Turnstile dummy secret key giving success: false

What is the name of the domain?

localhost

What is the error message?

null

What is the issue you’re encountering

I’m using the 1x0000000000000000000000000000000AA secret key which is meant to always give success, but it always fails

What steps have you taken to resolve the issue?

using System.Text.Json;

namespace backend.Helpers
{
    public class CloudflareTurnstile
    {
        private readonly string _secret;
        private static readonly HttpClient _httpClient = new HttpClient();
        
        public CloudflareTurnstile(string secret)
        {
            _secret = secret;
            Console.WriteLine("CloudflareTurnstile created with secret: " + secret);
        }

        public async Task<bool> IsRequestValidAsync(string token, string remoteIp)
        {
            // Prepare the form data with the token, secret, and remote IP
            var formData = new MultipartFormDataContent
            {
                { new StringContent(_secret), "secret" },
                { new StringContent(token), "response" },
                { new StringContent(remoteIp), "remoteip" },
            };
            
            // Set the content type
            formData.Headers.Remove("Content-Type");
            formData.Headers.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded");

            Console.WriteLine("remoteIp: " + remoteIp);
            
            // Send the first verification request
            var url = "https://challenges.cloudflare.com/turnstile/v0/siteverify";
            var firstResponse = await _httpClient.PostAsync(url, formData);
            var firstOutcome = JsonSerializer.Deserialize<CloudflareResponse>(await firstResponse.Content.ReadAsStringAsync());
            
            // Print the json
            Console.WriteLine(firstResponse.StatusCode);
            Console.WriteLine(JsonSerializer.Serialize(firstOutcome));
            
            // Check if the first verification was successful
            if (firstOutcome?.Success == true)
            {
                return true;
            }

            return false;
        }
    }

    public class CloudflareResponse
    {
        public bool Success { get; set; }
        public string? Challenge_TS { get; set; } // Timestamp of the challenge
        public string? Hostname { get; set; }
        public string[]? Error_Codes { get; set; }
    }
}

CloudflareTurnstile created with secret: 1x0000000000000000000000000000000AA
remoteIp: ::1
OK
{“Success”:false,“Challenge_TS”:null,“Hostname”:null,“Error_Codes”:null}

I have tried entering ‘123’ and ‘XXXX.DUMMY.TOKEN.XXXX’ and ‘0.WoGeDojxQzHCCk023JRjfxv23olYh37jFdvPrcqmNeQ7PbSYIEuiBTK2SR_GdjfMitYEC23Gm7Vt93U1CPcI6aIFEhG-ffe1i9e6tIfIlYCFtb7OMxTB4tKCyTdpiaA.SP5YT77nuMNdOhZlvoBWAQ.da6448d22df7dd92f56a9fcf6d7138e5ee712bcf7d00c281f419b3bc091cbe64’

All give the same result

What are the steps to reproduce the issue?

Use my code with a sitekey of 1x0000000000000000000000000000000AA

Was simply parsing the response wrong, this worked for me

public class TurnstileResponse
{
    [JsonPropertyName("success")] public bool Success { get; set; }

    [JsonPropertyName("challenge_ts")] public DateTime? ChallengeTimestamp { get; set; }

    [JsonPropertyName("hostname")] public string Hostname { get; set; }

    [JsonPropertyName("error-codes")] public List<string> ErrorCodes { get; set; }

    [JsonPropertyName("action")] public string Action { get; set; }

    [JsonPropertyName("cdata")] public string CustomerData { get; set; }
}
1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.