_RECAPTCHA environment variable before performing any ReCaptcha-related logic.
  • Added a check for the success status returned by Google's ReCaptcha API (previously it was ignored).
  • Used env('RECAPTCHA_SECRET_KEY') with a fallback to allow configuring the secret through .env.
        if (env('ENABLE_RECAPTCHA', true)) {
            $token = $request->input('g-recaptcha-response');

            if (!$token) {
                return back()->with('error', 'Harap centang Captcha sebelum melanjutkan!')->withInput();
            }

            // ... (ReCaptcha API call)

            if (!isset($hasilGoogle['success']) || !$hasilGoogle['success']) {
                return back()->with('error', 'Captcha validasi gagal!')->withInput();
            }
        }

Verification Results

Logic Check

  • The login.blade.php file already had a conditional check for @if (env('ENABLE_RECAPTCHA', true)).
  • By adding the same check to the controller, the two are now synchronized.
  • Since .env has ENABLE_RECAPTCHA=false, the login process will now bypass ReCaptcha validation entirely, allowing users to login with just their email and password.

User Verification

  • Please attempt to login now. You should no longer be redirected back with a "Harap centang Captcha" error when ReCaptcha is disabled.